- 11 September 2018 09:44
Fortinet Threat Landscape Report Calls on Australian Businesses to Heighten Cyber Defences
SYDNEY, Australia – September 11, 2018
Phil Quade, chief information security officer, Fortinet
“Cyber adversaries are relentless. Increasingly, they are automating their toolsets and creating variations of known exploits. Of late, they are also more precise in their targeting, relying less on blanket attempts to find exploitable victims. Urgently, organisations must pivot their security strategy to address these tactics. Organisations should leverage automated and integrated defenses to address the problems of speed and scale, utilise high-performance behavior-based detection, and rely on AI-informed threat intelligence insights to focus their efforts on patching vulnerabilities that matter.”
Jack Chan, Network & Security Strategist, Fortinet
“We continue to see that certain sectors in Australia, particularly education and government, have a broadened attack surface and are increasingly targeted by cybercriminals looking to exploit these vulnerabilities. Organisations should deploy security that meets the diverse needs of their network, shoring up their defences against current and emerging threats. We anticipate that threats like IoT botnets will continue to rise, and hypervisor and API security will becoming increasingly important. Vitally, organisations must have basic hygiene practices in place to provide a strong foundation for their overall security.”
Jon McGettigan, Senior Regional Director, Fortinet ANZ and the Pacific Islands
“The latest Fortinet Threat Report demonstrates the increasing complexity and sophistication of the local threat landscape. Security strategies need to constantly evolve and take advantage of the latest threat intelligence, in order to defend against the latest exploits. From this month Fortinet will be taking the FortiExpress, a mobile security training and demo facility, on the road to all major IT events, as well as rural and regional areas, to increase awareness and education for cybersecurity. We hope this will empower customers and partners to take a more proactive security stance.”
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated, and automated cybersecurity solutions, today announced the findings of its latest Global Threat Landscape Report. The research reveals cyber criminals are becoming smarter and faster in how they leverage exploits to their advantage. They are also maximising their efforts by targeting an expanding attack surface and by using iterative approaches to software development facilitating the evolution of their attack methodologies; this broadening attack surface is leaving certain industries, such as the Australian education sector, more open to attack.
For a detailed view of the findings and some important takeaways for CISOs read the blog. Highlights of the report follow:
· Virtually No Organisation is Immune from Severe Exploits: Analysis focused on critical and high-severity detections demonstrates an alarming trend with 96% of firms experiencing at least one severe exploit. Almost no firm is immune to the evolving attack trends of cyber criminals. In addition, nearly a quarter of companies saw cryptojacking malware, and only six malware variants spread to over 10% of all organisations. FortiGuard Labs also found 30 new zero-day vulnerabilities during the quarter.
· Widening Threat Surface Leaves Education Most Vulnerable: As potential vulnerabilities rise in tandem with the amount of software/applications used in an organisation, education has the widest spread of applications out of all sectors by a vast majority. This leaves applications like MS Word or SaaS applications more open; the demise of government-funded technology, like the Rudd-era school laptop program, and growing popularity of BYOD policies – even for primary schools – means institutions may not have enough protection to manage the vast attack surface. Outside of education, government and the construction sector have the next widest attack surface. When comparing application count usage across industries globally, government use of SaaS applications is 108% higher than the mean and is second to education in the total number of applications used daily, 22.5% and 69% higher than the mean, respectively Recently, the Department of Education WA selected Fortinet as its security solution for 800 schools in the region, looking to proactively keep risks at bay.
· Critical Infrastructure a Growing Target
Australian critical infrastructure organisations must be aware that they are a target, with integral assets such as power and smart metering increasingly the victim of botnets. The merging of IT and OT (operational technology) has seen the recent emergence of staged botnets, such as VPNFilter, targeting SCADA infrastructure as was found last quarter. This should be a wakeup call for the utility sector to review its security practice, and for organisations to more broadly consider how their security strategy approaches critical infrastructure.
· Botnet Trends Demonstrate the Creativity of Cyber Criminals: Data on botnet trends gives a valuable post-compromise viewpoint of how cybercriminals are maximising impact with multiple malicious actions. WICKED, a new Mirai botnet variant, added at least three exploits to its arsenal to target unpatched IoT devices. VPNFilter, the advanced nation-state-sponsored attack that targets SCADA/ICS environments by monitoring MODBUS SCADA protocols, emerged as a significant threat. It is particularly dangerous because it not only performs data exfiltration, but can also render devices completely inoperable, either individually or as a group. The Anubis variant from the Bankbot family introduced several innovations. It is capable of performing ransomware, keylogger, RAT functions, SMS interception, lock screen, and call forwarding. Keeping tabs of morphing attacks with actionable threat intelligence is vital as creativity expands.
· Malware Developers Leverage Agile Development: Malware authors have long relied on polymorphism to evade detection. Recent attack trends show they are turning to agile development practices to make their malware even more difficult to detect and to counter the latest tactics of anti-malware products. GandCrab had many new releases this year, and its developers continue to update this malware at a rapid pace. While automation of malware attacks presents new challenges, so does agile development because of the skills and processes to roll out new evading releases of attack methods. To keep pace with the agile development cyber criminals are employing, organisations need advanced threat protection and detection capabilities that help them pinpoint these recycled vulnerabilities.
· Effective Targeting of Vulnerabilities: Adversaries are selective in determining what vulnerabilities they target. With exploits examined from the lens of prevalence and volume of related exploit detections, only 5.7% of known vulnerabilities were exploited in the wild. If the vast majority of vulnerabilities won’t be exploited, local organisations should consider taking a much more proactive and strategic approach to vulnerability remediation.
The Fortinet Global Threat Landscape Report is a quarterly view that represents the collective intelligence of FortiGuard Labs drawn from Fortinet’s vast array of sensors during Q2 2018. Research data covers global, regional, industry sector, and organisational perspectives. It focuses on three central and complementary aspects of that landscape, namely application exploits, malicious software, and botnets. It also examines important zero-day vulnerabilities and infrastructure trends to add context about the trajectory of cyber attacks affecting organisations over time. To complement the report, Fortinet publishes a free, subscription-based Threat Intelligence Brief that reviews the top malware, virus, and web-based threats discovered every week, along with links to valuable FortiGuard Labs threat research.
Read our blog for more information about the research or to access the full threat report.
Read our blog to learn more about new enhancements to our FortiGuard security services portfolio.
Sign up for the weekly FortiGuard Threat Intelligence Briefs or the FortiGuard Threat Intelligence Service.
Read more about our Network Security Expert program, Network Security Academy program or our FortiVets program.
Read more about the Fortinet Security Fabric or the Third Generation of Network Security.
Follow Fortinet on Twitter, LinkedIn, Facebook, YouTube, and Instagram.
Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organisations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud, or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 360,000 customers trust Fortinet to protect their businesses. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.
Copyright © 2018 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiCare, FortiManager, FortiAnalyzer, FortiOS, FortiASIC, FortiMail, FortiClient, FortiSIEM, FortiSandbox, FortiWiFi, FortiAP, FortiSwitch, FortiWeb, FortiADC, FortiWAN, and FortiCloud.
Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments. This news release may contain forward-looking statements that involve uncertainties and assumptions, such as statements regarding technology releases among others. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialise or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.