Story image

2018 proves to be a mixed bag of severe cyber threats, report finds

17 Sep 2018

2018 is turning out to be a bumpy year for businesses who are battling the onslaught of cyber attacks – and a bumper year for the attackers.

That’s according to Fortinet’s Threat Landscape Report for Q2 2018, which found that although no single breach dominated the cyber zeitgeist, there was still plenty of activity going on.

There are more than 100,000 known vulnerabilities that are open to exploitation from attackers, of which 5898 (5.7%) were exploited in the wild, the report says.

Fortinet’s FortiGuard detected 30 zero-day (previously unknown) vulnerabilities, but many exploits took advantage of known vulnerabilities in Microsoft Office (CVE 2017-11882), Apache Struts (CVE-2017-5638), and Oracle WebLogic Server (CVE-2017-10271, CVE-2017-3506).

Malware variants multiply by the tens of thousands

Across the globe, Fortinet recorded 23,945 unique malware variants and 4856 different malware families. Businesses were plagued with malware with an average of 13 unique daily detections per firm.

With the rise of cryptojacking as a serious concern, it’s no surprise that 23.3% of detections were related to cryptojacking malware.

“Cryptojacking activity continued to increase globally, but not relative to the growing volume of malware overall. As with any market, such fluctuations may be attributable to the forces of supply and demand,” the report says.

There’s also an interesting development in the agile development of malware. While malware authors have previously relied on polymorphic techniques to avoid detection, that’s not working so well anymore. Now those authors have switched to agile development, which means they’re always working against the latest anti-malware tactics.

Botnets hook victims for 24 hours - and longer

Over Q2, Fortinet detected 265 unique botnets, including one of the most prevalent and pervasive variants, Gh0st.RAT.

For every firm there were an average of 1.8 botnets operating. Infections can last from one day to more than one week.

While there are fewer botnets than malware variants, it doesn’t mean botnets are any less dangerous. There are fewer botnets simply because ‘good botnets are custom built to last’, Fortinet says.

You can stay up-to-date with all the latest threats, including botnets with Fortinet's Weekly Threat Intelligence Brief.

Be honest about your weak points

According to Fortinet, there’s little point trying to keep organisational weak points locked away and hidden. Penetration tests, privileged users, and vulnerability reports all offer opportunities, but they also pose threats to business.

What organisations should focus on is a proactive and integrated approach to network security that enables transparency, network visibility, automation, and works with compliance requirements.

Fortinet’s FortiGuard threat intelligence keeps a close eye on the latest known and emerging vulnerabilities and protect its customers from malicious attacks.  

To find out how you can protect your own organisation from these attacks, click here to find out more.

Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.