IT Vortex - Managed IT Services

Key Takeaways From the 2019 Cybersecurity Threat Landscape

The threat landscape is constantly evolving. As cybercriminals and threat actors continue to carry out attacks and devise new ways to bypass security defenses, cybersecurity researchers must consistently monitor and report on their behavior and trends to raise awareness and distribute critical threat intelligence that can help organizations better protect their networks. 

FortiGuard Labs boasts one of the largest security research and analyst teams in the cybersecurity space. With expert researchers and analysts across the globe and one of the most effective and proven artificial intelligence and machine learning systems in the security arena, you can trust that the threat intelligence gathered by the team at FortiGuard Labs is unparalleled. 

In addition to weekly threat updates and frequent blogs and articles on breaking threat research, FortiGuard Labs publishes Threat Landscape Reports that recap the major cyberthreat trends and themes that occurred during the period in review. In this blog, we will recap and explore key findings from some of these reports. 

2019 in Review

Over the course of 2019, new threat trends and themes became evident across the landscape. The top highlights from the first three quarters of the year included: 

  • Ransomware attacks were fine-tuned to focus on high-value targets vs. previous spray and prey techniques.
  • Cybercriminals deployed increasingly sophisticated attacks, showing the need for defense teams to implement more automated and integrated approaches.
  • One of our reports showed nearly 60% of all threats shared at least one domain in web filter data, demonstrating the connection of cybercriminal infrastructures to their attack strategies.
  • The proliferation of IoT threats became evident through attacks target IT and also IoT
  • Sophisticated threats were hidden in commonly used attachments in emails to obfuscate anti-evasion techniques.
  • Threat actors focused their efforts on exploiting core web infrastructure and content management systems. 
  • Emotet, a popular and successful banking trojan, launched a service that rents access to devices infected with the Emotet Trojan, meaning the ability for the malware to deliver malicious payloads. 
  • The BlueKeep vulnerability remained potent, indicating many unpatched devices still exist. 
  • Living off the Land (LoTL) techniques made a comeback and allowed cybercriminals to be extra stealthy.
  • Once Coinhive shut down – a cryptocurrency mining service that relied on code installed on Web sites that used some or all of the computing power of any browser that visited the site to mine bits of the Monero cryptocurrency – we saw a significant reduction in the number and volume of cryptomining activities.
  • And more….

The Fortinet Threat Landscape Index

The Fortinet Threat Landscape Index (TLI) relies on sensor data that detects threat variety and volume, serving as a way to measure whether threat activity is growing or declining when benchmarked against the quarter prior. In Q1, the TLI trend line was more volatile than ever, but the overall threat index rose a slight 1% during the quarter. 

The barometer of threat activity hit its highest point ever in Q2 2019. During the quarter, the TLI rose up nearly 4% from its original opening position. Conversely, the threat landscape index remained relatively stable during the third quarter of 2019, seeing slight fluctuations but no major swings. A busy holiday season in Q4 shows promise of sustained activity.

Threat Trends Evident Across Quarters

Several threat trends seemed to persist throughout 2019. The following trends had the biggest impact on the threat landscape throughout the year: 

Remote Desktop Protocol Vulnerabilities

In Q2 and Q3, the BlueKeep vulnerability – which can be combined with the EternalBlue vulnerability to spread laterally across compromised networks – continued to pose a significant threat to remote access services. Flaws in remote desktop services allowed unauthenticated users to connect to and take control of vulnerable systems to steal critical data and credentials, or drop ransomware and other malware. Although patches for these exploits have been developed, it is believed that hundreds of thousands of systems remain vulnerable to exploitation. 

It is important to secure RDP services by disabling the RDP service on systems that do not require it, using strong passwords and account lockouts for protection, and applying any available patches and updates to systems to address known vulnerabilities. 

Hyper-Targeted Ransomware

Ransomware proved to be quite lucrative for cybercriminals throughout 2019. Q1 saw ransomware attacks that became designer in nature, with threat actors tailoring their methods for maximum target destruction. One such variant, LockerGoga, was highly sophisticated and able to execute an attack that took weeks to remediate. In Q2, several high-profile, targeted ransomware incidents further highlighted the importance of malware protection tools and network infrastructure defenses. Then, in Q3, ransomware-as-a-service (RaaS) allowed additional malware authors to follow in the wake of GrandCrab to further spread their ransomware and scale earnings in the process. 

Ransomware incidents from 2019 highlight the fact that this type of cybercrime is becoming more accessible and profitable for a larger pool of bad actors. Integrated security solutions like the Fortinet Security Fabric can help protect organizations against ransomware from all threat vectors. 

Older Vulnerabilities Preferred by Cybercriminals

One of the most important takeaways is that just because new vulnerabilities and exploits are available doesn’t mean that older threats are tossed into the dustbin. In fact, FortiGuard Labs saw more exploits targeting vulnerabilities from 2007 than those from 2018 and 2019 combined. And worse, this was true for every year in between as well.

This is only possible because far too many organizations have failed to adopt a proactive patching and updating strategy that keeps their devices safe from exploits. Part of the reason is due to the rapid adoption of digital innovation that is transforming traditional networks, combined with the growing cybersecurity skills gap, but regardless, failure to maintain basic cybersecurity hygiene protocols have enabled a major security gap that organizations are failing to address.

Final Thoughts

The FortiGuard Labs team collaborates with leading threat monitoring organizations to advise and collect intelligence around emerging cyber threat trends and risks. By identifying and reporting on these trends and vulnerabilities, the team helps protect organizations around the globe from cybersecurity risk through education, technical analysis and research, and actionable intelligence.

Written By Anthony Giandomenico

Powered by Fortinet, Delivered by IT Vortex.

Share this post

questions about our services?

Request a free consultation. Fill out the form and we will call you to answer all your questions



Tech Tips, Cyber Threat Mitigation, Cutting Edge Technology, Cost Savings and More!



 

IT Vortex, LLC is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. You will consent to us contacting you for this purpose, by submitting the form.

Apply for this position

Fill out the form below and our hiring team will reach out to you as soon as possible



zoom-logo

We use Zoom extensively to meet internally and externally. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

wasabi logo

Wasabi is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

vmware logo

Our Datacenter is built on a VMWare architecture. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation. 

veeam green logo

Veeam is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Trend Micro Logo
Solarwinds Logo

Solarwinds is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Proofpoint essentials Logo

Fortinet is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

observe IT Logo

ObserveIT/Fortinet is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

NEAT Logo

We use NEAT extensively in our offices. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

mitel logo

Our telephone platform of choice. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

microsoft logo

Various Microsoft technologies are offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation. 

ingram micro cloud logo

Our distribution preferred partner for our technology offerings.

Fortinet logo

Fortinet is offered in our Cloud Hosting Platform? We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

DTEN logo

We use DTEN extensively in our offices. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Dropbox logo

We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Dell logo

Dell servers are a key component offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Condusiv Technologies logo

Condusiv Technology is offered in our Cloud Hosting Platform? We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Cisco logo

Cisco Technology is offered in our Cloud Hosting Platform via DUO for MFA. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Barracuda Logo

Barracuda Technology is offered in our Cloud Hosting Platform. We are Certified Reseller, we have Certified Implementation Experts on staff, we provide architecture advisory services for a robust implementation.

Amazon_Web_Services_Logo

IT Vortex partners with AWS via VMware for the VMware on AWS offering that allows for cloud services fulfillment via AWS utilizing the same VMware products many companies already enjoy the benefits from.

ACTI Logo

Technology Reseller and Distributor, Certified Implementation Expertise with all ACTi products and services. IT Vortex has worked with ACTi for over a decade implementing security camera solutions for a multitude of industries with AI, Facial Recognition, License Plate Recognition, Loitering Detection, Cloud storage, and more.

questions about our services?

Request a free consultation. Fill out the form and we will call you to answer all your questions



microsoft logo

Name of the partner

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Ut enim ad minim veniam, quis nostrud exercitation ullamco

Security as a Service (SECaaS) by IT Vortex

Pricing Calculator

Choose a service, answer a few simple questions, and receive an individual quote for our services

User count by type

Fill out the form and we will call you to answer all your questions