sb-nz logo
Story image

IoT attacks, ransomware, and steganography? Fortinet looks at the latest cybercrime trends

12 Mar 2018

IoT attacks, ransomware, industrial malware and steganography appeared to be some of the hottest cybercrime trends in Q4 2017 according to Fortinet’s Global Quarterly Threat Landscape Report.

Attacks increased compared to the previous quarter while in Asia Pacific, new malware variants and ransomware droppers were the most prevalent of malware.

Globally, an average of 274 exploit detections per firm were detected, an 82% increase over the previous quarter. Malware families increased by 25% and unique variants increased 19%.

One of the report’s most striking conclusions included the use of stenography in attacks – this is when an attack embeds malicious code in images.

Fortinet says that stenography as an attack vector has not had too much visibility in the last several years but it could be the start of a resurgence.

The Sundown exploit kit, which uses stenography to steal information, was one of the most reported exploits in Q4. It was found dropping multiple ransomware variants.

Other ransomware continued to be prevalent and the infamous Locky ransomware reigned supreme. A second strain of Locky emerged as part of a spam campaign that eventually resulted in ransom demands.

“The volume, sophistication, and variety of cyber threats continue to accelerate with the digital transformation of our global economy,” comments Fortinet’s CISO Phil Quade.

“Cybercriminals have become emboldened in their attack methods as they undergo a similar transformation, and their tools are now in the hands of many.”

Encrypted traffic using HTTPS and SSL grew as a percentage of total network traffic to a high of nearly 60% on average. While encryption can certainly help protect data in motion as it moves between core, cloud, and endpoint environments, Fortinet says it poses a challenge for traditional security solutions.

Meanwhile, three of the top 20 attacks targeted IoT devices including WiFi cameras. Botnets like Reaper and Hajime are able to target multiple vulnerabilities simultaneously.

The success of such attacks has been evident in Reaper’s exploit volume, which jumped from 50,000 exploits to more than 2.7 million for a few days before dropping back to normal levels.

In Asia Pacific, the top prevalent exploits detected exhibits a similar pattern, Fortinet says.

“Exploits targeting the Apache Struts and IP camera/DVR vulnerabilities make up some of the top exploits detected in APAC for Q4 2017 as well. IP camera/DVR vulnerabilities in APAC are quite prevalent as these devices are popular, available at low cost, but do not have sufficient security designed into them.”

Exploits against industrial control systems and safety instrumental systems suggest an increase in industrial malware. Fortinet suggests that these attacks are climbing higher on attackers’ radars.

 “The stark reality is that traditional security strategies and architectures simply are no longer sufficient for a digital-dependent organisation. There is incredible urgency to counter today’s attacks with a security transformation that mirrors digital transformation efforts. Yesterday’s solutions, working individually, are not adequate. Point products and static defenses must give way to integrated and automated solutions that operate at speed and scale,” Quade concludes.

Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
AvePoint brings Salesforce Cloud Backup to channel partners
The product adds to the AvePoint suite of trusted Cloud Backup for Microsoft 365 and Dynamics 365 to provide managed service providers with backup and restore capabilities across multiple, popular SaaS providers.More
Story image
Enterprises underutilising security tools, causing teams to burn out
The report unveiled a lack of meaningful ROI metrics when reporting on security progress, as well as disparate opinions on objectives, tool effectiveness and security awareness amongst the organisation between executives and operations on security teams.More
Story image
Hackers offering forged “official” COVID vaccination certificates and negative test results on dark net 
There has been a 350% increase in the number of advertisements selling alleged COVID vaccines within the last three months.More
Story image
Imperva unveils new data security platform built for cloud
"The cloud has revolutionised IT, offering organisations a strategic opportunity to rapidly pursue new market initiatives and adapt their operations in the face of new business challenges."More
Story image
rhipe acquires emt Distribution, with aim to expand into enterprise market
The acquisition will enable rhipe to deliver a comprehensive portfolio of end-to-end security capabilities to its partners, the company says.More