Sunday, July 12, 2020

Threat Landscape Report for Q3 2019

Threat Landscape Report for Q3 2019

Spotlight

STI: Staying Education-Ready In The New Normal

STI is committed to face the challenges brought by the new normal of education, and at the same time, prioritize the needs and safety of its students.

SM Foundation Donates Masks And Face Shields To Cebu Hospitals And Quarantine Centers

SM Foundation donated KN95 masks, 3-ply masks, and face shields worth PHP2.5 million to Cebu hospitals and quarantine centers. Thank you, SM!

SM Foundation Donates Masks And Face Shields To Cebu Hospitals And Quarantine Centers

SM Foundation donated KN95 masks, 3-ply masks, and face shields worth PHP2.5 million to Cebu hospitals and quarantine centers. Thank you, SM!

Francisco Motors Debunks Accusations That Modern PUVs Increase COVID-19 Transmission

"What worsens virus transmission are incompetence of vehicle personnel, complacency of those in-charge of the vehicles and negligence of passengers."

While many of us may have taken a well-earned vacation over the summer, cybercriminals were hard at work looking for new ways to target and exploit our networks, devices, and services. The Fortinet Threat Landscape Report provides insights into the top threats and trends discovered and tracked by the FortiGuard Labs team, and the report for last quarter shows that cybercriminals are continuing to focus on finding ways to stay a step ahead of their cybersecurity professional adversaries.

When people consider cybercrime, they tend to think of some of the more high-profile events of the past that used sophisticated malware or exploited zero-day vulnerabilities. And while some efforts continue to be made in those areas, most criminals focus on leveraging their existing resources. The top issues for Q3 are no different.

Cybercriminals Are Looking To Augment Their Phishing Efforts
Cybercriminals Are Targeting Edge Services

Because over 90% of malware is still delivered via email, many organizations have responded by aggressively focusing on training users to identify phishing emails and not click on email attachments. They are also more aware of the importance of email security solutions. As a result, criminals have begun to expand their tactics by simply targeting other areas of the attack surface that aren’t being focused on.

For example, over the past quarter FortiGuard Labs has observed attacks targeting publicly available edge services with remote code execution exploits. Once criminals establish a foothold at the edge, they then use that attack vector to begin delivering their malware to targets inside the network, with the same result as having used phishing to deliver those same payloads.

Bypassing Adblockers Whitelist Malicious Sites
Another strategy is to prevent adblocker security tools from blocking access to malicious content. Adblock Plus, for example, is an open-source browser extension that provides content-filtering and ad blocking for all of the major browsers, including Firefox, Chrome, Internet Explorer, Edge, Opera, Safari, Yandex, and Android. It also uses a key to tag approved advertisement sites so they can be whitelisted. However, this key has been identified by attackers and is being exploited to also whitelist their malicious sites. These webpages can then serve their malicious advertisements, or even function as a phishing page to users who rely on the adblocker solution to block malicious sites and content.

The HTML/Framer.INF!tr IPS signature that detects these webpages is at the top of our list of most prevalent malware variants detected in Q3 2019 across all global regions. However, it is important to note that some of these detections may be false positives because of the way Adblock is designed, making it difficult to produce a fully reliable signature.

Malware-As-A-Service Continues To Grow
New Ransomware-As-A-Service Offerings On The Dark Web

The GandCrab ransomware and its Ransomware-as-a-Service (RaaS) offering netted its developers as much as $2 billion before they retired last year. As a result, many cybercriminal organizations are keen to jump on the bandwagon. Last quarter, FortiGuard Labs observed that at least two other significant ransomware families – Sodinokibi and Nemty – are now available on the dark web as ransomware-as-a-service offerings. By using this RaaS model, the authors of these malware tools are significantly lowering the bar, both in terms of overhead and expertise, for launching such attacks.

Emotet Offers A New Spin On MaaS
Emotet, a popular and successful banking trojan, has launched a similar service that rents access to devices infected with the Emotet trojan. This is especially malicious because the Emotet developers have added the ability for the malware to deliver malicious payloads. This means that attackers using this new malware-as-a-service offering can infect targeted networks with additional malware, such as the Trickbot trojan and Ryuk ransomware, launched from a previously compromised device.

Another new Emotet trick significantly increases the efficiency of distributing malware through phishing. Cybercriminals naturally want to deliver phishing email with the highest likelihood of being opened. This new Emotet phishing strategy steals email threads, not just email addresses, from infected devices. It then develops an infected reply from someone in the thread and sends it to the other thread participants disguised as being part of the thread. This strategy has proven to be exponentially more effective than trying to hook victims using a cold initial phishing attempt, or even a targeted spearphishing tactic.

Older Attacks Remain A Persistent Threat
It is important to remember that attacks don’t need to be new to be successful. According to the Q3 Threat Landscape Report, FortiGuard Labs saw more attempts to target vulnerabilities from 2007 than from 2018 and 2019 combined. And every year in between equaled 2018/19 levels. This trend shows how unpatched vulnerabilities—regardless of age—can heighten exposure. The point is that attackers (and their tools) don’t ignore older vulnerabilities and neither should you.

What You Can Do

Segment Your Networks
Many of these attacks and exploits are successful because vulnerable systems are not being adequately protected. Older vulnerabilities can be successfully protected by conducting a risk assessment and then prioritizing the likelihood of a device being exploited using the FortiGuard Security Rating Service. In addition to patching and upgrading devices, organizations should also consider implementing intent-based network segmentation and zero trust access strategies to prevent critical devices and vulnerable systems from being exploited. Segmentation also minimizes the risks of a successful intrusion by shrinking the available attack surface.

Latest News

LGBT Couples Allowed In Motorcycle Back-Riding

Couples belonging to the LGBT (lesbian, gay, bisexual, transgender) community are among those allowed to motorcycle back-riding, a police official said on Saturday. “Kung titingnan...

DOTr: Clark Airport’s New Terminal 99.14% Complete

The development of the Clark International Airport (CRK) into one of the country’s premier international gateways is about to hit another milestone after the...

2020 Is ‘Year Of Filipino Health Workers’

President Duterte decalres 2020 as the “Year of Filipino Health Workers” to honor the heroism of Filipino medical workers.

DOST-FPRDI Prioritizes Study Of Tree Plantation Species

DOST-FPRDI started a research program for studying different kinds of tree plantation species to address PH's shortage in wood supply.

Palace Reminds Public Anew To Heed Protocols Vs. Covid-19

Huwag kalimutang magsuot ng face mask, maghugas ng kamay at patuloy na obserbahan ang physical distancing.

DILG To Hire More Contact Tracers Before July End

DILG is planning to hire 50,000 more contact tracers to boost the government's efforts to contain COVID-19.

DILG To Hire More Contact Tracers Before July End

DILG is planning to hire 50,000 more contact tracers to boost the government's efforts to contain COVID-19.

DILG To Hire More Contact Tracers Before July End

DILG is planning to hire 50,000 more contact tracers to boost the government's efforts to contain COVID-19.

DILG To Hire More Contact Tracers Before July End

DILG is planning to hire 50,000 more contact tracers to boost the government's efforts to contain COVID-19.

DILG To Hire More Contact Tracers Before July End

DILG is planning to hire 50,000 more contact tracers to boost the government's efforts to contain COVID-19.