Press Releases
 
Cyber Adversaries Flock to Apps Where the Users Are and When Users Are Online

Fortinet Threat Landscape Report Reveals Nearly 60% of Threats Shared at Least One Domain, Indicating the Majority of Botnets Leverage Established Infrastructure

Hong Kong, 10 June 2019 -- Phil Quade, Chief Information Security Officer, Fortinet
“We, unfortunately, continue to see the cybercriminal community mirror the strategies and methodologies of nation-state actors, and the evolving devices and networks they are targeting. Organizations need to rethink their strategy to better future proof and manage cyber risks. An important first step involves treating cybersecurity more like a science – doing the fundamentals really well – which requires leveraging the cyberspace fundamentals of speed and connectivity for defense. Embracing a fabric approach to security, micro and macro segmentation, and leveraging machine learning and automation as the building blocks of AI, can provide tremendous opportunity to force our adversaries back to square one.”

News Summary:
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated, and automated cybersecurity solutions, today announced the findings of its latest quarterly Global Threat Landscape Report. The research reveals that cybercriminals continue to evolve the sophistication of their attack methods, from tailored ransomware and custom coding for some attacks, to living-off-the-land (LoTL) or sharing infrastructure to maximize their opportunities. For a detailed view of the Threat Landscape Index and subindices for exploits, malware, and botnets, as well as some important takeaways for CISOs read the blog. Highlights of the report follow:

Pre- and Post-Compromise Traffic: Research to see if threat actors carry out phases of their attacks on different days of the week demonstrates that cybercriminals are always looking to maximize opportunity to their benefit. When comparing Web filtering volume for two cyber kill chain phases during weekdays and weekends, pre-compromise activity is roughly three times more likely to occur during the work week, while post-compromise traffic shows less differentiation in that regard. This is primarily because exploitation activity often requires someone to take an action such as clicking on a phishing email. In contrast, command-and-control (C2) activity does not have this requirement and can occur anytime. Cybercriminals understand this and will work to maximize opportunity during the week when Internet activity is the most prevalent. Differentiating between weekday and weekend Web filtering practices is important to fully understand the kill chain of various attacks.

Majority of Threats Share Infrastructure: The degree to which different threats share infrastructure shows some valuable trends. Some threats leverage community-use infrastructure to a greater degree than unique or dedicated infrastructure. Nearly 60% of threats shared at least one domain indicating the majority of botnets leverage established infrastructure. IcedID is an example of this “why buy or build when you can borrow” behavior. In addition, when threats share infrastructure they tend to do so within the same stage in the kill chain. It is unusual for a threat to leverage a domain for exploitation and then later leverage it for C2 traffic. This suggests infrastructure plays a particular role or function when used for malicious campaigns. Understanding what threats share infrastructure and at what points of the attack chain enables organizations to predict potential evolutionary points for malware or botnets in the future.

Content Management Needs Constant Management: Adversaries tend to move from one opportunity to the next in clusters, targeting successfully exploited vulnerabilities and technologies that are on the upswing, to quickly maximize opportunity. An example of new technologies getting a lot of attention from cybercriminals recently are Web platforms that make it easier for consumers and businesses to build Web presences. They continue to be targeted, even associated third party plugins. This reinforces the fact that it is critical that patches be applied immediately and to fully understand the constantly evolving world of exploits to stay ahead of the curve.

Ransomware Far From Gone: In general, previous high rates of ransomware have been replaced with more targeted attacks, but ransomware is far from gone. Instead, multiple attacks demonstrate it is being customized for high-value targets and to give the attacker privileged access to the network. LockerGoga is an example of a targeted ransomware conducted in a multi-stage attack. There is little about LockerGoga that sets it apart from other ransomware in terms of functional sophistication, but while most ransomware tools use some level of obfuscation to avoid detection, there was little of it used when analyzed. This suggests the targeted nature of the attack and a predetermination that the malware would not be easily detected. In addition, like most other ransomware, the main goal of Anatova is to encrypt as many files as possible on the victim system, except that it systematically avoids encrypting anything that can impact the stability of the system it is infecting. It also avoids infecting computers that look like they are being used for malware analysis or as honeypots. Both of these ransomware variants demonstrate that security leaders need to remain focused on patching and backups against commodity ransomware, but targeted threats require more tailored defenses to protect against their unique attack methods.

Tools and Tricks for Living Off the Land: Because threat actors operate using the same business models as their victims, to maximize their efforts, attack methods often continue to develop even after gaining an initial entry. To accomplish this, threat actors increasingly leverage dual-use tools or tools that are already pre-installed on targeted systems to carry out cyberattacks. This “living off the land” (LoTL) tactic allows hackers to hide their activities in legitimate processes and makes it harder for defenders to detect them. These tools also make attack attribution much harder. Unfortunately, adversaries can use a wide range of legitimate tools to accomplish their goals and hide in plain sight. Smart defenders will need to limit access to sanctioned administrative tools and log use in their environments.

The Need for Dynamic and Proactive Threat Intelligence
Improving an organization’s ability to not only properly defend against current threat trends, but also prepare for the evolution and automation of attacks over time requires threat intelligence that is dynamic, proactive, and available throughout the distributed network. This knowledge can help identify trends showing the evolution of attack methods targeting the digital attack surface and to pinpoint cyber hygiene priorities based on where bad actors are focusing their efforts. The value and ability to take action on threat intelligence is severely diminished if it cannot be actionable in real time across each security device. Only a security fabric that is broad, integrated, and automated can provide protection for the entire networked environment, from IoT to the edge, network core and to multi-clouds at speed and scale.

Report and Index Overview
The latest Fortinet Threat Landscape Report is a quarterly view that represents the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of global sensors during Q1 2019. Research data covers global and regional perspectives. Also included in the report is the Fortinet Threat Landscape Index (TLI), comprised of individual indices for three central and complementary aspects of that landscape which are exploits, malware, and botnets, showing prevalence and volume in a given quarter.

Additional Resources
• Read our blog for more information about this research or to access the full threat report.
• View the Fortinet Threat Landscape Index and subindices for botnets, malware, and exploits for Q1, 2019.
• For a more detailed view into the changing threats and events driving the Fortinet Threat Landscape Index each week, check out our Weekly Threat Briefs.
• Learn more about FortiGuard Labs and the FortiGuard Security Services portfolio.
• Learn more about the FortiGuard Security Rating Service, which provides security audits and best practices.
• Find out how Fortinet’s Security Fabric delivers broad, integrated, and automated protection across an organization’s entire digital attack surface from IoT to the edge, network core and to multi-clouds.
• Read more about Fortinet’s Network Security Expert program , Network Security Academy program, and the FortiVets program.
• Follow Fortinet on Twitter, LinkedIn, Facebook, YouTube, and Instagram.

# # #


About :
About Fortinet
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 400,000 customers trust Fortinet to protect their businesses. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.

Submitted by CLIENT, FH on Monday, 10 June 2019 at 12:28 PM
Category: Enterprise Technology
 
Related News

Middle East and Africa Cybersecurity Market Outlook 2018-2023
Friday, 14 Jun 2019

Leading Successful Enterprise Outcomes - Solutions Schedule .NET version 8.0
Friday, 14 Jun 2019

Technology Industry Confronts Reputational Challenges from Techlash
Thursday, 13 Jun 2019

JumpStart, Subsidiary of NetDragon, Partners with Smithsonian for Interactive AR Game
Wednesday, 12 Jun 2019

Blockpass and Beam Collaborate on Research to Provide User-Centric Solutions that put Privacy First
Tuesday, 11 Jun 2019

Related Events

Security Week 2019
Monday, 17 Jun 2019

Palo Alto Networks: Security Simplified - Enterprise Security Series
Tuesday, 18 Jun 2019

Palo Alto Networks: Speed of Cloud
Wednesday, 19 Jun 2019

Palo Alto Networks: AMPLIFY THE IMPACT OF EVERY SECURITY ANALYST
Wednesday, 19 Jun 2019

Palo Alto Networks: The Most Advanced Protection for the Cloud
Wednesday, 19 Jun 2019

Latest News

Fashion Jewelry - Customized Jewelry Just For You
Monday, 17 Jun 2019

Floryday Sheds more Light on Coupons and Points
Monday, 17 Jun 2019

Factors To Consider While Buying Property In Cyprus
Monday, 17 Jun 2019

Body Detox 101 Launches Its New Website To Talk About Latest Healthy Lifestyles Under One Umbrella
Sunday, 16 Jun 2019

Kitchen Design - 5 Key Actions to Accomplishment
Sunday, 16 Jun 2019

 
Want to get your press releases, event listings, and job ads on Scoopasia? Register now for a FREE account or login if you already have one!
Scoopasia v1.0b. Copyright © 2019
Today is Monday, 17 June 2019

About Scoopasia | FAQ | Privacy Policy | Contact Us

Press Releases
Event Listings
Job Listings
Arts & Entertainment
Architecture & Construction
Automotive & Travel
Business
Consumer Technology
Economy
Education
Enterprise Technology
Food & Fashion
Government & Policy
Health Care & Medical
Legal/Law
News & Media
Religion
Science & Research
Sports & Fitness
Login / Register
Get Scoopasia through RSS Feeds & Email Notifications!


Journalist's Toolbox
Hello journalist, welcome to Scoopasia--a powerful online resource for media information in Asia. Scoopasia has press releases and media events for every beat and industry. All content on Scoopasia is 100% FREE. You don't even need to login!

  • Scoop Line
    (Instant Information Request)
    The easiest way to ask questions and request information from the PR community.


  • Advanced Search
    Drill down, dig deep, for media information the way you want it.

  • Journalist's Resources
    Resources and tools you can't do without.

  • PR Tools
    Scoopasia Blog Search
    Search the largest handpicked collection of Asia's most prominent and influential blogs.


    Resources
  • PR Bookmarks
  • Web 2.0 Bookmarks
  • Media Bookmarks

    More Coming Soon...

  • Upcoming Events
  • Children’s Festival 2019 by Gardens by the Bay
  • ISPP 2019 - 12th International Symposium on Pedriatic Pain
  • The Perl Conference, Pittsburgh 2019
  • Predictive Analytics World for Business - Las Vegas - June, 2019
  • Deep Learning World Las Vegas 2019

  • Latest Jobs
    Sorry, there are currently no entries posted here.