Endpoint

3/23/2018
10:30 AM
Derek Manky
Derek Manky
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Looking Back to Look Ahead: Cyber Threat Trends to Watch

Data from the fourth quarter of last year shows the state of application exploits, malicious software, and botnets.

Organizations today face an unprecedented volume of increasingly sophisticated threats as they conduct online operations. As the potential attack surface expands and attack volumes increase, it is imperative to track the most popular and successful strategies of cybercriminals to stay ahead of their malicious intentions.

The quarterly Fortinet Global Threat Landscape Report gathers the collective intelligence drawn from FortiGuard Labs' large array of sensors deployed in live production environments. The research data in the most recent report focuses on three aspects of the threat landscape: application exploits, malicious software, and botnets. It also examines important zero-day vulnerabilities and infrastructure trends to add context about the trajectory of cyberattacks affecting organizations over time.

What the Data Reveals
Below are the key findings from the latest "Threat Landscape Report" that organizations need to know about in order to prepare for what's ahead.

Application exploits, malicious software, and botnets:

  • Historic Volume: The number of malware families detected in the fourth quarter of 2017 increased by 25% over the third quarter, to 3,317, and unique variants grew 19%, to 17,671. An average of 274 attacks per firm were also detected, a staggering increase of 82% over the previous quarter.
  • Mining for Cryptocurrency: Cryptomining malware increased in the fourth quarter, which seems to be intertwined with the changing price of bitcoin. Cybercriminals recognize the growth in digital currencies and are using a trick called cryptojacking to mine cryptocurrencies on computers using CPU resources in the background without a user knowing. Cryptojacking involves loading a script into a web browser; nothing is installed or stored on the computer.
  • Everything Old Is New Again: Steganography is an attack that embeds malicious code in images. The Sundown exploit kit uses steganography to steal information, and while it has been around for some time, it was reported by more organizations than any other exploit kit in the fourth quarter. It was found dropping multiple ransomware variants.
  • A Ransomware Explosion: Ransomware continues to grow in both volume and sophistication. Several strains of ransomware topped the list of malware variants. Locky was the most prevalent malware variant, and GlobeImposter was second. A new strain of Locky emerged, tricking recipients with spam before requesting a ransom. In addition, there was a shift on the darknet from only accepting bitcoin for payment to other forms of digital currency.
  • Swarm-Based Cyberattacks: The sophistication of attacks targeting organizations is accelerating at an unprecedented rate. For example, they are developing new Internet of Things (IoT)-based botnets with swarm-like capabilities that simultaneously target multiple vulnerabilities, devices, and access points.
  • An Increase in IoT Attacks: Three of the top 20 attacks identified in the quarter targeted IoT devices. New IoT botnets such as Reaper and Hajime target multiple vulnerabilities simultaneously. This multivector approach is much harder to combat. In addition, Reaper's new flexible framework, built around a Lua engine and scripts, means that Reaper's code can be easily updated to swarm faster by running new and more malicious attacks as they become available. Exploit volumes associated with Reaper exhibited an early October jump from 50,000 to 2.7 million over just a few days, before dropping back to normal.
  • Sophisticated Industrial Malware: An uptick in exploit activity against industrial control systems and safety instrumental systems suggests these under-the-radar attacks might be climbing higher on attackers’ radar. An example is an attack code-named Triton. It is sophisticated in nature and has the ability to cover its tracks by overwriting the malware itself with garbage data to thwart forensic analysis. Because these platforms affect vital critical infrastructures, they are enticing for threat actors. Successful attacks can cause significant damage with far-reaching impact.

Infrastructure trends:
When it comes to the cyber threat landscape, infrastructure statistics offer a powerful overview because strong correlations exist between infrastructure usage and threat frequency. For example, firms that use a lot of peer-to-peer and proxy apps report seven to nine times as many botnets and malware as those that don't use them.

In the fourth quarter of 2017, firms also appear to have used more bandwidth and encrypted more web traffic than ever before, but they are actually visiting fewer sites and using fewer applications. There is also a special interest in keeping tabs on the ratio of HTTPS traffic in the network. It's continuing to trend up.

While helpful for maintaining privacy, higher encryption rates also present challenges to threat monitoring and detection. Inspecting Secure Sockets Layer traffic has a significant impact on the performance of firewalls, which means it can affect the amount of network traffic that is actually being inspected. And organizations — especially those with higher HTTPS ratios — cannot afford to ignore threats that might be lurking within encrypted communications.

Best Practices for Stronger Security
With the volume, velocity, and variety of modern threats increasing, standalone point devices and platforms are rapidly becoming inadequate and ineffective. Organizations need a more unified approach that makes it practical for security teams, large or small, to achieve and maintain a competent security posture.

To protect the network against application exploits, malicious software, botnets, and zero-day vulnerabilities, organizations need to stay abreast of and track popular and successful threats. In addition, automated security measures can help pit swarm against swarm in order to effectively counter and repel an attack.

A unified defense posture can also help companies by detecting known and unknown threats at multiple layers throughout the environment. Growing your capability to detect and sever botnet communications at key choke points in your network is another solid strategy. Additionally, an internal network segmentation strategy will help detect and automatically contain all kinds of threats.

Looking back at data from 2017 reveals that to effectively combat today's ever-evolving threats, you need to break down siloes and bring many security tools together for a collaborative approach that can help you see everything that's coming at your network.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the security track here. Early Bird Rates Expire Friday March 23. Use Promo Code DR200 & save $200 .

Derek Manky formulates security strategy with more than 15 years of cyber security experience behind him. His ultimate goal to make a positive impact in the global war on cybercrime. Manky provides thought leadership to industry, and has presented research and strategy ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AppySpot
100%
0%
AppySpot,
User Rank: Strategist
3/26/2018 | 3:03:46 PM
Thanks for such an amazing post
Derek, thanks for a post full of information. 
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark Reading,  4/19/2018
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Sara Peters, Senior Editor at Dark Reading,  4/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.