The political and economic intentions of cybercriminals

1 April 2020 Cyber Security

Fortinet announced the findings of the latest FortiGuard Labs’ Global Threat Landscape Report, which shows that cybercriminals continue to attempt to exploit any possible opportunity throughout the digital infrastructure, but that they are maximising global economic and political realities to further enable their goals.

Global trends demonstrate that the prevalence and detection of threats may differ by geography, but the sophistication and automation of attacks remain consistent everywhere. In addition, the need to prioritise cybersecurity hygiene remains urgent around the world as threats are scaling faster than ever before.

“In the cyber arms race, the criminal community has often had a distinct advantage due to the growing cyber skills gap, the expanding digital attack surface and by leveraging the element of surprise with tactics such as social engineering to take advantage of unsuspecting individuals.

“To get out ahead of the cycle of increasingly sophisticated and automated threats, organisations need to use the same sorts of technologies and strategies to defend their networks that criminals are using to attack them. That means adopting integrated platforms that leverage the power and resources of AI-driven threat intelligence and playbooks to enable protection and visibility across the digital infrastructure,” says Derek Manky, chief, Security Insights & Global Threat Alliances, FortiGuard Labs.

Highlights of the report:

1) A not so Charming Kitten: Research shows significant levels of activity across regions associated with Charming Kitten, an Iran-linked advanced persistent threat (APT) group in Q4 2019. Active since around 2014, the threat actor has been associated with numerous cyberespionage campaigns. Recent activity suggests that the threat actor has expanded into the election disruption business, having been linked to a series of attacks on targeted email accounts associated with a presidential election campaign.

2) Security risks for IoT devices magnify: IoT devices continue to be challenged with exploitable software and these threats can affect unexpected devices such as wireless IP cameras. This situation is magnified when components and software are embedded into different commercial devices sold under a variety of brand names, sometimes by different vendors. Many of these components and services are often programmed using bits and pieces of pre-written code from a variety of common sources. These common components and pre-written code are sometimes vulnerable to exploitation, which is why some of the same vulnerabilities crop up repeatedly across a wide range of devices. The scale combined with the inability to easily patch these devices is a growing challenge and spotlights the difficulties of supply chain security

3) Senior threats help junior threats: Amidst the constant pressure to keep ahead of new threats, organisations sometimes forget that older exploits and vulnerabilities really have no expiration date and threat actors will continue to use them as long as they work. A case in point is EternalBlue. The malware has been adapted over time to exploit common and major vulnerabilities. It has been used in numerous campaigns, including, most notably, the WannaCry and NotPetya ransomware attacks.

4) Trends demonstrate a new perspective on global spam trade: Spam continues to be one of the top issues for organisations and individuals to deal with. This quarter’s report combines the volume of spam flow between nations with data showing the ratios of spam sent vs. spam received, visually revealing a new perspective on an old problem. The majority of spam volume seems to follow economic and political trends.

5) Tracking the tracks of cybercriminals to see what is next: Looking at IPS triggers detected in a region not only shows what resources are being targeted, but may also indicate what cybercriminals might focus on in the future, either because enough of those attacks were ultimately successful, or simply because there is more of a certain type of technology deployed in some regions. But that’s not always the case.

Assuming that companies patch their software at about the same rate in each region, if a botnet was simply probing for vulnerable instances of ThinkPHP before deploying an exploit, the number of detected triggers should be much higher in APAC. However, only 6% more IPS triggers were detected in all of APAC than in North America from a recent exploit, indicating that these botnets are simply deploying the exploit to any ThinkPHP instance they find. In addition, when taking a similar look at malware detections, the majority of threats targeting organisations are Visual Basic for Applications (VBA) macros

The need for broad, integrated and automated security

As applications proliferate and the number of connected devices expands the perimeter, billions of new edges are being created that have to be managed and protected. In addition, organisations are facing increased sophistication of attacks targeting the expanding digital infrastructure, including some being driven by artificial intelligence and machine learning. To effectively secure their distributed networks, organisations have to shift from protecting just security perimeters to protecting the data spread across their new network edges, users, systems, devices and critical applications.

Only a cybersecurity platform designed to provide comprehensive visibility and protection across the entire attack surface – including devices, users, mobile endpoints, multi-cloud environments and SaaS infrastructures – is able to secure today’s rapidly evolving networks driven by digital innovation.

See the full report at https://www.fortinet.com/content/dam/maindam/PUBLIC/02_MARKETING/08_Report/Threat-Report-Q4-2019.pdf (or use the short link: www.securitysa.com/*fortinet1)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Work from home securely
Issue 5 2020 , Cyber Security
First Consulting provides enterprise-level IT security to working-from-home employees at more than 40 South African organisations.

Read more...
Agility, meticulous alignment and testing
Issue 5 2020 , Cyber Security
Data loss can put the nails in the coffin for unprepared businesses. Investing in cyber resilience is key to succeed in the age of digital transformation.

Read more...
Cybersecurity comment: A holistic approach to threat vulnerability
Issue 5 2020 , Cyber Security
Any organisation, whether large or small, public or private, should follow an established framework in order to protect itself against cyber threats.

Read more...
Email security in COVID-19 times
Issue 5 2020 , Cyber Security
MJ Strydom, MD of cybersecurity specialist company, DRS, takes a look at email security in the era of COVID-19 and beyond.

Read more...
June 2020’s most wanted malware
Issue 5 2020 , Cyber Security
Check Point Research finds sharp increase in attacks using the Phorpiex Botnet delivering new ‘Avaddon’ ransomware via malspam campaigns.

Read more...
60% in SA victim to public cloud cybersecurity incidents
Issue 5 2020 , Cyber Security
Ransomware and malware, exposed data, compromised accounts, and cryptojacking to blame; GDPR shows promise with Europeans suffering least.

Read more...
Vodacom Business enhances cyber resilience
Issue 5 2020 , Cyber Security
Partnership with Cloudflare will allow Vodacom Business to offer DDoS protection and traffic acceleration for all network infrastructure — whether on-premise, cloud-hosted, or in a hybrid environment.

Read more...
Tax season often equals tax scams
Issue 5 2020 , Cyber Security
While many of us cannot wait for our refunds, this is also a time of the year when cybercriminals are waiting to attack.

Read more...
Cybersecurity comment: Cyber threats remain relentless
Issue 5 2020, CA Southern Africa , Cyber Security
Over 80% of email-based threats in Q1 2020 leverage COVID-19 in some form to feign legitimacy to the end user.

Read more...
11 essential steps to reinforce cybersecurity
Issue 5 2020 , Cyber Security
Wayne Olsen has compiled a guideline to ensure that businesses and their employees are protected while working remotely.

Read more...