Combatting the Transformation of Cybercrime
The volume of cyberattacks is growing at an unprecedented rate, increasing as much as nearly 80% for some organizations during the final quarter of 2017. One reason for this acceleration in the attack cycle is that in order for malware to succeed today it needs to spread further and faster than even before. This allows cybercriminals to stay a step ahead of new efforts by vendors to improve their delivery of updated signatures and patches.
But it’s not just about volume. These attacks are also increasingly sophisticated, often spanning across malware families and using advanced techniques to simultaneously target multiple attack vectors. This enhanced focus on innovation, combined with the increased speed and volume at which new threat variants are being released into the wild, is successfully catching far too many organizations unprepared.
To keep your organization ahead of the threat curve, here are five recent trends you should be aware of:
IoT-based botnets also continue to dominate the threat landscape. But unlike the first generation of IoT attacks, which focused on exploiting a single vulnerability, new IoT botnets such as Reaper and Hajime simultaneously target multiple vulnerabilities, making them much harder to combat. Even worse, because many IoT manufacturers don’t have a PSIRT team in place, many of these attacks target known IoT vulnerabilities for which no CVE has been named, which means there is little opportunity to even report vulnerabilities when they are discovered, let alone prepare for them. To complicate things further, the Reaper exploit was built using a flexible Lua engine and scripts, which means that instead of being limited to the static, pre-programmed attacks of previous exploits, its code can be easily updated on the fly, allowing massive, in-place botnets to run new and more malicious attacks as soon as they become available.
The growth in both the volume and sophistication of ransomware continues to be a significant security challenge for organizations, especially in high-value segments such as healthcare, education, and financial services. Ransomware also continues to evolve, leveraging new delivery channels such as social engineering, and new techniques such as multi-stage attacks to evade detection and infect systems. The growing availability of Ransomware-as-a-Service on the Darkweb is also making it much easier for less technically skilled criminals to target organizations in exchange for profit sharing on the back end.
Steganography is an attack method that embeds malicious code in images. It’s an attack vector that’s been around for decades, but hasn’t had much traction over the past few years. But with the growing popularity of memes and the exponential growth of user photo sharing, especially over social media, it’s making a big comeback. Combined with new vectors like the recent Sundown EK exploit kit, steganography is now not only being used to deliver malware, but to also steal information.
Sophisticated Industrial Malware
A recent uptick in exploit activity against industrial control systems (ICS) and safety instrumental systems (SIS) is the result of the ongoing convergence between IT and OT networks, providing another area of the network to be targeted by cybercriminals. A recent example is an attack codenamed Triton. Most alarming is that unlike most traditional malware, Triton was designed specifically to cause physical damage through such things as hijacking the SIS to terminate processes, running systems in an unsafe state, and even manipulating distributed control systems. It also has the ability to cover its tracks by overwriting itself with garbage data to thwart forensic analysis. Because these targeted OT platforms often manage critical infrastructures, they are enticing for this emerging set of threat actors who are seemingly not motivated by financial gain.
What Can You Do?
IT teams today are stretched thin trying to the new digital economy. But these evolving networks are significantly expanding the potential attack surface. The result is that many legacy threat detection devices and signature-based antivirus tools, especially those deployed in isolation, are unable to keep pace with the volume, variety, and velocity of today’s malware. Organizations need to take a more proactive approach:
Do you know what devices are on your network at any given moment? If so, do you know which of them are vulnerable to the current set of exploits and malware running in the wild? You need to prioritize patching based on malware volume and implement advanced threat protection capabilities such as sandboxing to detect and respond to unknown threats.
Integrate Security Deployments
Your security devices have to be able to share threat intelligence, correlate data, and then participate in a coordinated response to detected threats. This requires looking for devices built using open standards, that leverage a common operating system, or that can be integrated together through a common management, analysis, and orchestration platform.
Implement Large-Scale Automation
Attacks happen at digital speeds, so response needs to be measured in microseconds. Which is why today’s attacks require an automated response. But automation needs to be much more than simply having an event trigger a response on a device. We’re talking about large-scale automation that can marshal the resources of different security tools deployed across the entire networked ecosystem. Even more importantly, data needs to be continuously monitored and assessed so your security system can anticipate attacks and automatically adapt before an event happens or a compromise occurs.
Develop A Holistic Approach to Security
Digital transformation and the accelerated evolution of cybercrime are the biggest challenges that IT security teams have ever had to face. In addition to the external threats outlined above, we are compounding the problem ourselves through our own transformation of the network. In addition to expanding the attack surface through things likes multi-cloud strategies and IoT devices and networks, encrypted data has grown to nearly 60% of all network traffic. While encryption certainly helps protect data in motion as it moves between core, cloud, and endpoint environments, it also represents a real challenge for traditional security solutions.
The increasing digital connectedness of organizations is driving the requirement for a security transformation, where security is integrated into applications, devices, and cloud networks to protect business data spread across these complex environments.
John Maddison is Sr. Vice President, Products and Solutions at Fortinet. He has more than 20 years of experience in the telecommunications, IT Infrastructure, and security industries. Previously he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that John was senior director of product management at Lucent Technologies. He has lived and worked in Europe, Asia, and the United States. John graduated with a bachelor of telecommunications engineering degree from Plymouth University, United Kingdom.