SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
IoT attacks, ransomware, and steganography? Fortinet looks at the latest cybercrime trends
Mon, 12th Mar 2018
FYI, this story is more than a year old

IoT attacks, ransomware, industrial malware and steganography appeared to be some of the hottest cybercrime trends in Q4 2017 according to Fortinet's Global Quarterly Threat Landscape Report.

Attacks increased compared to the previous quarter while in Asia Pacific, new malware variants and ransomware droppers were the most prevalent of malware.

Globally, an average of 274 exploit detections per firm were detected, an 82% increase over the previous quarter. Malware families increased by 25% and unique variants increased 19%.

One of the report's most striking conclusions included the use of stenography in attacks – this is when an attack embeds malicious code in images.

Fortinet says that stenography as an attack vector has not had too much visibility in the last several years but it could be the start of a resurgence.

The Sundown exploit kit, which uses stenography to steal information, was one of the most reported exploits in Q4. It was found dropping multiple ransomware variants.

Other ransomware continued to be prevalent and the infamous Locky ransomware reigned supreme. A second strain of Locky emerged as part of a spam campaign that eventually resulted in ransom demands.

“The volume, sophistication, and variety of cyber threats continue to accelerate with the digital transformation of our global economy,” comments Fortinet's CISO Phil Quade.

“Cybercriminals have become emboldened in their attack methods as they undergo a similar transformation, and their tools are now in the hands of many.

Encrypted traffic using HTTPS and SSL grew as a percentage of total network traffic to a high of nearly 60% on average. While encryption can certainly help protect data in motion as it moves between core, cloud, and endpoint environments, Fortinet says it poses a challenge for traditional security solutions.

Meanwhile, three of the top 20 attacks targeted IoT devices including WiFi cameras. Botnets like Reaper and Hajime are able to target multiple vulnerabilities simultaneously.

The success of such attacks has been evident in Reaper's exploit volume, which jumped from 50,000 exploits to more than 2.7 million for a few days before dropping back to normal levels.

In Asia Pacific, the top prevalent exploits detected exhibits a similar pattern, Fortinet says.

“Exploits targeting the Apache Struts and IP camera/DVR vulnerabilities make up some of the top exploits detected in APAC for Q4 2017 as well. IP camera/DVR vulnerabilities in APAC are quite prevalent as these devices are popular, available at low cost, but do not have sufficient security designed into them.

Exploits against industrial control systems and safety instrumental systems suggest an increase in industrial malware. Fortinet suggests that these attacks are climbing higher on attackers' radars.

 “The stark reality is that traditional security strategies and architectures simply are no longer sufficient for a digital-dependent organisation. There is incredible urgency to counter today's attacks with a security transformation that mirrors digital transformation efforts. Yesterday's solutions, working individually, are not adequate. Point products and static defenses must give way to integrated and automated solutions that operate at speed and scale,” Quade concludes.