Fortinet, a global leader in broad, integrated and automated cybersecurity solutions, announced the key findings of its latest Global Threat Landscape Report which included Malaysia. The research reveals cybercriminals are evolving their attack methods to increase their success rates and speed infections. While ransomware continues to impact organizations in destructive ways, there are indications that some cybercriminals now prefer hijacking systems and using them for cryptomining rather than holding them for ransom.
In Malaysia, exploits targeting known vulnerabilities in enterprise web systems running Apache Struts, Oracle WebLogic Server and older IIS 6.0 web servers were most prevalent in Q1 2018. This is followed closely by exploits targeting old vulnerabilities in IoT devices such as Linksys and D-Link home routers. JavaScript based cryptojacking malware and traditional windows executables based malware were also prevalent, along with malware leveraging on a known Microsoft Office exploit which is used to gain control of a victim’s system to perform other malicious activity.
“In Malaysia, attackers are actively looking for low-hanging fruit targeting known vulnerabilities. These known vulnerabilities already have fixes available and system owners who are not aware of these risks would continue to be exposed to these attacks,” said Gavin Chow, Fortinet’s network and security strategist.
“We are also facing a troubling convergence of trends across the cybersecurity landscape. Malicious cyber actors are demonstrating their efficiency and agility by exploiting the expanding digital attack surface, taking advantage of newly announced zero-day threats, and maximizing the accessibility of malware for bad intent.”
Implementing a security fabric which prioritizes speed, integration, advanced analytics, and risk-based decision making can enable comprehensive protection at machine speed and scale, explained Chow.
Key Highlights of the report:
Cybercrime Attack Methods Evolve to Ensure Success at Speed and Scale
Data indicates that cybercriminals are getting better and more sophisticated in their use of malware and leveraging newly announced zero-day vulnerabilities to attack at speed and scale. While the number of exploit detections per firm dropped by 13% in Q1 of 2018, the number of unique exploit detections grew by over 11%, while 73% of companies experienced a severe exploit.
- Spike in Cryptojacking: Malware is evolving and becoming more difficult to prevent and detect. The prevalence of cryptomining malware more than doubled from quarter to quarter from 13% to 28%. Cryptomining malware is also showing incredible diversity for such a relatively new threat.
- Targeted Attacks for Maximum Impact: The impact of destructive malware remains high, particularly as criminals combine it with designer attacks. For these types of more targeted attacks, criminals conduct significant reconnaissance on an organization before launching an attack, which helps them to increase success rates. The Olympic Destroyer malware and the more recent SamSam ransomware are examples where cybercriminals combined a designer attack with a destructive payload for maximum impact.
- Ransomware Continues to Disrupt: The growth in both the volume and sophistication of ransomware continues to be a significant security challenge for organizations. Ransomware continues to evolve, leveraging new delivery channels such as social engineering, and new techniques such as multi-stage attacks to evade detection and infect systems. GandCrab ransomware emerged in January with the distinction of being the first ransomware to require Dash cryptocurrency as a payment. BlackRuby and SamSam were two other ransomware variants that emerged as major threats during the first quarter of 2018.
- Multiple Attack Vectors: Although the side channel attacks dubbed Meltdown and Spectre dominated the news headlines during the quarter, some of the top attacks targeted mobile devices or known exploits on router, web or Internet technologies. 21% of organizations reported mobile malware, up 7%, demonstrating that IoT devices continue to be targeted.
- Cyber Hygiene – More Than Just Patching: Data showed that 58.5% of botnet infections are detected and cleaned up the same day. 17.6% of botnets persist for two days in a row and 7.3% last three days. About 5% persist for more than a week. As an example, the Andromeda botnet was taken down in Q4 2017 but data from Q1 found it showing prominently in both volume and prevalence.
- Attacks Against Operational Technology (OT): While OT attacks are a smaller percentage of the overall attack landscape, the trends are concerning. Currently, the vast majority of exploit activity is directed against the two most common industrial communication protocols because they are widely-deployed and therefore highly-targeted. Data shows that in Asia ICS exploit attempts appear to be somewhat more prevalent when comparing the prevalence of ICS exploit activity across other regions.
Fighting Evolving Cybercrime Requires Integrated Security
The threat data in this quarter’s report reinforces many of the prediction trends unveiled by the Fortinet FortiGuard Labs global research team for 2018 demonstrating that the best defense against intelligent and automated threats is an integrated, broad, and automated security fabric. A highly aware and proactive security defense system is needed to keep pace with the next generation of automated and AI-based attacks.
Report Methodology
The Fortinet Global Threat Landscape Report is a quarterly view that represents the collective intelligence of FortiGuard Labs drawn from Fortinet’s vast array of sensors during Q1 2018. Research data covers global, regional, industry sector, and organizational perspectives. It focuses on three central and complementary aspects of that landscape, namely application exploits, malicious software, and botnets. It also examines important zero-day vulnerabilities. To complement the report, Fortinet publishes a free, subscription-based Threat Intelligence Brief that reviews the top malware, virus, and web-based threats discovered every week, along with links to valuable FortiGuard Labs threat research.
For a detailed view of the findings and important takeaways for CISOs read the blog.