Cybercriminals continue to attempt to exploit any possible opportunity throughout the digital infrastructure, and in fact, they are maximizing global economic and political realities to further enable their goals, the latest FortiGuard Labs Global Threat Landscape Report has said.
The study also said that IoT devices continue to be challenged with exploitable software and these threats can affect unexpected devices such as wireless IP cameras. This situation is magnified when components and software are embedded into different commercial devices sold under a variety of brand names, sometimes by different vendors. Many of these components and services are often programmed using bits and pieces of pre-written code from a variety of common sources.
Derek Manky, Chief, Security Insights & Global Threat Alliances, FortiGuard Labs, said: “In the cyber arms race, the criminal community has often had a distinct advantage due to the growing cyberskills gap, the expanding digital attack surface, and by leveraging the element of surprise with tactics such as social engineering to take advantage of unsuspecting individuals. To get out ahead of the cycle of increasingly sophisticated and automated threats, organizations need to use the same sorts of technologies and strategies to defend their networks that criminals are using to attack them. That means adopting integrated platforms that leverage the power and resources of AI-driven threat intelligence and playbooks to enable protection and visibility across the digital infrastructure.”
Spam continues to be a threat
According to the research, spam continues to be one of the top issues for organizations and individuals to deal with. This quarter’s report combines the volume of spam flow between nations with data showing the ratios of spam sent vs. spam received, visually revealing a new perspective on an old problem. The majority of spam volume seems to follow economic and political trends. For example, the heaviest “spam trade partners” of the United States include Poland, Russia, Germany, Japan, and Brazil. In addition, in terms of exported spam volumes from geographic regions, Eastern Europe is the largest net producer of spam in the world. Most of the outbound-heavy spammers beyond that hail from Asian sub-regions. The remaining European sub-regions lead those with net negative spam ratios, receiving more than they send, followed by the Americas and Africa.
IPS triggers need more attention
Looking at IPS triggers detected in a region not only shows what resources are being targeted, but may also indicate what cybercriminals might focus on in the future, either because enough of those attacks were ultimately successful, or simply because there is more of a certain type of technology deployed in some regions. But that’s not always the case. For example, the vast majority of ThinkPHP deployments are in China, which has almost 10x more installations than the U.S., according to shodan.io. Assuming that companies patch their software at about the same rate in each region, if a botnet was simply probing for vulnerable instances of ThinkPHP before deploying an exploit, the number of detected triggers should be much higher in APAC. However, only 6% more IPS triggers were detected in all of APAC than in North America from a recent exploit, indicating that these botnets are simply deploying the exploit to any ThinkPHP instance they find. In addition, when taking a similar look at malware detections, the majority of threats targeting organizations are Visual Basic for Applications (VBA) macros. This is likely because they are still effective and producing results. In general, detections for things that are not working won’t remain high for long and if there are a significant amount of detections for something, someone is falling prey to these attacks.
Need for broad, integrated, and automated security
As applications proliferate and the number of connected devices expands the perimeter, billions of new edges are being created that have to be managed and protected. In addition, organizations are facing increased sophistication of attacks targeting the expanding digital infrastructure, including some being driven by artificial intelligence and machine learning. To effectively secure their distributed networks, organizations have to shift from protecting just security perimeters to protecting the data spread across their new network edges, users, systems, devices, and critical applications. Only a cybersecurity platform designed to provide comprehensive visibility and protection across the entire attack surface–including devices, users, mobile endpoints, multi-cloud environments, and SaaS infrastructures–is able to secure today’s rapidly evolving networks driven by digital innovation.