Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, today announced the key findings of its latest Global Threat Landscape Report for Asia Pacific including Malaysia.
The top prevalent exploits detected in APAC as well as Malaysia for Q4 2017 are those targeting the Apache Struts and IP camera/DVR vulnerabilities. IP camera/DVR vulnerabilities are prevalent in Malaysia as these devices are widely available at low cost, but do not have sufficient security designed into them.
Based on key research findings by Fortinet, three of the top twenty cyberattacks identified targeted IoT devices. Furthermore, exploit activity quadrupled against devices like Wi-Fi cameras. Unlike previous attacks, which focused on exploiting a single vulnerability, new IoT botnets such as Reaper and Hajime can target multiple vulnerabilities simultaneously. This multi-vector approach is much harder to combat.
The research also revealed that attacks per firm increased over the previous quarter. In addition, automated and sophisticated swarm attacks are accelerating making it increasingly difficult for organizations to protect users, applications, and devices.
“The volume, sophistication, and variety of cyber threats continue to accelerate with the digital transformation of our global economy. Cybercriminals have become emboldened in their attack methods as they undergo a similar transformation, and their tools are now in the hands of many. The stark reality is that traditional security strategies and architectures simply are no longer sufficient for a digital-dependent organization,” said Malaysia-based Gavin Chow, network and security strategist at Fortinet. “There is incredible urgency to counter today’s attacks with a security transformation that mirrors digital transformation efforts. Yesterday’s solutions, working individually, are not adequate. Point products and static defenses must give way to integrated and automated solutions that operate at speed and scale.”
The sophistication of attacks targeting APAC organizations is accelerating at an unprecedented rate. Digital transformation isn’t just reshaping business, cybercriminals are leveraging the expanding attack surface it creates for new disruptive opportunities to attack. They are implementing newer swarm-like capabilities while simultaneously targeting multiple vulnerabilities, devices, and access points. The combination of rapid threat development combined with the increased propagation of new variants is increasingly difficult for many organizations to combat.
- Unprecedented Volume: An average of 274 exploit detections per firm were detected, which is a significant increase of 82% over the previous quarter. The number of malware families also increased by 25% and unique variants grew by 19%. The data not only indicates growth in volume, but also an evolution of the malware as well. In addition, encrypted traffic using HTTPS and SSL grew as a percentage of total network traffic to a high of nearly 60% on average. While encryption can certainly help protect data in motion as it moves between core, cloud, and endpoint environments, it also represents a real challenge for traditional security solutions. In APAC and Malaysia, new malware variants and ransomware droppers account for the top prevalent malware seen in Q4 2017.
- Cryptocurrency Mining on the Rise: Cryptomining malware increased globally and in APAC, which seems to be intertwined with the changing price of Bitcoin. Cybercriminals recognize the growth in digital currencies and are using a trick called cryptojacking to mine cryptocurrencies on computers using CPU resources in the background without a user knowing. Cryptojacking involves loading a script into a web browser, nothing is installed or stored on the computer.
- Sophisticated Industrial Malware: An uptick in exploit activity against industrial control systems (ICS) and safety instrumental systems (SIS) suggests these under-the-radar attacks might be climbing higher on attackers’ radar. An example is an attack codenamed Triton. It is sophisticated in nature and has the ability to cover its tracks by overwriting the malware itself with garbage data to thwart forensic analysis. Because these platforms affect vital critical infrastructures, they are enticing for threat actors. Successful attacks can cause significant damage with far-reaching impact.
- Attack Variety: Steganography is an attack that embeds malicious code in images. It is an attack vector that has not had much visibility over the past several years, but it appears to be on the resurgence. The Sundown exploit kit uses steganography to steal information, and while it has been around for some time, it was reported by more organizations than any other exploit kit. It was found dropping multiple ransomware variants.
The threat data in this quarter’s report reinforces many of the predictions unveiled by the Fortinet FortiGuard Labs global research team for 2018, which predicted the rise of self-learning hivenets and swarmbots on the horizon. Over the next couple of years, the attack surface will continue to expand while visibility and control over today’s infrastructures diminish. To address the problems of speed and scale by adversaries, organizations need to adopt strategies based on automation and integration. Security should operate at digital speeds by automating responses as well as applying intelligence and self-learning so that networks can make effective and autonomous decisions, Fortinet said.