Fortinet Research Reveals Constantly Changing and Sophisticated Avenues of Attack Targeting Evolving Technology Infrastructure Enabled by a Fast-growing Underground Cybercrime Economy
Banking & Finance received 15 times more hits than the second-placed Information Technology industry in the last three months of 2016. This is 50% of malware exploits in India witnessed while India took a firm stance towards cashless digital economy.
The latest research of Fortneit in its Global Threat Landscape Report covering Q4 2016, reveals the methods and strategies cybercriminals employed in detail and demonstrates the potential future impact to the digital economy.
Fortinet data showed encrypted traffic using SSL stayed steady at about 50% and accounted for roughly half of overall web traffic traversing within an organization.
In terms of total applications detected per organization, the number of cloud applications trended up at 63, which is roughly a third of all applications detected. This trend has significant implications for security since IT teams have less visibility into the data residing in cloud applications, how that data is being used, and who has access to it. Social media, streaming audio and video, and P2P applications did not trend up sharply.
The report explored that in Q4 2016, the industry was reeling from the Yahoo! data breach and Dyn DDoS attack. Before the quarter was halfway done, the records set by both events were not only broken, but doubled. Internet of Things (IoT) devices compromised by the Mirai botnet initiated multiple record-setting DDoS attacks. The release of Mirai’s source code increased botnet activity by 25 times within a week, with activity increasing by 125 times by year’s end.
Mobile malware become a larger problem than before. Though it accounted for only 1.7 percent of the total malware volume, one in five organizations reporting malware encountered a mobile variant, nearly all was on Android.
Michael Joseph, Regional Director – System Engineering, India & SAARC at Fortinet, said, “The cybersecurity challenges facing organizations today are complex with a threat landscape that is rapidly evolving. Threats are intelligent, autonomous, and increasingly difficult to detect, with new ones emerging and old ones returning with enhanced capabilities. In addition, the accessibilty of threat creation tools and services combined with the reward potential is driving the growth of the global cybercrime market into tens of billions of US dollars. To protect themselves, CISOs need to ensure that the data and security elements across all of their environments and devices are integrated, automated, and able to share intelligence, across an organization, from IoT to the cloud.”
H-Worm and ZeroAccess had two of the highest prevalence and volume for botnet families in Asia Pacific. Both give cybercriminals control of affected systems to siphon data or perform click fraud and bitcoin mining. The technology and government sectors faced the highest numbers of attempted attacks by these two families of botnets.
36% of organizations detected botnet activity related to ransomware. TorrentLocker was the winner and Locky placed third.
Two malware families, Nemucod and Agent, went on a crime spree. 81.4 percent of all malware samples captured belonged to just these two families. The Nemucod family is infamously affiliated with ransomware. In Asia Pacific, the majority of malware infections are related to ransomware droppers such as Nemucod.
Ransomware was present in all regions and sectors, but particularly widespread in healthcare institutions. This remains significant because when patient data is compromised the ramifications can be much more severe, as it has greater longevity and personal value than other types of data, affirmed the report.