Story image

IoT attacks, ransomware, and steganography? Fortinet looks at the latest cybercrime trends

12 Mar 2018

IoT attacks, ransomware, industrial malware and steganography appeared to be some of the hottest cybercrime trends in Q4 2017 according to Fortinet’s Global Quarterly Threat Landscape Report.

Attacks increased compared to the previous quarter while in Asia Pacific, new malware variants and ransomware droppers were the most prevalent of malware.

Globally, an average of 274 exploit detections per firm were detected, an 82% increase over the previous quarter. Malware families increased by 25% and unique variants increased 19%.

One of the report’s most striking conclusions included the use of stenography in attacks – this is when an attack embeds malicious code in images.

Fortinet says that stenography as an attack vector has not had too much visibility in the last several years but it could be the start of a resurgence.

The Sundown exploit kit, which uses stenography to steal information, was one of the most reported exploits in Q4. It was found dropping multiple ransomware variants.

Other ransomware continued to be prevalent and the infamous Locky ransomware reigned supreme. A second strain of Locky emerged as part of a spam campaign that eventually resulted in ransom demands.

“The volume, sophistication, and variety of cyber threats continue to accelerate with the digital transformation of our global economy,” comments Fortinet’s CISO Phil Quade.

“Cybercriminals have become emboldened in their attack methods as they undergo a similar transformation, and their tools are now in the hands of many.”

Encrypted traffic using HTTPS and SSL grew as a percentage of total network traffic to a high of nearly 60% on average. While encryption can certainly help protect data in motion as it moves between core, cloud, and endpoint environments, Fortinet says it poses a challenge for traditional security solutions.

Meanwhile, three of the top 20 attacks targeted IoT devices including WiFi cameras. Botnets like Reaper and Hajime are able to target multiple vulnerabilities simultaneously.

The success of such attacks has been evident in Reaper’s exploit volume, which jumped from 50,000 exploits to more than 2.7 million for a few days before dropping back to normal levels.

In Asia Pacific, the top prevalent exploits detected exhibits a similar pattern, Fortinet says.

“Exploits targeting the Apache Struts and IP camera/DVR vulnerabilities make up some of the top exploits detected in APAC for Q4 2017 as well. IP camera/DVR vulnerabilities in APAC are quite prevalent as these devices are popular, available at low cost, but do not have sufficient security designed into them.”

Exploits against industrial control systems and safety instrumental systems suggest an increase in industrial malware. Fortinet suggests that these attacks are climbing higher on attackers’ radars.

 “The stark reality is that traditional security strategies and architectures simply are no longer sufficient for a digital-dependent organisation. There is incredible urgency to counter today’s attacks with a security transformation that mirrors digital transformation efforts. Yesterday’s solutions, working individually, are not adequate. Point products and static defenses must give way to integrated and automated solutions that operate at speed and scale,” Quade concludes.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.