SUNNYVALE, Calif., May 16, 2018 (GLOBE NEWSWIRE) --
Phil Quade, chief information security officer, Fortinet
“We face a troubling convergence of trends across the cybersecurity landscape. Malicious cyber actors are demonstrating their
efficiency and agility by exploiting the expanding digital attack surface, taking advantage of newly announced zero-day threats,
and maximizing the accessibility of malware for bad intent. In addition, IT and OT teams often don’t have the resources necessary
to keep systems appropriately hardened or protected. However, implementing a security fabric which prioritizes speed, integration,
advanced analytics, and risk-based decision making can enable comprehensive protection at machine speed and scale.”
News Summary:
Fortinet® (NASDAQ:FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced the findings
of its latest Global Threat Landscape Report. The research reveals cybercriminals are evolving their attack
methods to increase their success rates and to accelerate infections. While ransomware continues to impact organizations in
destructive ways, there are indications that some cybercriminals now prefer hijacking systems and using them for cryptomining
rather than holding them for ransom. For a detailed view of the findings and some important takeaways for CISOs read the blog. Highlights of the report follow:
Cybercrime Attack Methods Evolve to Ensure Success at Speed and Scale
Data indicates that cybercriminals are getting better and more sophisticated in their use of malware and leveraging newly announced
zero-day vulnerabilities to attack at speed and scale. While the number of exploit detections per firm dropped by 13% in Q1 of
2018, the number of unique exploit detections grew by over 11%, and 73% of companies experienced a severe exploit.
- Spike in Cryptojacking: Malware is evolving and becoming more difficult to prevent and
detect. The prevalence of cryptomining malware more than doubled from quarter to quarter, growing from 13% to 28%. Additionally,
cryptojacking was quite prevalent in the Middle East, Latin America, and Africa. Cryptomining malware is also showing incredible
diversity for such a relatively new threat. Cybercriminals are creating stealthier fileless malware to inject infected code into
browsers with less detection. Miners are also targeting multiple operating systems as well as different cryptocurrencies,
including Bitcoin, Dash, and Monero. They are also fine-tuning and adopting delivery and propagation techniques from other
threats based on what was successful or unsuccessful to improve future success rates.
-
Targeted Attacks for Maximum Impact: The impact of destructive malware remains high, particularly as
criminals combine it with designer attacks. For these types of more targeted attacks, criminals conduct significant
reconnaissance on an organization before launching an attack, which helps them to increase success rates. Afterwards, once they
penetrate the network, attackers spread laterally across the network before triggering the most destructive part of their
planned attack. The Olympic Destroyer malware and the more recent SamSam ransomware are examples of where cybercriminals combined a designer attack with a destructive
payload for maximum impact.
-
Ransomware Continues to Disrupt: The growth in both the volume and sophistication of ransomware
continues to be a significant security challenge for organizations. Ransomware continues to evolve, leveraging new delivery
channels such as social engineering, and new techniques such as multi-stage attacks to evade detection and infect systems.
GandCrab ransomware emerged in January with the distinction of being the first ransomware to require Dash
cryptocurrency as a payment. BlackRuby and SamSam were two other ransomware variants that emerged as major threats during the
first quarter of 2018.
-
Multiple Attack Vectors: Although the side channel attacks dubbed Meltdown and Spectre dominated the
news headlines during the quarter, some of the top attacks targeted mobile devices or known exploits on router, web or Internet
technologies. 21% of organizations reported mobile malware, up 7%, demonstrating that IoT devices continue to be targeted. Cybercriminals also continue to recognize the value of exploiting known
vulnerabilities that haven’t been patched along with recently discovered zero-days for increased opportunity. Microsoft
continued to be the number one target for exploits, and routers took the number two spot in total attack volume. Content
Management Systems (CMS) and web-oriented technologies were also heavily targeted.
- Cyber Hygiene - More Than Just Patching: Measuring how long botnet infections persist based on the
number of consecutive days in which continued communications are detected reveals that hygiene involves more than just patching.
It is also about cleanup. Data showed that 58.5% of botnet infections are detected and cleaned up the same day. However, 17.6% of
botnets persist for two days in a row and 7.3% last three days. About 5% persist for more than a week. As an example, the
Andromeda botnet was taken down in Q4 2017 but data from Q1 found it continued to show up prominently in both volume and
prevalence.
-
Attacks Against Operational Technology (OT): While OT attacks are a smaller percentage of the overall attack landscape, the trends are concerning. This sector is
increasingly becoming connected to the Internet, with serious potential ramifications for security. Currently, the vast
majority of exploit activity is directed against the two most common industrial communication protocols, primarily because they
are so widely deployed. Data shows that in Asia ICS exploit attempts appear to be somewhat more prevalent when compared to ICS
exploit activity across other regions.
Fighting Evolving Cybercrime Requires Integrated Security
The threat data in this quarter’s report reinforces many of the prediction trends unveiled by the Fortinet FortiGuard Labs global research team for 2018 demonstrating that the best defense
against intelligent and automated threats is an integrated, broad, and automated security fabric. A highly aware and proactive security defense system is needed to keep pace
with the next generation of automated and AI-based attacks.
Report Methodology
The Fortinet Global Threat Landscape Report is a quarterly view that
represents the collective intelligence of FortiGuard Labs drawn from Fortinet’s global array of sensors during Q1 2018. Research
data covers global, regional, industry sector, and organizational perspectives. It focuses on three central and complementary
aspects of that landscape, namely application exploits, malicious software, and botnets. It also examines important zero-day
vulnerabilities. To complement the report, Fortinet publishes a free, subscription-based Threat Intelligence Brief that reviews the top malware, virus, and web-based threats discovered
every week, along with links to valuable FortiGuard Labs threat research.
Additional Resources
About Fortinet
Fortinet (NASDAQ:FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet
empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on
ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric
architecture can deliver security without compromise to address the most critical security challenges, whether in networked,
application, cloud, or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than
340,000 customers trust Fortinet to protect their businesses. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.
FTNT-O
Copyright © 2018 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks
and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited
to, the following: Fortinet, FortiGate, FortiGuard, FortiCare, FortiManager, FortiAnalyzer, FortiOS, FortiASIC, FortiMail,
FortiClient, FortiSIEM, FortiSandbox, FortiWiFi, FortiAP, FortiSwitch, FortiWeb, FortiADC, FortiWAN, and FortiCloud.
Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications
herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the
contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by
Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein
may be unique to certain environments. This news release may contain forward-looking statements that involve uncertainties and
assumptions, such as statements regarding technology releases among others. Changes of circumstances, product release delays, or
other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied
in this press release. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from
those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical
fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking
statements, and expressly disclaims any obligation to update these forward-looking statements.