Cybercriminals work like an army; Ransomware-as-a-Service emerges at large: Fortinet research

BENGALURU: Fortinet, the NASDAQ-listed global leader in cybersecurity solutions, has announced the findings of its latest Global Threat Landscape Report covering Q4 2016.

The research reveals that 50% of malware exploits in India occurred in the last 3 months of 2016. With India moving towards a cashless digital economy the last two weeks in December, 2016 recorded a very high level of threat activity which interestingly was not observed globally.

The most attacked industry was Banking & Finance which received 15 times more hits than the second-placed Information Technology industry.

The research also reveals the methods and strategies cybercriminals employed in detail and demonstrates the potential future impact to the digital economy. The question, “What’s my biggest threat?” remains difficult to pinpoint, says Fortinet, as old threats resurface, but new, automated and high-volume attacks arise.

Considering infrastructure trends and how they relate to the threat landscape is important. Exploits, malware, and botnets do not happen in a vacuum and finding or preventing threats gets increasingly complicated as network infrastructure evolves.

Data shows encrypted traffic using SSL stayed steady at about 50% and accounted for roughly half of overall web traffic traversing within an organization. HTTPS traffic usage is an important trend to monitor, because while it is good for privacy, it presents challenges to detecting threats that are able to hide in encrypted communications. Often SSL traffic goes uninspected because of the huge processing overhead required to open, inspect, and re-encrypt traffic, forcing teams to choose between protection and performance.

In terms of total applications detected per organization, the number of cloud applications trended up at 63, which is roughly a third of all applications detected. This trend has significant implications for security since IT teams have less visibility into the data residing in cloud applications, how that data is being used, and who has access to it. Social media, streaming audio and video, and P2P applications did not trend up sharply.

IoT devices are sought-after commodities for cybercriminals around the world. Adversaries are building their own armies of “things” and the ability to cheaply replicate attacks at incredible speed and scale is a core pillar of the modern cybercrime ecosystem.

In Q4 2016, the industry was reeling from the Yahoo! data breach and Dyn DDoS attack. Before the quarter was halfway done, the records set by both events were not only broken, but doubled.

Unlike other parts of the world, vulnerabilities in home routers formed the majority of IoT-based attacks in Asia Pacific. Many home routers are manufactured and deployed in this region, resulting in attacks on them being centered here.

Mobile malware become a larger problem than before. Though it accounted for only 1.7 percent of the total malware volume, one in five organizations reporting malware encountered a mobile variant, nearly all was on Android.

SQL Slammer ranked at the top of the exploit detection list with a high or critical severity ranking, mainly affecting educational institutions.

The report said ransomware warrants attention regardless of industry and this high-value attack method will likely continue with the growth of ransomware-as-a-service (RaaS), where potential criminals with no training or skills can simply download tools and point them at a victim.

Leave a Reply

Your email address will not be published. Required fields are marked *