The threat landscape is evolving alongside our new ways of working

ftn banner doug 02
Fortinet

The global threat landscape is in a constant state of flux. Geopolitical instability and conflicts, newly discovered exploits and vulnerabilities and constantly evolving tools and shifting targets all contribute to attackers changing their modus operandi. Fortinet’s Global Threat Landscape Report for the second half of 2021 points to an increasingly challenging time for organisations seeking to protect their critical data and ward off threat actors intent on stealing data and extorting funds.

Threats are everywhere

The range of vulnerabilities being exploited by threat actors is staggering. While some vulnerabilities, such as Log4j, which only emerged in December, garner significant media coverage and was the most prevalent Intrusion Protection System (IPS) detection for the entire second half of 2021, are on the radar for enterprises, managed service providers and other larger entities, attackers have been able to hack everything from baby monitors, as well as falling back to common attacks with ransomware still one of the most common tools used by criminals.

While ransomware attack rates remained steady compared to the first half of 2021, the nature of attacks shifted with increasingly sophisticated and aggressive attacks.

Microsoft Exchange remains a major target for attackers with exploits for a set of four vulnerabilities in Microsoft Exchange Server hitting many organisations. While the exploits appeared earlier in the year, attackers kept up their use of these vulnerabilities through the back half of the year.

As employees continue to work from home or adopt hybrid work arrangements, the lines between corporate and personal networks have continued to blur. As a result, vulnerabilities in consumer-grade devices are now a significant threat to businesses. While businesses may be accustomed to protecting their ‘crown jewels’ within the company network, network edge is going through a transformation as hybrid and remote working, and the expanded use of public, private and hybrid cloud solutions become more prevalent. This has created new threat surfaces to protect and given rise to different vulnerabilities and exploits.

Linux ELF – the new malware frontier

For many years, systems running various version of Microsoft Windows were the main target for attackers. But Linux systems are emerging as a more attractive target for threat actors.

New malware, in the form of ELF (Executable and Linkable Format) binaries, is emerging. Attackers see that Linux often underpins a vast array of other systems ranging from large enterprise servers through to small IoT devices, making it an attractive target. ELF and other Linux malware detections across our sensors doubled during 2021.

The increased collaboration between Microsoft and the Linux community sees the integration of the Windows Subsystem for Linux (WSL) into Windows 11. As this becomes more widely used, it’s inevitable that new malware will follow.

Log4j – the ‘rockstar’ of 2021 vulnerabilities

Without a doubt, Log4j was the most widely reported vulnerability of 2021. Log4j impacted nearly every environment with a Java application, was trivially easy to exploit, and gave attackers a way to gain complete control of vulnerable systems. It was often extremely hard to find because dependencies on Log4j could sometimes be buried multiple layers deep in applications. Its prevalence and the complexity in detecting whether it even existed with corporate environments made it a prime target for miscreants – even those with limited skill and resources.

However, the full impact of Log4j may not yet have been felt as it’s unclear whether the flaw is yet to be fully exploited. Attacks exploiting log4j were seen a week before patches were made available. While there were far fewer major compromises reported than expected, its possible attackers exploited the vulnerability to breach systems and are waiting for opportune times to take advantage.

Ransomware, the unwanted gift that keeps on giving

While ransomware attack rates did not continue to grow at the same rate as the first 18 months of the pandemic, a variety of new and previously seen ransomware strains appeared, causing significant damage and disruption. The main shift was an increased shift towards extortionware.

Prior to encrypting data, threat actors are using exploits to exfiltrate data. This is designed in ‘incentivise’ victims into paying ransoms as they face the double threat of losing access to their data and having it disclosed on the dark web or public domain.

Managed Service Providers (MSPs) also found themselves in the crosshairs. Ransomware gangs, exploiting a flaw in Kaseya’s VSA remote monitoring and management technology, were able to launch broad attacks through MSPs, thereby hitting multiple target companies through a single point of entry.

The impact of ransomware remains significant and continues to be a key threat used by attackers seeking swift financial returns for their efforts.

The global threat landscape continues to evolve. And while the headlines may seem similar with ransomware, attacks on Microsoft Exchange and new vulnerabilities discovered regularly, threat actors are constantly updating their methods.

When a threat actor is sufficiently skilled, motivated and resourced, they can be hard to stop.

But having a layered approach to information security using appropriate controls to respond to and detect incidents can assist in remediating any damage caused by an intruder. This can significantly differentiate your ability to recover from an incident.

Using frameworks, such as Zero Trust Network Access and ensuring you employ least privilege accounts ensures compromised user accounts don’t result in major data losses.

At different times, attackers shift their attacks across different sectors and geographies. Access to threat intelligence can help your business anticipate and repel malicious actors. Even when threat actors say they won’t attack critical sectors such as healthcare, they continue to exploit whatever opportunities they can find. Ensuring you have adequate defences and remediation processes and controls in place is the best way to mitigate the risks of an attack and to minimise the impact should a breach occur.

Fortinet is hosting a cybersecurity advisory session on the 28th of April featuring:

  • Doug Witschi, Cybercrime Threat Response, Interpol
  • Corne Mare, CISO, Fortinet ANZ
  • Glenn Maiden, Director Threat Intelligent, FortiGuard Labs ANZ

Don’t miss this opportunity to hear about today’s cyber threats and trends and the cybersecurity preparedness level of Australian and New Zealand businesses.

Reserve your seat.

Download Fortinet’s Global Threat Landscape Report

Related:

Copyright © 2022 IDG Communications, Inc.