Story image

2018 proves to be a mixed bag of severe cyber threats, report finds

17 Sep 18

2018 is turning out to be a bumpy year for businesses who are battling the onslaught of cyber attacks – and a bumper year for the attackers.

That’s according to Fortinet’s Threat Landscape Report for Q2 2018, which found that although no single breach dominated the cyber zeitgeist, there was still plenty of activity going on.

There are more than 100,000 known vulnerabilities that are open to exploitation from attackers, of which 5898 (5.7%) were exploited in the wild, the report says.

Fortinet’s FortiGuard detected 30 zero-day (previously unknown) vulnerabilities, but many exploits took advantage of known vulnerabilities in Microsoft Office (CVE 2017-11882), Apache Struts (CVE-2017-5638), and Oracle WebLogic Server (CVE-2017-10271, CVE-2017-3506).

Malware variants multiply by the tens of thousands

Across the globe, Fortinet recorded 23,945 unique malware variants and 4856 different malware families. Businesses were plagued with malware with an average of 13 unique daily detections per firm.

With the rise of cryptojacking as a serious concern, it’s no surprise that 23.3% of detections were related to cryptojacking malware.

“Cryptojacking activity continued to increase globally, but not relative to the growing volume of malware overall. As with any market, such fluctuations may be attributable to the forces of supply and demand,” the report says.

There’s also an interesting development in the agile development of malware. While malware authors have previously relied on polymorphic techniques to avoid detection, that’s not working so well anymore. Now those authors have switched to agile development, which means they’re always working against the latest anti-malware tactics.

Botnets hook victims for 24 hours - and longer

Over Q2, Fortinet detected 265 unique botnets, including one of the most prevalent and pervasive variants, Gh0st.RAT.

For every firm there were an average of 1.8 botnets operating. Infections can last from one day to more than one week.

While there are fewer botnets than malware variants, it doesn’t mean botnets are any less dangerous. There are fewer botnets simply because ‘good botnets are custom built to last’, Fortinet says.

You can stay up-to-date with all the latest threats, including botnets with Fortinet's Weekly Threat Intelligence Brief.

Be honest about your weak points

According to Fortinet, there’s little point trying to keep organisational weak points locked away and hidden. Penetration tests, privileged users, and vulnerability reports all offer opportunities, but they also pose threats to business.

What organisations should focus on is a proactive and integrated approach to network security that enables transparency, network visibility, automation, and works with compliance requirements.

Fortinet’s FortiGuard threat intelligence keeps a close eye on the latest known and emerging vulnerabilities and protect its customers from malicious attacks.  

To find out how you can protect your own organisation from these attacks, click here to find out more.

What MSPs can learn from Datto’s Channel Ransomware Report
While there have been less high profile attacks making the headlines, the frequency of attacks is, in fact, increasing.
Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
Kiwis losing $24.7mil to scam calls every year
The losses are almost five times higher compared to the same period last year, from reported losses alone.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why Australian enterprises are prime targets for malware attacks
"Only 14% of Australian organisations are continuously training employees to spot cyber attacks."
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
"Is this for real?" The reality of fraud against New Zealanders
Is this for real? More often than not these days it can be hard to tell, and it’s okay to be a bit suspicious, especially when it comes to fraud.