TMCnet News
Cyber Adversaries Reincorporate Old-School Tactics to Catch Organizations Off-Guard Ahead of Busy Holiday SeasonSUNNYVALE, Calif., Nov. 13, 2019 (GLOBE NEWSWIRE) -- Derek Manky, Chief, Security Insights & Global Threat Alliances, Fortinet News Summary:
Shifting Tactics to Catch Organizations By Surprise: The majority of malware is delivered via email, therefore many organizations have been aggressively addressing phishing attacks with end user training and advanced email security tools. As a result, cybercriminals are expanding their ability to deliver malicious malware through other means. These include targeting publicly facing edge services such as web infrastructure, network communications protocols, as well as bypassing ad blocker tools to open attack vectors that don’t rely on traditional phishing tactics. For example, this quarter FortiGuard Labs saw attacks against vulnerabilities that would allow the execution of code remotely targeting edge services, at the top in terms of prevalence amongst all regions. Although this tactic is not new, changing tactics where defenders may not be as closely watching can be a successful way to catch organizations off guard and increase chances for success. This can be especially problematic ahead of a busy online shopping season when online services will experience increased activity. Maximizing Earning Potential: Following in the footsteps of the lucrative GandCrab ransomware, which was made available on the dark web as a Ransomware-as-a-Service (RaaS) solution, cybercriminal organizations are launching new services to expand their earning potential. By establishing a network of affiliate partners, criminals are able to spread their ransomware widely and scale earnings dramatically in the process. FortiGuard Labs observed at least two significant ransomware families—Sodinokibi and Nemty—being deployed as RaaS solutions. These are potentially just the beginning of what could be a flood of similar services in the future. Refining Malware for Success: Expanding on these approaches, cybercriminals are also refining malware to evade detection and deliver increasingly sophisticated and malicious attacks, such as the evolution of the Emotet malware. This is a troubling development for organizations as cybercriminals increasingly use malware to drop other payloads on infected systems to maximize their opportunities for financial gain. Recently, attackers have begun using Emotet as a payload delivery mechanism for ransomware, information stealers, and banking trojans including TrickBot, IcedID, and Zeus Panda. In addition, by hijacking email threads from trusted sources and inserting malicious malware into those email threads, attackers are significantly increasing the likelihood that those malicious attachments will be opened. Maximizing Opportunity with Older Vulnerabilities and Botnets: Targeting older, vulnerable systems that have not been properly secured is still an effective attack strategy. FortiGuard Labs discovered that cybercriminals target vulnerabilities twelve or more years old more often than they target new attacks. And in fact, they target vulnerabilities from every subsequent year since then at the same rate as they do current vulnerabilities. Similarly, this trend of maximizing existing opportunity also extends to botnets. More so than any other type of threat, the top botnets also tend to carry over from quarter to quarter and region to region globally with little change. This suggests the control infrastructure i more permanent than particular tools or capabilities, and that cybercriminals not only follow new opportunities, but like legitimate businesses, also leverage existing infrastructure whenever possible to increase efficiency and reduce overhead. Protecting for the Unexpected: Broad, Integrated, and Automated Security Report and Index Overview Additional Resources
About Fortinet FTNT-O Copyright © 2019 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiCare, FortiManager, FortiAnalyzer, FortiOS, FortiADC, FortiAP, FortiAppMonitor, FortiASIC, FortiAuthenticator, FortiBridge, FortiCache, FortiCamera, FortiCASB, FortiClient, FortiCloud, FortiConnect, FortiController, FortiConverter, FortiDB, FortiDDoS, FortiExplorer, FortiExtender, FortiFone, FortiCarrier, FortiHypervisor, FortiIsolator, FortiMail, FortiMonitor, FortiNAC, FortiPlanner, FortiPortal, FortiPresence , FortiProxy, FortiRecorder, FortiSandbox, FortiSIEM, FortiSwitch, FortiTester, FortiToken, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLCOS and FortiWLM. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments. This news release may contain forward-looking statements that involve uncertainties and assumptions, such as statements regarding technology releases among others. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.
|