Cybersecurity firm Fortinet said that attacks per firm have increased over the previous quarter. And, now automated and sophisticated swarm attacks are accelerating, making it increasingly challenging for organizations to protect users, applications, and devices. In its newly released report, company said that digital transformation isn't just reshaping business, cybercriminals are leveraging the expanding attack surface it creates for new disruptive opportunities to attack. “They are implementing newer swarm-like capabilities while simultaneously targeting multiple vulnerabilities, devices, and access points,” said cyber firm Global Threat Landscape Report report.
“Cybercriminals have become emboldened in their attack methods as they undergo a similar transformation, and their tools are now in the hands of many. The stark reality is that traditional security strategies and architectures simply are no longer sufficient for a digital-dependent organization. There is incredible urgency to counter today's attacks with a security transformation that mirrors digital transformation efforts,” said Rajesh Maurya, Regional Vice President, India and SAARC, Fortinet.
Fortinet claimed that an average of 274 exploit per firm were detected, which is a significant increase of 82 per cent over the previous quarter. The number of malware families also increased by 25 per cent and unique variants grew by 19 per cent. In addition, encrypted traffic using HTTPS and SSL grew as a percentage of total network traffic to a high of nearly 60 per cent on average.
Report said that three of the top 20 attacks identified targeted IoT devices and exploit activity quadrupled against devices like Wi-Fi cameras. None of these detections were associated with a known or named CVE, which is one of the troubling aspects of vulnerable IoT devices. In addition, unlike previous attacks, which focused on exploiting a single vulnerability, new IoT botnets such as Reaper and Hajime can target multiple vulnerabilities simultaneously. “This multi-vector approach is much harder to combat,” said Fortinet.
According to Fortinet, in Asia Pacific, the top prevalent exploits detected exhibited a similar pattern. For example, exploits targeting the Apache Struts and IP camera/DVR vulnerabilities make up some of the top exploits detected in APAC for Q4 2017 as well. IP camera/DVR vulnerabilities in APAC are quite prevalent as these devices are popular, available at low cost, but do not have sufficient security designed into them.
On ransomware report said, several strains of ransomware topped the list of malware variants. Locky was the most widespread malware variant and GlobeImposter followed as the second. A new strain of Locky emerged, tricking recipients with spam before requesting a ransom. In addition, there was a shift on the darknet from only accepting Bitcoin for payment to other forms of digital currency such as Monero. In Asia Pacific, new malware variants and ransomware droppers account for the top prevalent malware seen in Q4 2017.
Cryptocurrency is not leaving behind, according to report, cryptomining malware increased globally and in APAC. “Cybercriminals recognize the growth in digital currencies and are using a trick called cryptojacking to mine cryptocurrencies on computers using CPU resources in the background without a user knowing. Cryptojacking involves loading a script into a web browser, nothing is installed or stored on the computer,” said Fortinet.
There is also uptick in exploit activity against industrial control systems (ICS) and safety instrumental systems (SIS) suggesting that these under-the-radar attacks might be climbing higher on attackers' radar, said report. An example is an attack codenamed Triton. It is sophisticated in nature and has the ability to cover its tracks by overwriting the malware itself with garbage data to thwart forensic analysis. Because these platforms affect vital critical infrastructures, they are enticing for threat actors. Successful attacks can cause significant damage with far-reaching impact.
Steganography attack is also on rise. It is an attack that embeds malicious code in images. It's an attack vector that has not had much visibility over the past several years, but it appears to be on the resurgence. The Sundown exploit kit uses steganography to steal information, and while it has been around for some time, it was reported by more organizations than any other exploit kit. It was found dropping multiple ransomware variants.