Although cybercriminals depend on innovation in order to stay ahead of security safeguards, they are still subject to keeping costs under control while maximizing ROI. As a result, genuinely new attacks are not only rare, they are vastly outnumbered by reconfigured malware and the resurrection of old attacks in a new wrapper.
Fortinet’s Global Threat Landscape Report for Q4 of 2018 again gave proof to this, showing that the use of existing malware or the misuse of FOSS (free/open source software) security tools to target organizations grew by 10% over the quarter. At the same time, unique exploits only increased by
5%. The report also highlighted four additional scenarios that should be considered.
1. Adware: Adware has now surpassed one-quarter of all infection types for North America and Oceania, and has nearly hit that mark for Europe. Part of the reason is that adware is increasingly being found in published apps posted to legitimate app stores.
2. Openware Tools: FOSS utilities posted on sharing sites like GitHub provide affordable and flexible solutions for pen testing, event or log management, and malware detection. They usually include open source code and tools so they can be customized for the specific needs of a researcher, trainer, or organization. However, cybercriminals also have access to them, and they are increasingly weaponizing them into new threats, especially ransomware.
3. Steganography: This attack strategy has been around for years, and is used to hide something (malicious code, for example) within something else that seems innocent or innocuous, like a photo or video clip. The strategy is so old that most security professionals have relegated it to the dust bin. However, FortiGuard Labs observed new steganography samples in social media feeds with malicious payloads hidden inside memes. Once loaded,
this malware is then instructed by its C2 server to look for additional images in an associated Twitter feed that contain hidden commands, thereby updating an old attack with a fresh strategy.
4. Convergence of Physical and IP: In an ironic twist, malicious actors are increasingly targeting connected security cameras because they lack the network security protocols necessary for protection. Which is why one-third of the top 12 global exploits identified in the fourth quarter were targeted at IP-enabled security cameras. “Gaining access to IoT IP cameras could allow cybercriminals to snoop on private interactions or
enact malicious on-site activities (like shutting off cameras to make it easier to physically access a restricted areas). They could also use those cameras as a launching pad to break into the network to start distributed denial-of-service attacks, steal proprietary information, initiate a ransomware attack,
and more. Even more concerning, as cybersecurity and physical security continue to merge, compromised IoT security devices can become a conduit to more critical systems such as alarms and fire suppression systems.”
How to Respond
The kind of attack an organization needs to defend against is generally less important than the attack strategy and attack vectors being exploited. Defenses need to evolve to address these new attack strategies, including things like network access control combined with advanced intent-based
segmentation. Going forward, organizations will need to include things like artificial intelligence (AI) and machine learning (ML) to combat new, machine-generated attacks, even when their payloads are relics.
The challenge will be threefold. First, attacks will be faster than ever, especially as networks adopt things like 5G connections in their networks. Second, like network devices, attacks will be interconnected, allowing them to perform coordinated attacks targeting multiple vectors simultaneously. And third, attack scenarios will become more complex as criminal actors adopt new strategies to accelerate and automate attacks while evading detection.
Countering such attacks requires transparent visibility across the entire potential attack surface, including social media and mobile devices, and strong, centralized control for a comprehensive and unified defense strategy. When combined real-time threat intelligence feeds, a unified security fabric strategy enables organizations to spot and defeat the flood of new attacks and attack strategies they continually face.