Posted by Bangalore: Cyber threat landscape witnessed unprecedented cyber adversaries with massive scale and expanding attack surface impacting organisations across the board. This is according to the threat intelligence findings of Fortinet’s latest semiannual FortiGuard Labs Global Threat Landscape report.
Threat intelligence from the second half of 2020 demonstrates an unprecedented cyber threat landscape. Cybercriminals or adversaries maximized the constantly expanding attack surface to scale threat efforts globally. They proved to be highly adaptable, creating waves of disruptive and sophisticated attacks ranging from remote workers to digital supply chains and core networks.
They targeted a huge remote workforce or learners outside the traditional network but also showed renewed agility in attempts to target digital supply chains and even the core network. Some of the findings from the FortiGuard Labs Global Threat Landscape report.
“2020 witnessed a dramatic cyber threat landscape from beginning to end. Although the pandemic played a central role, as the year progressed cyber adversaries evolved attacks with increasingly disruptive outcomes,” said Michael Joseph, Director System Engineering – India and SAARC, Fortinet.
“They maximised the expanded digital attack surface beyond the core network, to target remote work or learning, and the digital supply chain,” added Joseph.
Cybersecurity risk has never been greater as everything is interconnected in a larger digital environment, according to Joseph.
“Integrated and AI-driven platform approaches, powered by actionable threat intelligence, are vital to defend across all edges and to identify and remediate threats organisations face today in real-time,” he commented.
The Fortinet report has key insights on range of attacks including ransomware, supplychain and its targets like online users, home and small office network and more.
Ransomware: FortiGuard Labs data shows a sevenfold increase in overall ransomware activity compared to 1H 2020, with multiple trends responsible for the increasing inactivity. With the Ransomware-as-a-Service (RaaS), a focus on big ransoms for big targets and the threat of disclosing stolen data if demands were not met combined to create conditions for this massive growth.
In addition, with varying degrees of prevalence, the most active of the ransomware strains tracked were Egregor, Ryuk, Conti, Thanos, Ragnar, WastedLocker, Phobos/EKING and BazarLoader. Healthcare, professional services firms, consumer services companies, public sector organisations and financial services firms were heavily ransomware attacks targeted.
Supply Chain: Supply chain attacks have been around for a while, but the SolarWinds breach has put it on the centre stage for discussions. As the attack unfolded, a significant amount of information was shared by affected organisations.
Detections of communications with internet infrastructure associated with SUNBURST during December 2020 demonstrates that the campaign was truly global in nature, with the “Five Eyes” exhibiting particularly high rates of traffic matching malicious IoCs.
Online presence of users: Examining the most prevalent malware categories reveals the most popular techniques cybercriminals use to establish a foothold within organisations. The top attack target was Microsoft platforms, leveraging the documents most people use and consume during a typical workday.
Web browsers continued to be another battlefront. This HTML category included malware-laden phishing sites and scripts that inject code or redirect users to malicious sites. These types of threats inevitably rise during times of global issues or periods of heavy online commerce.
Home branch office: The barriers between home and office eroded significantly in 2020, meaning that targeting the home puts cybercriminals one step closer to the corporate network.
In the second half of 2020, exploits targeting Internet of Things (IoT) devices, such as those existing in many homes, were at the top of the list. Each IoT device introduces a new network “edge” that needs to be defended and requires security monitoring and enforcement at every device.
Threat actor groups: Advanced Persistent Threat (APT) groups continue to exploit the COVID-19 pandemic in a variety of ways. The most common among them included attacks focused on gathering personal information in bulk, stealing intellectual property, and nabbing intelligence aligned with the APT group’s national priorities.
By 2020 end, there was a surge in APT activity targeting organisations, involved in COVID-19-related work including vaccine research and development of domestic or international healthcare policies around the pandemic. Targeted organisations included government agencies, pharmaceutical firms, universities, and medical research firms.
Vulnerability exploits: Patching and remediation are ongoing priorities for organisations as cyber adversaries continue to attempt to exploit vulnerabilities for their benefit. By tracking the progression of 1,500 exploits in the wild over the last two years, data indicates how fast and how far exploits propagate.
Even though it is not always the case, it seems that most exploits do not seem to spread far very fast. Among all exploits tracked over the last two years, only 5% were detected by more than 10% of organisations.
With all things being equal, if a vulnerability is picked at random, data shows there is about a 1-in-1,000 chance that an organisation will be attacked. About 6% of exploits hit more than 1% of firms within the first month, and even after one year, 91% of exploits have not crossed that 1% threshold.
Regardless, it remains prudent to focus remediation efforts on vulnerabilities with known exploits and among those, prioritize the ones propagating most quickly in the wild.
The use of artificial intelligence (AI) and automated cyber threat detection can enable organisations to address attacks immediately, not later, and are necessary to mitigate attacks at speed and scale across all edges.
Cybersecurity user awareness training should also remain a priority as cyber hygiene is not just the domain of IT and security teams. Everyone needs regular training and instruction on best practices to keep individual employees and the organisation secure.