An average of 274 exploits detections were recorded per company in the last quarter of 2017, 82% more than in the previous quarter, according to the latest global threat report from Fortinet.
The report coincides with the publication of the results of a Big Brother Watch investigation that found that UK councils face an average of 19.5 million cyber attacks per year, which equals 37 per minute.
The Fortinet report shows that the number of malware families also increased by 25% and the unique variants grew by 19%, which indicates not only a growth in volume, but also an evolution of malware.
In addition, automated and sophisticated "swarm attacks" are accelerating, according to the report, which makes it increasingly difficult for organizations to protect users, applications and devices.
As companies become more digital, the report warned that cybercriminals are taking advantage of the expansion of the attack surface to carry out new disruptive attacks, including similar attacks to swarms that point to multiple vulnerabilities, devices and access points simultaneously. .
The combination of rapid threat development and the further spread of new variants is increasingly difficult to counter for many organizations, according to the report.
The researchers found that encrypted traffic using HTTPS and SSL grew to 60% of the network's total traffic, but the report noted that although encryption can help protect data on the move as it moves between central environments, cloud and endpoint, also represents a real challenge for traditional security technology that has no way of filtering encrypted traffic.
Three of the 20 major attacks identified in the quarter pointed to Internet of Things (IoT) devices and exploited quadrupled activity against devices such as Wi-Fi cameras. None of these detections was associated with a known or named vulnerability, which according to the report is one of the worrying aspects of vulnerable IoT devices.
Unlike the previous attacks related to IoT, which focused on exploiting a single vulnerability, the report said that new IoT botnets such as Reaper and Hajime can attack multiple vulnerabilities simultaneously, which is much harder to combat.
Reaper's flexible framework means that, instead of static and preprogrammed attacks from previous IoT exploits, the Reaper code is easily updated to swarm faster by running new and more malicious attacks as they become available. Demonstrating its swarming capabilities, the exploitation volume associated with Reaper exhibited a jump from 50,000 to 2.7 million in a few days, before returning to normal.
The data shows that the ransomware still prevails, with several strains topping the list of malware variants. Locky was the most widespread malware variant and GlobeImposter was the second. A new variety of Locky emerged, tricking recipients with spam before requesting a ransom. In addition, there was a change in the dark network by accepting only bitcoins for payment to other forms of digital currency, such as monero.
Malware for cryptocurrency mining increased in the quarter as cyber criminals recognized the growth in digital currencies and are using a trick called cryptojacking to extract cryptocurrencies on computers that use CPU resources in the background without the user knowing. Criptocking involves loading a script into a web browser; nothing is installed or stored in the computer.
The report highlighted an increase in sophisticated industrial malware, with data showing an increase in operating activity against industrial control systems (ICS) and instrumental safety systems (SIS). This suggests that these attacks below the radar could be climbing more on the radar of the attackers, the report said, citing an attack nicknamed Triton, which has the ability to cover its tracks by overwriting the malware itself with junk data to thwart the scan. forensic.
Because these platforms affect vital critical infrastructures, they are attractive to the threat actors, the report said, adding that successful attacks can cause significant damage with far-reaching impact.
The report also noted that steganography, which incorporates malicious code in the images, also seems to resurface. According to the report, the Sundown exploitation kit uses steganography to steal information and, although it has been appearing for some time, it has been informed by more organizations than any other exploit kit, and it has been discovered that it has eliminated several variants of ransomware.
Phil Quade, director of information security at Fortinet, said the volume, sophistication and variety of cyber threats continue to accelerate with the digital transformation of the global economy.
"Cybercriminals have become emboldened in their attack methods as they undergo a similar transformation, and their tools are now in the hands of many," he said.
The stark reality, said Quade, is that traditional security strategies and architectures are simply not enough for an organization dependent on digital technology. "There is an incredible urgency to counteract today's attacks with a security transformation that reflects digital transformation efforts," he said.
"Yesterday's solutions, working individually, are not adequate, punctual products and static defenses must give way to integrated and automated solutions that operate at great speed and scale."
The threat data in the quarter report reinforces many of the predictions made by Fortinet FortiGuard Labs' global research team for 2018, which forecasts the rise of self-learning hives and swarms.
The report predicted that the attack surface will continue to expand, while visibility and control over current infrastructures will decrease. To address the problems of speed and scale of adversaries, the report says that organizations need to adopt strategies based on automation and integration.
"Security should operate at digital speeds through the automation of responses and the application of intelligence and self-learning so that networks can make effective and autonomous decisions," the report said.
Based on the findings of the report, Fortinet recommends that organizations:
- Manage vulnerabilities prioritizing the application of software patches based on the volume of malware and implementing advanced protection against threats, such as sandboxing, to detect and respond to unknown threats before they can affect the network.
- Be better prepared by prioritizing cybersecurity awareness programs, including educating users on how to recognize social engineering attacks.
- Modernize your defense capabilities to deal with attacks targeting multiple vulnerabilities and devices simultaneously through multiple access points by implementing integrated, collaborative and automated security technologies.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.