Firewall News

Top Menu

  • Home
  • Our Blog
  • Contact Us

Main Menu

  • Software Updates
  • Alerts & Bugs
  • Out of the Box
  • Home
  • Our Blog
  • Contact Us

Firewall News

Firewall News

  • Software Updates
    • WatchGuard logo

      TDR 6.0.0 is now integrated into WatchGuard Cloud

      04/01/2021
      0
    • Sophos Logo

      XG Firewall 17.5 MR14 Released

      30/07/2020
      0
    • Sophos Logo

      Sophos Firewall Manager SFM 17.1 MR4 Released

      27/07/2020
      0
    • Sophos Logo

      Sophos Enterprise console - Endpoint Security and Control v10.8.9 for Windows has ...

      16/07/2020
      0
    • Sophos Logo

      Sophos iView v3 MR-2 Released

      07/07/2020
      0
    • Sophos Logo

      SD-RED Firmware 3.0.002 Pattern Update

      06/07/2020
      0
    • Sophos Logo

      XG Firewall 17.5 MR13 Released

      06/07/2020
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for old firmware v17 and v17.1 for XG Firewall

      03/07/2020
      0
    • WatchGuard logo

      Fireware 12.5.4 Now Available

      01/07/2020
      0
  • Alerts & Bugs
    • Sophos Logo

      Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

      29/03/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Updates

      03/03/2022
      0
    • WatchGuard logo

      WatchGuard Support Alert

      23/02/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Reminder

      03/02/2022
      0
    • Sophos Logo

      Sophos: Product Lifecycle Information: Extended Support for Windows 7 and Windows Server ...

      31/01/2022
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for Sophos SSL VPN Client

      29/11/2021
      0
    • WatchGuard logo

      WatchGuard: macOS Monterey 12.0.1 Does Not Support the AuthPoint Logon App

      09/11/2021
      0
    • Sophos Logo

      Sophos UTM Manager (SUM) End of Distribution

      04/11/2021
      0
    • WatchGuard logo

      WatchGuard: End of Sale Notice: AP420

      01/11/2021
      0
  • Out of the Box
    • WatchGuard’s Firebox T80 Earns 5-Star Rating in SC Labs Review

      17/11/2020
      0
    • WatchGuard Wins Big in CRN 2020 Tech Innovator Awards

      16/11/2020
      0
    • Coronavirus scams: what to look for and how to stop them

      02/04/2020
      0
    • Dell SonicWALL TZ 300

      Out the Box - Dell SonicWALL TZ 300

      05/07/2016
      0
    • Dell SonicWALL TZ SOHO

      Out the Box - Dell SonicWALL TZ SOHO

      05/07/2016
      0
    • WatchGuard Firebox T50

      WatchGuard Firebox T50

      31/03/2016
      0
    • WatchGuard Firebox M200

      WatchGuard Firebox M200

      31/03/2016
      0
News
Home›News›Fortinet Mid-year 2017 Predictions Update

Fortinet Mid-year 2017 Predictions Update

By admin
08/08/2017
1963
0
Share:
Fortinet Predictions Update

Our 2017 Security Predictions article was titled The Year of Accountability. In it, I reviewed the security trends of 2016 and wrote, “If something isn’t done, there is a real risk of disrupting the emerging Digital Economy. The need for accountability at multiple levels is urgent and real.”

Smart to Smarter

The first half of 2017 has shown that this is more of a concern than ever. New attacks, built on the technology foundations and successes established over the past couple of years, are now smarter and more sophisticated than ever. Let’s take a look at a few of those that we had highlighted in our 2017 predictions report.

Shadownet

Last summer we saw the launch of the largest DDoS attack in history, using an IoT-based shadownet, which is a term we use to describe IoT botnets that can’t be seen or measured using conventional tools. The Mirai shadownet was built using millions of vulnerable IoT devices, and was used to bring down a large chunk of the Internet. Interestingly, while its biggest surge was during the summer of 2016, we have continued to see the Mirai exploit continue to target vulnerable systems ever since.

While its effects were unprecedented, we predicted that Mirai was not an end in itself, but was primarily launched to test its capabilities, and that we would see an increasingly sophisticated use of these swarms of compromised devices. And we were right. The Hajime ransomworm is the successor to Mirai. While it has the same basic foundation, it is significantly more sophisticated. Unlike Mirai, which was basically a blunt instrument, Hajime has a lot of sophisticated cybertools built in. Like Mirai, it is also IoT focused, but it is also cross-platform. Hajime currently supports five different platforms, includes a toolkit with automated tasks, and maintains a dynamic password lists that is remotely updatable. It can also download other code, like brickerbot.

The holy grail of network development is to achieve 99% automation. Unfortunately, this is also the goal of the bad guys. And Hajime includes a lot of automated tools. To evade detection, for example, Hajime is designed to be less noisy in order to stay under the detections radar by using things like traffic and behavior thresholds to mimic human behavior.

One of its most alarming features is an embedded tool designed to remove rules. For example, it attempts to remove firewall rules used to detect this kind of malware. It also targets ISPs and MSSPs by identifying CPE devices and the CPE LAN Management Protocol and attempting to remove the rules that allow the CPE device to talk to the service provider. Imagine a service provider with millions of devices that all go dark, and with no heartbeat to see, control, or manage these devices. This is a nightmare scenario that can not only deny services, but can also trigger parallel issues, like flooding help desks with calls from frustrated customers.

Hajime has primarily targeted Taiwan and the US, with over a million hits recorded

And unlike Mirai, which only had a single C&C server that made it rather easy to shut down Hajime uses a P2P command and control system that allows it to be really resilient. The challenge, of course, is that the more platforms, code, and binaries you support, the more difficult it is to maintain a tool like this. But once you solve that problem, your reach expands exponentially.

Another IoT botnet to recently emerge is called Persirai that targets Internet IP cameras. This latest development comes on the heels of Mirai and Hajime. Persirai uses a password stealing vulnerability to start performing authenticated commands. This is another example of a “hot exploit” because once an IP camera has been infected it begins to attack other IP Cameras by exploiting a zero-day vulnerability that was made public only a few months ago. While the number of incidents is still relatively low, its automated infection behavior has allowed it to target a wide range of industries.

The point is, in the IoT world we are seeing the evolution of exploit techniques (from smart to smarter) — including password stealing, and then leveraging these passwords to hack additional systems. It’s a process that human attackers would typically use that has now been automated.

Of course, automation means that attacks not only come at us faster, they also reduce the time between breach and impact, and can learn how to avoid detection. We can no longer afford to hand correlate threat data to detect threats or respond at anything less than machine speeds. In the ongoing cyberwar, enterprises today need to be able to fight automation with automation, which means they need to deploy integrated expert security systems that can automatically collect, correlate, share, and respond to threats in a coordinated fashion, anywhere across the distributed network ecosystem, from IoT to the cloud.

Ransomware

Like IoT-based shadownets, ransomware is also getting smarter. Fortinet’s recent Threat landscape report documented an increase in DVR signatures in its attack trends section. And more concerning, the two attack strategies are beginning to converge in order to deny access to, and ransom, services. Scalability has previously been a limiting factor in this sort of attack, but Hajime automates the process to build an automated smart infrastructure to deliver this threat.

While healthcare remains in the crosshairs for ransomware based attacks, we are seeing ransom-based attacks evolve. Healthcare is not the only vulnerable target. We are beginning to see the ransoming of high-value services, and not just the encrypting of data. To stay ahead of the curve on this, organizations need to start now by identifying and documenting digital assets, including services. The question that needs to be asked is if these services go off line, how much will it cost you?

Once the process is automated, attackers won’t be limited to targeting specific industries. While some may think that WannaCry was a targeted ransomware attack, it was more like wildfire, destroying everything in its path. But like Mirai, Wannacry was a beta version. Petya, which followed right on its heels, may have had minimal impact, but it was a much more sophisticated variant of WannaCry’s original ransomworm.

The denial of access to critical services is not just the Achilles heel of the healthcare industry. Industrial systems, such as modern windmills, are now being attacked for ransom. The loss of a windmill can cost upwards of $30,000 a day. If an attacker is able to infiltrate and shut enough of these down, the targeted energy provider is likely to pay out a huge ransom to get them back online. Critical equipment related to modern farming likewise generates significant revenue, and we are already starting to see cases in that industry of the ransom of services (IOT/ICS). Attacks like these – that target critical infrastructure based on new, interconnected technologies – are likely to grow as part of the next generation of ransom-based attacks.

In addition to attacks targeting industries with huge social ramifications, we are also seeing the rise in micro attacks, made possible now because of smarter, automated attacks. How much would you pay to regain access to your laptop, or even your Smart TV or home security system? Or to turn your refrigerator back on?

The ransomware model is effective, and we will continue to see more of these as attack and evasion techniques are improved and refined. The key takeaway is that once the bugs get worked out of these new sorts of attacks, any industry that gets targeted will experience devastating consequences.

Hot Exploits

An interesting common denominator to a lot of the attacks we have seen the past six months has been that hackers are spending less time on developing new ways to break into a system, and more on the delivery and stealth mechanisms for their attack. That’s because they are still seeing a lot of success in using hot exploits for their attack vector, which is the act of targeting a vulnerability that hasn’t had enough time to be broadly patched or updated. The WannaCry ransomworm, for example, targeted a vulnerability that had only had a patch available for a couple of months.

For whatever reason, one of the primary causes of the success of hackers is poor security hygiene. Networks are expanding and evolving rapidly, crossing over different domains and environments. Speed and efficiency are business critical, which means that there is zero tolerance for ay device downtime. As a result, vulnerable devices are not being tracked, updated, or replaced.

But because networks are now highly meshed and hyperconnected environments, vulnerable devices now represent even more potential risk. Take the emergence of smart cities for an example. An unsecured and unpatched server may become a conduit for attacks that shut down things like traffic control systems or emergency services. And as critical infrastructure networks mesh with smart city scenarios, the potential for trouble increases exponentially.

IoT Manufacturer Accountability

IoT devices and infrastructure simply complicate the problem. They introduce more platforms into an already crowded network. Because they tend to be highly mobile, they also create a new management nightmare when it comes to patching them. And because so many IoT devices have software and communications protocols hard-coded into them, there are actually few patches to apply to vulnerable systems because many simply can’t be patched.

Not only are IoT manufacturers notorious for connecting millions of mass produced-devices to the internet using poorly written and highly vulnerable code, but this code is also shared freely between manufacturers. Which means a single vulnerability can be compounded across hundreds of different devices from dozens of different manufacturers.

Which makes new exploits like Devils’ Ivy even more dangerous. Devil’s Ivy is an exploit that targets a vulnerability found in a piece of code called gSOAP that is used in physical security devices such as cameras and card readers. At least 34 different companies who manufacture IoT devices use this code in literally thousands of different device models, representing millions of deployed devices.

Unfortunately, when it comes to IoT, this sort of embedded and widely distributed vulnerability is far from unique. And as hot exploits continue to be combined with effective distribution mechanisms, such as fast-spreading worms, we could be looking at one cyber-wildfire after another spreading across the globe.

Of course, these challenges are not going unnoticed.  Right now, manufacturers are in the early stages of addressing this problem, which means they are flooding the market with proposals for standards. Confusion and competition makes it difficult to even properly label IoT devices regarding levels of security or how consumers can best protect themselves, their devices, and their data. The clock is ticking, however. Because the next step is to hold manufacturers accountable for selling solutions that can be easily exploited.

Recently, U.S. Senators Mark R. Warner (D-VA) and Cory Gardner (R-CO), co-chairs of the Senate Cybersecurity Caucus, introduced a new bipartisan bill known as the ‘Internet of Things (IoT) Cybersecurity Improvement Act of 2017.’ This bill prescribes that devices purchased by the U.S. government must meet minimum security requirements, and that vendors who supply the U.S. government with IoT devices have to ensure that their devices are patchable, do not include hard-coded passwords that can’t be changed, are free of known security vulnerabilities, as well as other basic security requirements.

And California Senate Bill 327 mandates that all IoT devices have built-in security features appropriate to the device and information collected, and allows consumers and agencies to bring enforcement complaints against those companies that do not build adequate security safeguards into their devices. This law has teeth, and because California is such a massive economy, its passage could significantly impact the entire IoT industry.

This is the latest in a trend of legislative and regulatory efforts by state and federal authorities to hold IoT device makers more accountable for consumer data security. The alternative is to continue to feed the growing cybercriminal economy. If simply designing safe and secure products isn’t enough incentive for some organizations, the thinking goes, the threat of fines and lawsuits will.

Conclusion

Technology is making our lives easier. We have access to unprecedented levels of information, resources, social media, and entertainment at our fingertips, 24 hours a day. Much of our reliance on this technology has become invisible, from traffic control systems to medical devices to applications that allow us to make and monitor financial transactions. While new classes of connected devices provide valuable services, they are being woven into an increasingly complex ecosystem of data, devices, applications, and services that we are becoming more dependent on every day.

Which is why we are also seeing a rise in the number and sophistication of attacks that are designed to target and exploit this phenomenon. Beta versions of new classes of exploits are now being regularly released into the wild. And we are seeing second and third generations of these attacks; with much more sophisticated tools and automated exploits being launched within weeks of the initial beta launch.

The process required for addressing these challenges needs to escalate. Threats are compounding at digital speeds, while resolutions, like manufacturers building security safeguards into their products, are proceeding at a snail’s pace. We need to start building security into tools and systems on day zero. We need alignment on ways to effectively see and combat new cybercrime. And we need to adopt integrated, collaborative, and automated procedures and technologies end to end to help us see and protect valuable resources moving across the expanded digital network.

Previous Article

WatchGuard Technologies Acquires Datablink and Adds Advanced ...

Next Article

Sophos Firewall Manager – SFM v16.05 MR-1 ...

0
Shares
  • 0
  • +
  • 0
  • 0
  • 0
  • 0

Related articles More from author

  • Sophos Intercept X
    News

    Sophos Launches Next Generation of Anti-Exploit and Anti-Ransomware Technology With Sophos Intercept X

    15/09/2016
    By admin
  • SonicWall Logo
    NewsSonicWALL

    SONICWALL, LOS ANGELES COUNTY METROPOLITAN TRANSPORTATION AUTHORITY SECURE BUSINESS-CRITICAL COMMUNICATIONS WITH REAL-TIME SAAS SECURITY INITIATIVE

    08/01/2020
    By admin
  • Fortinet Threat Information
    News

    Fortinet – Threat Information Sharing Goes Far Beyond Simply Protecting Businesses

    13/06/2018
    By admin
  • Sophos Intercept X server
    News

    Sophos – Intercept X Advanced with EDR is now available

    20/11/2018
    By admin
  • Sophos Logo
    NewsSophos

    Sophos Expands Rapidly Growing Managed Service Provider Program

    17/12/2019
    By admin
  • NewsWatchGuard

    New Research: Equifax Breach Vulnerability Surfaces as Top Network Attack in Q3 2019

    11/12/2019
    By admin

  • Sophos Logo
    Software UpdatesSophos

    Sophos Enterprise console- Endpoint Security and Control version 10.8.4.4 VE3.77.1 for Windows released

  • Fortinet logo
    News

    Fortinet – FortiManager 5.6: Centralized Control for Today’s Networks

  • Sophos Home Premium
    News

    Sophos Home Premium is here

Timeline

  • 29/03/2022

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

  • 03/03/2022

    Sophos: Important Product Lifecycle Updates

  • 01/03/2022

    Shoring up your cybersecurity posture in light of ongoing crisis

  • 23/02/2022

    WatchGuard Support Alert

  • 03/02/2022

    Sophos: Important Product Lifecycle Reminder

Sponsored Links

Latest Comments

  • Paul Sillars
    on
    21/06/2016
    I received this in an email this morning, it was the first I heard about it ...

    Dell Software Group sold to help fund looming EMC deal

  • Paul Sillars
    on
    20/06/2016
    This is going to be an interesting one to watch. Especially after today's announcement that ...

    Ingram Micro gets distribution access to Dell’s security range in Australia

Find us on Facebook

Firewall.News Logo

This site serves more as a reference point for some of the major security vendor's updates and product/press releases

It will never be a definitive list, but it helps our customers keep up to date and also allows us to express our comment and observations as well.

About us

  • PO Box 451, North Lakes, Queensland, 4509, Australia
  • [email protected]
  • Recent

  • Popular

  • Comments

  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Sophos Logo

    Sophos: Important Product Lifecycle Updates

    By admin
    03/03/2022
  • Shoring up your cybersecurity posture in light of ongoing crisis

    By admin
    01/03/2022
  • WatchGuard logo

    WatchGuard Support Alert

    By admin
    23/02/2022
  • Dell SonicWALL Supermassive

    Ingram Micro gets distribution access to Dell’s security range in Australia

    By admin
    14/06/2016
  • Francisco Partners and Elliott Management to Acquire the Dell Software Group

    Dell Software Group sold to help fund looming EMC deal

    By admin
    21/06/2016
  • WatchGuard Firebox M500 – The Cure for HTTPS Performance Headaches

    By admin
    05/03/2015
  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Paul Sillars
    on
    21/06/2016

    Dell Software Group sold to help fund looming EMC deal

    I received this in ...
  • Paul Sillars
    on
    20/06/2016

    Ingram Micro gets distribution access to Dell’s security range in Australia

    This is going to ...

Follow Me

  • Contact
  • About Us
  • Home