Fortinet, the global leader in high-performance cybersecurity solutions, announced the findings of its latest Global Threat Landscape Report.
The research reveals that high botnet reoccurrence rates and an increase of automated malware demonstrate that cybercriminals are leveraging common exploits combined with automated attack methods at unprecedented speed and scale.
Highly automated attacks and swarm technology becoming norm
Keeping up with swarm attacks, botnet reoccurrences or the latest ransomware attack is daunting for the most strategic or staffed security team. If caught off guard, any organisation can fall victim to the enormous amount of attacks at play today.
To facilitate learning from what is happening in the wild, the intelligence included in the latest report offers views of the cyber threat landscape from many perspectives. It focuses on three central and complementary aspects of that landscape, namely application exploits, malicious software and botnets.
It also examines important zero-day vulnerabilities and infrastructure trends of the corresponding attack surface to add context about the trajectory of cyberattacks affecting organisations over time.
nSeverity of attacks creates urgency: Seventy nine percent of firms saw severe attacks in 3Q 2017. Research data overall during the quarter quantified 5,973 unique exploit detections, 14,904 unique malware variants from 2,646 different malware families and 245 unique botnets detected. In addition, Fortinet identified 185 zero-day vulnerabilities to date this year.
nBotnet reoccurrence: Many organisations experienced the same botnet infections multiple times. This is an alarming data point. Either the organisations did not thoroughly understand the total scope of the breach and the botnet went dormant only to return again after business operations went back to normal or the root cause was never found and the organisation was reinfected with the same malware.
The exact application exploit used by attackers to breach Equifax was the most prevalent with 6,000+ unique detections recorded last quarter and it is once again the most prevalent this quarter. In fact, three exploits against the Apache Struts framework made the top 10 list of most prevalent. This is an example of how attackers swarm when they catch scent of widespread, vulnerable targets.
Fight automated attacks with actionable intelligence and automated security
The findings this quarter reinforce many of the predictions unveiled recently by the Fortinet FortiGuard Labs global research team for 2018. Both the trends and the threat data potentially foreshadow a wave of new types of attacks coming in the near future. The cybercrime community is already adept at leveraging advances in automation to create attacks exploiting vulnerabilities with increasingly malicious payloads capable of spreading at speed and scale.
Only a security framework that utilizes advanced threat intelligence sharing and an open architecture to tie security and networking components into a single, automated and proactive defence and response system can protect for the future. The ever-evolving attack surface requires the flexibility to quickly implement the latest security strategies and solutions with the ability to seamlessly add advanced techniques and technologies as they emerge, without throwing out the existing infrastructure.
As the volume, velocity and automation of attacks increase, it becomes important to align patching prioritization to what is happening in the wild to focus better on the most critical. In addition, organisations need to ensure that a strategic threat detection and incident-response strategy is in place that complements technology and intelligence to speed up the process.
The Fortinet Global Threat Landscape report is a quarterly view that represents the collective intelligence of FortiGuard Labs drawn from Fortinet’s vast array of sensors during 3Q 2017. Research data covers global, regional, industry sector and organisational perspectives.
Add commentComments will be edited (grammar, spelling and slang) and authorized at the discretion of Daily Mirror online. The website also has the right not to publish selected comments.