• United States



As Cyber Threats Grow, Cyber Vigilance is Mandatory

Nov 15, 20187 mins

istock 1066605570
Credit: iStock

In 1809, author Thomas Charlton penned the famous phrase that has been subsequently attributed to a wide variety of people, writing, “the price of liberty is eternal vigilance.” While he certainly could not have foreseen our day, that idea was never more true than when applied to today’s digital society. The development of exploits designed to target the data and systems of individuals and organizations is at an all-time high, with the number of unique variants showing double-digit growth, with many of them more advanced than ever. And individual organizations are feeling the impact, with two-thirds of all firms having detected a severe exploit just this past quarter.

Here are four trends we have seen over the third quarter of 2018 that security leaders need to be paying attention to:

Mobile Devices Remain a Target. Over one-quarter of organizations experienced a mobile malware attack, with the majority being on the Android operating system. In fact, of the threats organizations faced from all attack vectors, 14% of total malware alerts were Android related. By comparison, only .000311% of threats were targeted to Apple iOS. Mobile threats are a looming threat that must be addressed, especially as the mobile-shopping holiday season nears. These threats can become a gateway for corporate networks to be exploited. Criminals know mobile is an accessible target for infiltrating a network, and they are exploiting it.

Cryptojacking is a Gateway to Other Attacks. Cryptojacking remains prevalent and continues to grow in scope. The number of platforms affected by cryptojacking jumped 38% and the number of unique signatures nearly doubled in the past year. These include new sophisticated platforms for advanced attackers as well as “as-a-service”platforms for novice criminals. Botnets are also increasingly leveraging cryptojacking exploits for their attack strategy. Although it is often considered to be a nuisance threat that simply hijacks unused CPU cycles, security leaders are realizing how cryptojacking can become a gateway for additional attacks. Underestimating the repercussions of cryptojacking places an organization under heightened risk.

Botnets.The number of days that a botnet infection was able to persist inside an organization increased 34% from 7.6 days to 10.2 days, indicating that botnets are becoming more sophisticated, difficult to detect, and harder to remove. This is also the result of many organizations still failing to practice good cyber hygiene, including patching and updating vulnerable devices, and thoroughly scrubbing a network after an attack has been detected. Many sophisticated botnets go dormant after detection. If the root cause or “patient zero” is not located and removed, many botnets simply return once normal business operations resume.

Encrypted Traffic Reaches a New Threshold. Encrypted traffic now represents over 72% of all network traffic, up from 55% just one year ago. While encryption can certainly help protect data in motion as it moves between core, cloud, and endpoint environments, it also represents a real challenge for traditional security solutions. Critical firewall and IPS performance limitations of some legacy security solutions continue to limit organizations from inspecting encrypted data. As a result, this traffic is increasingly not analyzed for malicious activity, making it an ideal mechanism for criminals to spread malware or exfiltrate data.

Addressing the Challenge

In digital terms, eternal vigilance involves visibility and control. However, digital transformation efforts have restricted the visibility and fragmented the controls of many organization. To successfully address today’s challenges, IT teams need to rethink their security strategy, from implementing effective security hygiene measure, to implementing an integrated security fabric architecture that can seamlessly span the entire expanding attack surface for unified visibility and the ability to orchestrate controls from a single console.

To that end, here are several corollary security strategies every organization needs to consider when addressing the modern threat landscape:

  • Countering Advanced Threats.The evolution of the threat landscape requires a security transformation. This includes a shift from point security products, manual security management, and reactive security to a strategy where different security elements are integrated into a single system, security workflows can span multiple network ecosystems, and threat-intelligence is centrally collected and correlated. It also requires that advanced sandboxing be integrated across multiple security elements, enabling organizations to prevent and detect previously unknown threats regardless of where they appear.
  • Leverage Automation. As the speed of threats rapidly increase, the number of evasive techniques multiply, and the time windows for prevention, detection, and remediation continue to shrink, automation is pivotal. Organizations require a security platform at the same time where each of the different elements communicate with each other in real time.
  • Combatting Cryptojacking. Security leaders must realize that the threat of cryptojacking is more than just the degradation of performance and computing workloads and the theft of expensive cloud computing resources. Cryptojacking raises the risk—due to defenses being taken down—of data theft and operational outages for IT and OT infrastructures. Infection also is an indication that larger security issues exist. One essential approach to combatting cryptojacking involves maintaining a comprehensive inventory of devices (especially IoT devices) across your network and baselining behavior. With this information in hand, you’re able to monitor for aberrant behavior that may reflect cryptojacking activity.
  • Know When to Detect Threats.The haystack of traffic is much larger during workdays, and thus it is harder to pinpoint threats. But as the volume of traffic shrinks over the weekend and holidays, it is much easier to find those malicious needles. To that end, organizations need to ensure they have 24/7 security and network operations that enable them to search for and find needles in the much smaller haystack of non-operating hours.
  • Mobile Threats.The total number of company-owned mobile devices in use increased 2.5% from 2017 to 2018. This doesn’t include the expanding volume of personally owned mobile devices connected to networks as a result of the 72% of organizations that have a BYOD-friendly policy. Because cybercriminals understand that mobile is an easy target for infiltrating a network, security leaders need to ensure they have the appropriate controls in place to protect against those devices, especially at their wireless access points. This requires that wireless access points and mobile security services be fully integrated into next-generation firewalls, combined with automated threat-intelligence sharing between them and your broader set of security elements. Establishing visibility and controlling access to your network using a third-generation Network Access Control solution is also critical.

Summing Up

Cybersecurity challenges continue to grow, and organizations in the midst of digital transformation efforts are especially vulnerable. And as the holiday season approaches, and more and more consumers are online, cybercriminal efforts are expected to accelerate. Retailers and others offering omnichannel experiences to their customers need to pay particular heed to their wireless access points, which can easily and quickly be exploited by malicious criminals. These sorts of threat vectors are especially concerning as they can become a gateway for your corporate network to be exploited. 

With more attack vectors being successfully targeted by cybercriminals, doing more of the same when it comes to security is a proven losing strategy. Organizations need to become hypervigilant about security, or they will forfeit their ability to compete in today’s digital marketplace because they will become victims to the increasingly effective and ruthless cybercriminal community.

View the latest Fortinet Threat Landscape Report and Threat Index Indices for botnets, malware, and exploits to stay up-to-date on threat trends.

Read more about our Network Security Expert program, Network Security Academy program or our FortiVets program.

Read more about the Fortinet Security Fabric or the Third Generation of Network Security.