Fortinet has recently announced the findings of its latest quarterly Global Threat Landscape Report.
- The research of Fortinet reveals that cybercriminals continue to look for new attack opportunities throughout the digital attack surface. At the same time, they are shifting attack vectors such as targeting publicly available edge services to counter training and education efforts by organizations that address popular tactics such as phishing.
- The Threat Landscape Index remained relatively consistent during the quarter. There were fluctuations but no significant swings. Regardless, organizations should not let their guard down, instead the index demonstrates consistent and sustained cybercriminal activity.
Shifting Tactics to Catch Organizations By Surprise: The majority of malware is delivered via email, therefore many organizations have been aggressively addressing phishing attacks with end user training and advanced email security tools. As a result, cybercriminals are expanding their ability to deliver malicious malware through other means. These include targeting publicly facing edge services such as web infrastructure, network communications protocols, as well as bypassing ad blocker tools to open attack vectors that don’t rely on traditional phishing tactics. For example, this quarter FortiGuard Labs saw attacks against vulnerabilities that would allow the execution of code remotely targeting edge services, at the top in terms of prevalence amongst all regions. Although this tactic is not new, changing tactics where defenders may not be as closely watching can be a successful way to catch organizations off guard and increase chances for success. This can be especially problematic ahead of a busy online shopping season when online services will experience increased activity.
Maximizing Earning Potential: Following in the footsteps of the lucrative GandCrab ransomware, which was made available on the dark web as a Ransomware-as-a-Service (RaaS) solution, cybercriminal organizations are launching new services to expand their earning potential.
Refining Malware for Success: Expanding on these approaches, cybercriminals are also refining malware to evade detection and deliver increasingly sophisticated and malicious attacks, such as the evolution of the Emotet malware. This is a troubling development for organizations as cybercriminals increasingly use malware to drop other payloads on infected systems to maximize their opportunities for financial gain.
For more info, click here