Cybercrime Trends – Faster, Bigger, Smarter

istock 622184706

2016 was the year of ransomware. Or was it the year of the high-profile break in? It was also the year of the IoT DDoS attack. And even the year of high stakes, political cyber-espionage. Regardless of how you want to label it, we can all agree that 2016 set a new bar for high-profile cybercriminal activity. And now, less than halfway into 2017, we can also see that things haven’t slowed down at all.

For example, as you are all well aware, this past March the hacker group known as Shadow Brokers dumped a massive leak of stolen NSA malware and vulnerability exploits onto the public, forcing manufacturers like Microsoft and Cisco to scurry to write updates and post patches.

The WannaCry ransomware outbreak, which was a direct result of the Shadow Brokers leak, had the world in tears for several days. Daily FortiGuard IPS hits peaked at 22 million globally for the DoublePulsar tool that WannaCry used as its primary attack vector. The secondary exploit leveraged in the attack, CVE-2017-0144, spiked to over 7 million attempts blocked by Fortinet on May 13, before trailing off as security firms tightened their defenses and organizations updated their software.

But this wasn’t the only issue. So far this year, 80% of organizations have reported high or critical-severity exploits against their infrastructure, and nearly 10% recorded ransomware activity during Q1. In fact, on any given day so far this year, an average of 1.2% of organizations worldwide are dealing with ransomware botnets running somewhere in their environment. Even more concerning is that the vast majority of these cyberattacks target vulnerabilities that are five years old, with some predating this millennium.

This discouraging trend reveals several really important security issues organizations are facing in today’s digital society.

1.      Basic security practices have clearly declined. Even simple network hygiene, such as maintaining and updating policies, patching systems, upgrading older devices that are no longer supported, and hardening devices is simply not being done. Some of this may be due to the continuing growth of the cybersecurity skills gap. But some is directly related to the next point, which is the growing complexity of today’s networks.

2.      Networked ecosystems are becoming increasingly complex, highly distributed, and elastic. The rush to adopt private and public cloud solutions, the growth of IoT, the variety and volume of smart devices connecting to the network, and out-of-band threat vectors like shadow IT have stretched security professionals past their limits. For example, the median number of cloud applications used per organization in Q1 was 62 (33 SaaS + 29 IaaS), with IaaS apps hitting a new high point, while data stored in these applications and services continues to grow. For many of these organizations, the challenge is that data visibility drops to zero once it moves into the cloud. So, while the number of potential attack vectors across the expanded network landscape continues to grow, visibility and control over today’s expanded infrastructure has diminished.

3.      The volume of encrypted traffic is making it worse. For the first quarter of 2017, the median ratio of HTTPS to HTTP traffic hit a high mark of nearly 55%. While helpful for maintaining privacy, this trend presents challenges to threat monitoring and detection. Organizations—especially those with higher HTTPS ratios—cannot afford to turn a blind eye toward threats that might be lurking within encrypted communications.

4.      Hyperconvergence is accelerating the spread of malware. As networks and users increasingly share information and resources, we are seeing attacks like WannaCry spread rapidly across widely distributed geographic areas, and across a wide variety of industries. A report analysis shows that exploit distribution is pretty consistent across geographical regions. What’s highly prevalent for one region appears to be, for the most part, highly prevalent for them all. The same is true for the most virulent malware strains affecting organizations last quarter, though there are still some interesting variations for less common threats.

There are a couple of important takeaways here. The first is that the majority of threats faced by most organizations remain opportunistic in nature. Criminals tend to target low hanging fruit, so it is critical that organizations minimize their visible and accessible attack surface.

Second, IT teams need to up their game with regards to network hygiene. Organizations need to actively identify, patch, update, and replace vulnerable devices and systems on their network. Far too often, routine and complexity combine to allow overlooked systems fall out of the patch cycle and yet persist in the network. The rule of thumb is, if you can’t secure it, get rid of it. And if you can’t get rid of it, segment it and protect it.

Third, exploits are increasingly automated, which allows them to quickly identify and exploit vulnerabilities, burrow their way through networks, and then find and extract – or ransom – targeted data and resources. With cybercriminals operating at digital speeds, detection and response systems cannot afford to wait for data to be hand correlated or for humans to respond to these attacks.

Finally, any security strategy needs to meet, and adapt to, the demands of your current ecosystem of networks. You need to build advanced malware defenses into (what’s left of) the perimeter, weave it across the network (including the cloud), and drive it deep into endpoints (whether user or IoT devices), to detect both known and unknown threats. Defenses need to be spread along the entire kill chain, from IoT to the cloud, and work together in a synergistic fashion to share intelligence, correlate data, and automatically identify and respond to detected threats.

The data cited in this article has been pulled from the latest Fortinet Cyber Threat Landscape Report written and published by the FortiGuard Labs security research team. In addition, Fortinet publishes a free, subscription-based Threat Intelligence Brief that reviews the top malware, virus, and web-based threats discovered every single week, along with links to that week’s most valuable original Fortinet research.