Fortinet released the findings of the latest semiannual Global Threat Landscape Report by FortiGuard Labs, the company's research body. Threat intelligence collected by FortiGuard Labs during the second half of 2020 shows an unprecedented cyber threat landscape where cyber adversaries maximized the constantly expanding attack surface to launch cyberattacks around the world.
Adversaries proved to be highly adaptable, creating waves of sophisticated and disruptive attacks. They targeted the abundance of remote workers or learners outside the traditional network, but also showed renewed agility in attempts to target digital supply chains and even the core network.
Onslaught of Ransomware Continues: FortiGuard Labs data shows a sevenfold increase in overall ransomware activity compared to the first half of 2020, with multiple trends responsible for the increase in activity. The evolution of Ransomware-as-a-Service (RaaS), a focus on big ransoms for big targets, and the threat of disclosing stolen data if demands were not met combined to create conditions for this massive growth.
The most active of the ransomware strains tracked were Conti, Ryuk, Egregor, Phobos/EKING, WastedLocker, Ragnar, Thanos and BazarLoader. The sectors that were the primary targets of ransomware attacks included healthcare, professional services, consumer services, the public sector, and financial services institutions. To effectively deal with the evolving risk of ransomware, organizations will need to ensure that they have capabilities enabling timely, complete, and secure off-site data backups. Also, they should invest in Zero-trust access and segmentation strategies to minimize the risks.
Supply Chain Takes Center Stage: Supply chain attacks have a long history, but the SolarWinds breach raised the discussion to new heights. As the attack unfolded, a significant amount of information was shared by affected organizations. FortiGuard Labs monitored this emerging intelligence closely, using it to create indicators of compromise (IoCs) to detect activity connected to the attack.
Detections of communications with internet infrastructure associated with SUNBURST during December 2020 demonstrates that the campaign was global in nature, with the "Five Eyes" alliance of countries exhibiting very high rates of traffic matching malicious IoCs. There is also evidence of possible spillover targets that emphasizes the interconnected scope of modern supply chain attacks and the importance of risk management.
Adversaries Target Online Activity: According to the report's findings, an examination of the most prevalent malware categories reveals the most popular techniques cybercriminals use to establish a foothold within organizations. The top attack target was Microsoft platforms, leveraging documents many people use during a typical workday. Web browsers continued to be another battlefront.
This HTML category included malware-laden phishing sites and scripts that inject code or redirect users to malicious sites. These types of threats inevitably rise during times of global problems or periods of significant online commerce. Employees who typically benefit from web-filtering services when browsing from the corporate network continue to find themselves more exposed when doing so outside that protective filter.
The Home Branch Office Continues to Serve as a Target: The barriers between home and office eroded significantly in 2020, meaning that targeting the home puts cybercriminals one step closer to the corporate network. In the second half of 2020, exploits targeting Internet of Things (IoT) devices were the most popular. Each IoT device introduces a new network "edge" that needs to be defended and requires security monitoring and enforcement at every one of these devices.
New Hostile Actors Join Global Stage: Advanced Persistent Threat (APT) groups continue to exploit the COVID-19 pandemic in a variety of ways, with the most common among them including attacks focused on gathering personal information in bulk, stealing intellectual property, and nabbing intelligence aligned with the APT group’s national priorities.
As the end of 2020 neared, there was an increase in APT activity targeting organizations involved in COVID-19-related activity including vaccine research and development of domestic or international healthcare policies related to the pandemic. These organizations included government agencies, pharmaceutical companies and medical research companies.
Flattening the Curve of Vulnerability Exploits: Patching and remediation of vulnerabilities are top priorities for organizations as cybercriminals continue to attempt to exploit vulnerabilities for their personal benefit. Tracking the progression of over 1,500 exploits over the last two years revealed how fast and how far exploits propagate. Even though it is not always the case, it seems that most exploits do not seem to spread far very fast.
Among all exploits tracked over the last two years, only 5% were detected by more than 10% of organizations. With all things being equal, if a vulnerability is picked at random, data shows there is about a 1-in-1,000 chance that an organization will be attacked. According to the findings of the report, about 6% of exploits hit more than 1% of firms within the first month, and even after one year, 91% of exploits have not crossed that 1% threshold. Regardless, there is a need to consider focusing remediation efforts on vulnerabilities with known exploits, and among those, prioritizing the ones propagating most quickly.
Ofer Israeli, Country Manager Israel at Fortinet, said "Organizations face a threat landscape with attacks on all fronts. Threat intelligence remains central to understanding these threats and how to defend against evolving threat vectors. Visibility is also critical, particularly when a huge number of users are outside the regular network. Every device creates a new network edge that must be monitored and secured."
"The use of artificial intelligence and automated threat detection can enable organizations to address attacks immediately, not later, and are necessary to reduce the speed and scale of attacks across all edges of the network. Also, users need be trained in cybersecurity awareness as cyber hygiene is not just the domain of IT and security teams. Everyone needs regular training on best practices to keep the employees and the organization secure."
Derek Manky, Chief, Security Insights & Global Threat Alliances at FortiGuard Labs, said that "2020 witnessed a dramatic cyber threat landscape from beginning to end. Although the pandemic played a central role, as the year progressed cyber adversaries evolved attacks with increasingly disruptive outcomes. They maximized the expanded digital attack surface beyond the core network, to target remote work or learning, and the digital supply chain."
"Cybersecurity risk has never been greater as everything is interconnected in a larger digital environment. Integrated and AI-driven platform approaches, powered by actionable threat intelligence, are vital to defend across all edges and to identify and remediate threats organizations face today in real time.”