The threat landscape is constantly evolving. As cybercriminals and threat actors continue to carry out attacks and devise new ways to bypass security defenses, cybersecurity researchers must consistently monitor and report on their behavior and trends to raise awareness and distribute critical threat intelligence that can help organizations better protect their networks.
FortiGuard Labs boasts one of the largest security research and analyst teams in the cybersecurity space. With expert researchers and analysts across the globe and one of the most effective and proven artificial intelligence and machine learning systems in the security arena, you can trust that the threat intelligence gathered by the team at FortiGuard Labs is unparalleled.
In addition to weekly threat updates and frequent blogs and articles on breaking threat research, FortiGuard Labs publishes Threat Landscape Reports that recap the major cyberthreat trends and themes that occurred during the period in review. In this blog, we will recap and explore key findings from some of these reports.
2019 in Review
Over the course of 2019, new threat trends and themes became evident across the landscape. The top highlights from the first three quarters of the year included:
- Ransomware attacks were fine-tuned to focus on high-value targets vs. previous spray and prey techniques.
- Cybercriminals deployed increasingly sophisticated attacks, showing the need for defense teams to implement more automated and integrated approaches.
- One of our reports showed nearly 60% of all threats shared at least one domain in web filter data, demonstrating the connection of cybercriminal infrastructures to their attack strategies.
- The proliferation of IoT threats became evident through attacks target IT and also IoT
- Sophisticated threats were hidden in commonly used attachments in emails to obfuscate anti-evasion techniques.
- Threat actors focused their efforts on exploiting core web infrastructure and content management systems.
- Emotet, a popular and successful banking trojan, launched a service that rents access to devices infected with the Emotet Trojan, meaning the ability for the malware to deliver malicious payloads.
- The BlueKeep vulnerability remained potent, indicating many unpatched devices still exist.
- Living off the Land (LoTL) techniques made a comeback and allowed cybercriminals to be extra stealthy.
- Once Coinhive shut down – a cryptocurrency mining service that relied on code installed on Web sites that used some or all of the computing power of any browser that visited the site to mine bits of the Monero cryptocurrency – we saw a significant reduction in the number and volume of cryptomining activities.
- And more….
The Fortinet Threat Landscape Index
The Fortinet Threat Landscape Index (TLI) relies on sensor data that detects threat variety and volume, serving as a way to measure whether threat activity is growing or declining when benchmarked against the quarter prior. In Q1, the TLI trend line was more volatile than ever, but the overall threat index rose a slight 1% during the quarter.
The barometer of threat activity hit its highest point ever in Q2 2019. During the quarter, the TLI rose up nearly 4% from its original opening position. Conversely, the threat landscape index remained relatively stable during the third quarter of 2019, seeing slight fluctuations but no major swings. A busy holiday season in Q4 shows promise of sustained activity.
Threat Trends Evident Across Quarters
Several threat trends seemed to persist throughout 2019. The following trends had the biggest impact on the threat landscape throughout the year:
Remote Desktop Protocol Vulnerabilities
In Q2 and Q3, the BlueKeep vulnerability – which can be combined with the EternalBlue vulnerability to spread laterally across compromised networks – continued to pose a significant threat to remote access services. Flaws in remote desktop services allowed unauthenticated users to connect to and take control of vulnerable systems to steal critical data and credentials, or drop ransomware and other malware. Although patches for these exploits have been developed, it is believed that hundreds of thousands of systems remain vulnerable to exploitation.
It is important to secure RDP services by disabling the RDP service on systems that do not require it, using strong passwords and account lockouts for protection, and applying any available patches and updates to systems to address known vulnerabilities.
Ransomware proved to be quite lucrative for cybercriminals throughout 2019. Q1 saw ransomware attacks that became designer in nature, with threat actors tailoring their methods for maximum target destruction. One such variant, LockerGoga, was highly sophisticated and able to execute an attack that took weeks to remediate. In Q2, several high-profile, targeted ransomware incidents further highlighted the importance of malware protection tools and network infrastructure defenses. Then, in Q3, ransomware-as-a-service (RaaS) allowed additional malware authors to follow in the wake of GrandCrab to further spread their ransomware and scale earnings in the process.
Ransomware incidents from 2019 highlight the fact that this type of cybercrime is becoming more accessible and profitable for a larger pool of bad actors. Integrated security solutions like the Fortinet Security Fabric can help protect organizations against ransomware from all threat vectors.
Older Vulnerabilities Preferred by Cybercriminals
One of the most important takeaways is that just because new vulnerabilities and exploits are available doesn’t mean that older threats are tossed into the dustbin. In fact, FortiGuard Labs saw more exploits targeting vulnerabilities from 2007 than those from 2018 and 2019 combined. And worse, this was true for every year in between as well.
This is only possible because far too many organizations have failed to adopt a proactive patching and updating strategy that keeps their devices safe from exploits. Part of the reason is due to the rapid adoption of digital innovation that is transforming traditional networks, combined with the growing cybersecurity skills gap, but regardless, failure to maintain basic cybersecurity hygiene protocols have enabled a major security gap that organizations are failing to address.
The FortiGuard Labs team collaborates with leading threat monitoring organizations to advise and collect intelligence around emerging cyber threat trends and risks. By identifying and reporting on these trends and vulnerabilities, the team helps protect organizations around the globe from cybersecurity risk through education, technical analysis and research, and actionable intelligence.
Written By Anthony Giandomenico
Powered by Fortinet, Delivered by IT Vortex.