Research Reveals Constantly Changing and Sophisticated Avenues of Attack Targeting Evolving Technology Infrastructure Enabled by a Fast-growing Underground Cybercrime Economy
Fortinet announced the findings of its latestGlobal Threat Landscape Reportcovering Q4 2016. The research reveals that 50% of malware exploits in India occurred in the last 3 months of 2016. With India moving towards a cashless digital economy the last two weeks in December, 2016 recorded a very high level of threat activity which interestingly was not observed globally. The most attacked industry was Banking & Finance which received 15 times more hits than the second-placed Information Technology industry.
The research also reveals the methods and strategies cybercriminals employed in detail and demonstrates the potential future impact to the digital economy. The question, “What’s my biggest threat?” remains difficult to pinpoint as old threats resurface, but new, automated and high-volume attacks arise. For a detailed view of the research visit our blog. Highlights follow:
An Army of Things Powered by the Digital Underground
- IoT devices are sought-after commodities for cybercriminals around the world. Adversaries are building their own armies of “things” and the ability to cheaply replicate attacks at incredible speed and scale is a core pillar of the modern cybercrime ecosystem.
- In Q4 2016, the industry was reeling from the Yahoo! data breach and Dyn DDoS attack. Before the quarter was halfway done, the records set by both events were not only broken, but doubled.
- Internet of Things (IoT) devices compromised by the Mirai botnet initiated multiple record-setting DDoS attacks. The release of Mirai’s source code increased botnet activity by 25 times within a week, with activity increasing by 125 times by year’s end.
- IoT-related exploit activity for several device categories showed scans for vulnerable home routers and printers topped the list, but DVRs/NVRs briefly eclipsed routers as the thing of choice with a massive jump spanning 6+ orders of magnitude.
- Unlike other parts of the world, vulnerabilities in home routers formed the majority of IoT-based attacks in Asia Pacific. Many home routers are manufactured and deployed in this region, resulting in attacks on them being centred here.
Automated and High-Volume Attacks Are Prevalent
- The correlation between exploit volume and prevalence implies growing attack automation and lowering costs for malware and distribution tools available on the dark web. This is making it cheaper and easier than ever for cybercriminals to initiate attacks.
- SQL Slammer ranked at the top of the exploit detection list with a high or critical severity ranking, mainly affecting educational institutions.
Ransomware Isn’t Going Anywhere
- Ransomware warrants attention regardless of industry and this high-value attack method will likely continue with the growth of ransomware-as-a-service (RaaS), where potential criminals with no training or skills can simply download tools and point them at a victim.
- 36% of organizations detected botnet activity related to ransomware. TorrentLocker was the winner and Locky placed third.
Michael Joseph, Regional Director – System Engineering, India & SAARCat Fortinet said, “The cybersecurity challenges facing organizations today are complex with a threat landscape that is rapidly evolving. Threatsare intelligent, autonomous, and increasingly difficult to detect, with newones emerging and old ones returning with enhanced capabilities. In addition, the accessibilty of threat creation tools and servicescombined with the reward potential is driving the growth of the global cybercrime market into tens of billions of US dollars. To protect themselves, CISOs need to ensure that thedata and security elements across allof their environments and devices are integrated, automated, and able to share intelligence, across an organization, from IoT to the cloud.”
The Fortinet Global Threat Landscape reportrepresents the collective intelligence of FortiGuard Labsduring Q4 2016 with research data covering global, regional, sector, and organizational perspectives. It focuses on three central and complementary aspects of the threat landscape: application exploits, malicious software (malware) and botnets.
