Fortinet a global leader in broad, integrated, and automated cybersecurity solutions has released the findings of its latest quarterly “Global Threat Landscape Report”. The research reveals threats are rising and evolving to become more complex. Unique threat variants and families are on the rise, while botnet infections continue to infect organisations.
Highlights of the report:
- Threat development continues to be a top focus for cybercriminals
Cybercriminals are not only expanding their attack arsenal but also developing new strategies for breaching defenses. Unique malware variants grew 43 percent, while the number of malware families grew by nearly 32 percent. The number of unique daily malware detections per firm also rose 62 percent. In line with these trends, unique exploits increased nearly 10 percent and the number of exploit detections per firm rose 37 percent. Cybercriminals continue to evolve threats by creating unique malware variants and families, demonstrating the ongoing importance of threat intelligence and assessment tools.
- Mobile devices remain a target
Over one-quarter of organisations experienced a mobile malware attack, with the majority being on the Android operating system. In fact, of the threats organisations faced from all attack vectors, 14 percent of total malware alerts were Android related. By comparison, only .000311 percent of threats were targeted at Apple iOS.Mobile threats are a looming threat that must be addressed, especially as the mobile-shopping holiday season nears. These threats can become a gateway for corporate networks to be exploited. Criminals know mobile is an accessible target for infiltrating a network, and they are exploiting it.
- Cryptojacking is a gateway to other attacks
Cryptojacking remains prevalent and continues to grow in scope. The number of platforms affected by cryptojacking jumped 38 percent and the number of unique signatures nearly doubled in the past year. These include new sophisticated platforms for advanced attackers as well as “as-a-service” platforms for novice criminals. IoT botnets are also increasingly leveraging cryptojacking exploits for their attack strategy. Although it is often considered to be a nuisance threat that simply hijacks unused CPU cycles, security leaders are realising how cryptojacking can become a gateway for additional attacks. Underestimating the repercussions of cryptojacking places an organisation under heightened risk.
- Percentage of malicious network traffic is higher on weekends or holidays
Data shows malicious network traffic represents a higher percentage of overall traffic on weekends and holidays as business traffic slows down significantly since many employees are not working during this time. For many organisations this may be an opportune time to sweep for malware because as the “haystack” of traffic becomes smaller, the chance of finding malicious “needles” is much greater. With cybercriminals using more automated and sophisticated techniques, any opportunity to increase visibility can be an advantage.
- Burstiness of botnets
The botnet index rose only 2 percent, though the number of infection days per firm increased 34 percent from 7.6 days to 10.2 days. This may be an indication that botnets are becoming more sophisticated, difficult to detect, or harder to remove. It may also denote a failure to practice good cyber hygiene in general by some organisations. The importance of consistent security hygiene remains vital to thoroughly addressing the total scope of these attacks. Sometimes botnets can go dormant, only to return after normal business operations have resumed, if the root cause or “patient zero” is not determined.
- Encrypted traffic reaches a new threshold
Encrypted traffic reached a new high, comprising 72 percent of all network traffic, up from 55 percent just one year ago. While encryption can certainly help protect data in motion as it moves between core, cloud, and endpoint environments, it also represents a challenge for traditional security solutions. The critical firewall and IPS performance limitations of some legacy security solutions continue to limit the ability of organisations to inspect encrypted data at business speeds. As a result, a growing percentage of this traffic is increasingly not analysed for malicious activity, making it an ideal mechanism for criminals to spread malware or exfiltrate data.
“Cyberthreats are growing rapidly and every organisation is feeling the impact, with daily detections and exploits increasing. Previously, ransomware was the talk of the day, and now cryptojacking, mobile malware, and attacks against business-critical supply chains are proliferating. As our cyber adversaries continue to incorporate new threats and leverage increasingly automated techniques at speed and scale for their malicious activities, segmentation and integration have become critical security strategies for IT and OT environments today,” said Michael Joseph, Director System Engineering, India & SAARC at Fortinet.