SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
What's the biggest threat? There's no easy answer, Fortinet finds
Tue, 4th Apr 2017
FYI, this story is more than a year old

“What's my biggest threat?” There is no one answer to that question, according to Fortinet's latest Global Threat Landscape report.

Q4 2016 was full of old threats, automated and high-volume threats. The majority of attacks on Asia Pacific actually came through IoT-based vulnerabilities in home routers.

Many home routers are manufactured and deployed in Asia Pacific, which means most attacks also occur in the same region, the report says. DVRs and NVRs were also in the top three globally.

IoT devices are also popular commodities for attackers. Fortinet says that those attackers are building their own ‘armies of things', allowing for cheap, fast and large replication of attacks.

Globally, the Mirai botnet that targeted IoT devices set records for DDoS attacks, according to the report. The release of the botnet's source code multiplied botnet activity 25 times in a week, and 125 times by the year's end.

H-Worm and ZeroAccess were two of the most active automated botnet families in Asia Pacific. They most actively targeted the technology and government sectors. They enable attackers to steal data or perform click fraud and bitcoin mining.

The report says there is a correlation between exploit volume and prevalence, which implies that attack automation is on the rise, lowering costs for exploit tools across the dark web.

SQL Slammer was the most severe of the exploits. It mostly targets educational institutions. Brute force attacks on Microsoft Remote Desktop Protocol ranked second, launching requests at a rate of 200 times every 10 seconds.

Third on the list is a signature tied to a memory corruption vulnerability in Windows File Manager. It allows a remote attacker to run arbitrary code within vulnerable applications with a jpeg file.

“The accessibility of threat creation tools and services combined with the reward potential is driving the growth of the global cybercrime market into tens of billions of US dollars,” comments Fortinet's CISO, Phil Quade.

Mobile malware is also on the increase. While it only accounts for 1.7% of all malware, 1/5 of organisations reported a mobile variant - and most of these variants were across Android. 23% of mobile malware attacks occurred in Asia.

The Nemucod and Agent malware families accounted for 81.4% of all malware samples. Nemucod,  most famous for its ransomware activities, is most common in Asia Pacific.

Ransomware is still causing havoc across all organisations, but Fortinet says it's especially widespread in the healthcare sector.

Turning attention towards infrastructure, Fortinet says that organisations are using more cloud applications, at around 63 per organisation. This means IT teams have less visibility in terms of what data is in the cloud, how it is being used and who has access to it.

“To protect themselves, CISOs need to ensure that the data and security elements across all of their environments and devices are integrated, automated, and able to share intelligence, across an organisation, from IoT to the cloud,” Quade says.

Fortinet also believes that HTTPS traffic usage will be important. The company says it's a positive step for privacy, but also makes it difficult to detect threats that are hiding in encrypted communications.

The company says SSL traffic accounts for 50% of encrypted traffic. However it is often uninspected because there is not enough processing power to open, inspect and re-encrypt traffic. This results in a tradeoff between security and performance.