Firewall News

Top Menu

  • Home
  • Our Blog
  • Contact Us

Main Menu

  • Software Updates
  • Alerts & Bugs
  • Out of the Box
  • Home
  • Our Blog
  • Contact Us

Firewall News

Firewall News

  • Software Updates
    • WatchGuard logo

      TDR 6.0.0 is now integrated into WatchGuard Cloud

      04/01/2021
      0
    • Sophos Logo

      XG Firewall 17.5 MR14 Released

      30/07/2020
      0
    • Sophos Logo

      Sophos Firewall Manager SFM 17.1 MR4 Released

      27/07/2020
      0
    • Sophos Logo

      Sophos Enterprise console - Endpoint Security and Control v10.8.9 for Windows has ...

      16/07/2020
      0
    • Sophos Logo

      Sophos iView v3 MR-2 Released

      07/07/2020
      0
    • Sophos Logo

      SD-RED Firmware 3.0.002 Pattern Update

      06/07/2020
      0
    • Sophos Logo

      XG Firewall 17.5 MR13 Released

      06/07/2020
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for old firmware v17 and v17.1 for XG Firewall

      03/07/2020
      0
    • WatchGuard logo

      Fireware 12.5.4 Now Available

      01/07/2020
      0
  • Alerts & Bugs
    • Sophos Logo

      Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

      29/03/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Updates

      03/03/2022
      0
    • WatchGuard logo

      WatchGuard Support Alert

      23/02/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Reminder

      03/02/2022
      0
    • Sophos Logo

      Sophos: Product Lifecycle Information: Extended Support for Windows 7 and Windows Server ...

      31/01/2022
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for Sophos SSL VPN Client

      29/11/2021
      0
    • WatchGuard logo

      WatchGuard: macOS Monterey 12.0.1 Does Not Support the AuthPoint Logon App

      09/11/2021
      0
    • Sophos Logo

      Sophos UTM Manager (SUM) End of Distribution

      04/11/2021
      0
    • WatchGuard logo

      WatchGuard: End of Sale Notice: AP420

      01/11/2021
      0
  • Out of the Box
    • WatchGuard’s Firebox T80 Earns 5-Star Rating in SC Labs Review

      17/11/2020
      0
    • WatchGuard Wins Big in CRN 2020 Tech Innovator Awards

      16/11/2020
      0
    • Coronavirus scams: what to look for and how to stop them

      02/04/2020
      0
    • Dell SonicWALL TZ 300

      Out the Box - Dell SonicWALL TZ 300

      05/07/2016
      0
    • Dell SonicWALL TZ SOHO

      Out the Box - Dell SonicWALL TZ SOHO

      05/07/2016
      0
    • WatchGuard Firebox T50

      WatchGuard Firebox T50

      31/03/2016
      0
    • WatchGuard Firebox M200

      WatchGuard Firebox M200

      31/03/2016
      0
News
Home›News›Fortinet Quarterly Threat Landscape Report: The Battle Against Cybercrime Continues to Escalate

Fortinet Quarterly Threat Landscape Report: The Battle Against Cybercrime Continues to Escalate

By admin
28/11/2017
1849
0
Share:
Fortinet Q3 2017

Fortinet just released its Threat Landscape Report for Q3 of 2017. Its findings are drawn from millions of sensors deployed inside production environments across the globe.

This quarter’s report focuses on three key threat indicators: exploits, malware, and botnets. The first two provide a view into criminal attempts to identify and compromise vulnerable systems. The third, botnets, provides insight into malware that has managed to penetrate a network and its communications back to its command and control center. It also examines important zero-day vulnerabilities and infrastructure trends of the corresponding attack surface to add context about the trajectory of cyberattacks affecting organizations over time. Combined, they provide insight into what cybercriminals value, and the techniques they rely on to access those resources. This information, in turn, provides valuable information on what sorts of security measures organizations should be focused on.

 

Exploits

All exploits can be traced back to a zero-day attack designed to target a newly discovered vulnerability. As these exploits show signs of success, we see copycat variations begin to swarm around those vulnerabilities.

So to start, we have a dedicated team of expert researchers and analysts dedicated to examining third-party products and software applications looking for previously undiscovered weaknesses and exploitable vulnerabilities. So far this year, the FortiGuard Labs research team has uncovered and reported on 185 zero-day vulnerabilities.

This approach is critical because there are two truths about cyber threats: the first is that someone will always find a vulnerability to exploit. Which is why we always disclose new zero-day discoveries to manufacturers so that a patch can be produced. The second, however, is that in spite of this most organizations will fail to patch those vulnerabilities. So we also produce IPS signatures and release updates so that when a cybercriminal discovers one of these flaws and launches a zero-day attack, our customers are already protected.

In terms of exploits, 79% of organizations being monitored saw severe attacks in the third quarter, with an average of 153 attacks per firm. The top exploit of the quarter, targeted at the Apache.Struts vulnerability, was reported by 35% of organizations. That is the exploit that attackers leveraged to nab approximately 145 million records from credit bureau Equifax, which was first reported on September 7th.

One of the key takeaways from this data is that whether it’s WannaCry in Q2 or Apache Struts in Q3, long-known and yet still-unpatched vulnerabilities continue to bite organizations time and time again. Which is why it is imperative that IT teams pay close attention to critical patch releases and establish an aggressive patch and replace protocol. In addition to lapses in regular patching, network and device hygiene are the next most neglected elements of security. They may not be the most fun or sexy part of security, but they are critically important.

According to Phil Quade, Fortinet’s Chief Information Security Officer, “long-known and yet still-unpatched vulnerabilities consistently serve as the gateway for attacks. Remaining vigilant of new threats and vulnerabilities in the wild is critical, but organizations also need to keep sight of what is happening within their own environment. Of course, continually removing unnecessary application services, stamping out vulnerabilities, and maintaining good order in IT environments is easier said than done. However, there is an increased urgency for prioritizing security hygiene, along with a need to embrace fabric-based security approaches that leverage automation, integration, and strategic segmentation. Our adversaries are adopting automated and scripted techniques, so we need to raise their price of attacking to combat today’s new normal.”

Malware

As with exploits, malware analysis helps uncover adversary intent and capability. During Q3 the FortiGuard Labs team detected nearly 15,000 unique malware variants from over 2,600 different families, which while down slightly from Q2, still represents a huge variety of ways to compromise a network. Of the total number of organizations analyzed, 22% reported attempts to infect their systems with ransomware, with the Locky ransomware family roaring back to take the top spot after a summer of relative quiet with three new variants: Diablo6, Lukitus, and Ykcol.

In addition, 25% of organizations detected malware targeted at their mobile devices, up from 18% in Q2. This is a clear indicator that cybercriminals are looking for new ways to infiltrate networks by targeting devices without the level of control, visibility, and protection that traditional systems receive. Effective mobile security strategies must deal with this reality through mobile application controls and malware protections built into the network to cover any device anywhere.

The most common functionality among top malware families was dropping malware onto vulnerable systems. This technique helps malicious payloads wrapped in dynamic packaging to slip through legacy defenses. Once deployed, the majority of malware strains attempted to establish remote access connections, capture user input, and gather system information, demonstrating the increased intelligence and automated nature of today’s malware.

The fact that so many high-variant downloaders and droppers topped our charts is a good reminder that single-point, signature-based AV alone is not an effective security strategy. It is essential that IT teams integrate layers of malware defenses together capable of detecting known and unknown threats, and deploy them at multiple layers throughout the environment.

Botnets

While exploit and malware trends highlight efforts to compromise a device or network, botnets provide a post-compromise viewpoint. Once a network has been breached, installed botnet malware attempts to communicate with the remote malicious hosts for updates and instructions or to deliver pilfered data. Detecting command and control traffic in a corporate environment clearly indicates that something went wrong from a defense perspective in the earliest stages of the attack chain. Of course, this is to be expected since no security system is ever 100% effective.  But it is also why ensuring that your security strategy spans the entire attack chain is so critical.

In Q3 there were about two active botnets per organization detected inside their networks, with 3% of organizations seeing 10 or more infections. Interestingly, while botnet activity was down in Q3, those botnets that were most active Gh0st, Pushdo, Andromeda, Necurs, and Conficker remained the most prevalent, which was an exact repeat of Q2.

One of the most compelling data points is that 75% of the organizations that reported Gh0st botnet infections in July also reported them in August, and 70% of those also reported September infections. The first takeaway is that while most organizations seem to be focused on responding to the symptoms of an infection, many are not very good at understanding the scope of a breach, or are not thorough enough in their incident response. They need to have a plan of steps to follow, and either they don’t have a plan or they are skipping some essential steps. They may also be too focused on remediating systems but are not being very effective at getting at the root cause.

The other is that while all organizations are vulnerable, midsize companies seem to be more frequently compromised over both small and large firms. While smaller firms likely have less protection, they also have less – and less valuable – data, so they tend to be ignored. Larger firms, on the other hand, certainly have the data cybercriminals want, but also greater resources to protect it. It’s midsize firms, however, that typically have enough valuable data to make them a worthwhile target, and yet not nearly the same security resources of their larger counterparts. Simply put, we see more botnets in mid-sized companies because they have a higher infection rate (malware is somehow successfully dropped onto their systems) than other companies.

Conclusion

As the threat landscape becomes more intelligent and automated, organizations will need to respond in kind. The time between breach and compromise will soon be measured in milliseconds, which makes it imperative that organizations automate basic security hygiene, such as patch and replace, hardening systems, and implementing two-factor authentication. AI and automation need to fill this gap by replacing basic security functions and day-to-day tasks currently being performed by people with an integrated expert security system that can determine device vulnerabilities, track and patch devices, and apply security protocols or policies, and configure and monitor security and network devices.

As the volume, velocity, and automation of attacks continue to increase, organizations need to ensure that a strategic threat detection and incident-response strategy is in place. Only a security framework that utilizes advanced threat detection, comprehensive threat intelligence sharing, an effective IR strategy, and an open architecture that can tie security and networking components into an integrated defense and response system is going to be able to protect organizations going forward. The evolving attack surface requires flexibility to quickly implement security strategies and solutions and seamlessly add advanced techniques and technologies as they emerge.

You can read more important takeaways in the full Global Threat Landscape Report. Also, view our video (above) and infographic (below) summarizing valuable data points from the report.

Sign up for our weekly FortiGuard intel briefs or to be a part of our open beta of Fortinet’s FortiGuard Threat Intelligence Service.

 

 

Previous Article

Sophos Intercept X is the Security Innovation ...

Next Article

SonicWall: Why GDPR Makes it Urgent to ...

0
Shares
  • 0
  • +
  • 0
  • 0
  • 0
  • 0

Related articles More from author

  • Sophos Top Player
    News

    Sophos named a Radicati Top Player two years running

    14/07/2017
    By admin
  • BarracudaNews

    Monetising mistakes: how to tackle cloud misconfiguration

    29/08/2019
    By admin
  • FortinetNews

    How Partners Leveraging SECaaS and FortiCloud Provide Value to Customers

    19/02/2020
    By admin
  • Sophos Logo
    NewsSophos

    Cybersecurity evolved: Increasing IT efficiency and protection

    12/06/2020
    By admin
  • WatchGuard logo
    News

    WatchGuard 802.11ac Wave 2 Wi-Fi with MU-MIMO

    04/11/2017
    By admin
  • BarracudaNews

    Consider costs and mitigate the risk of ransomware when selecting the right data protection solution

    04/06/2020
    By admin

  • NewsWatchGuard

    CRN Recognizes WatchGuard Leaders in its Women of the Channel and Power 100 lists for 2020

  • NewsSonicWALL

    Storms Ahead: The Dark Side of the Rush to the Cloud

  • Sophos Logo
    Software UpdatesSophos

    Sophos – SFOS 17.5 GA Released

Timeline

  • 29/03/2022

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

  • 03/03/2022

    Sophos: Important Product Lifecycle Updates

  • 01/03/2022

    Shoring up your cybersecurity posture in light of ongoing crisis

  • 23/02/2022

    WatchGuard Support Alert

  • 03/02/2022

    Sophos: Important Product Lifecycle Reminder

Sponsored Links

Latest Comments

  • Paul Sillars
    on
    21/06/2016
    I received this in an email this morning, it was the first I heard about it ...

    Dell Software Group sold to help fund looming EMC deal

  • Paul Sillars
    on
    20/06/2016
    This is going to be an interesting one to watch. Especially after today's announcement that ...

    Ingram Micro gets distribution access to Dell’s security range in Australia

Find us on Facebook

Firewall.News Logo

This site serves more as a reference point for some of the major security vendor's updates and product/press releases

It will never be a definitive list, but it helps our customers keep up to date and also allows us to express our comment and observations as well.

About us

  • PO Box 451, North Lakes, Queensland, 4509, Australia
  • [email protected]
  • Recent

  • Popular

  • Comments

  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Sophos Logo

    Sophos: Important Product Lifecycle Updates

    By admin
    03/03/2022
  • Shoring up your cybersecurity posture in light of ongoing crisis

    By admin
    01/03/2022
  • WatchGuard logo

    WatchGuard Support Alert

    By admin
    23/02/2022
  • Dell SonicWALL Supermassive

    Ingram Micro gets distribution access to Dell’s security range in Australia

    By admin
    14/06/2016
  • Francisco Partners and Elliott Management to Acquire the Dell Software Group

    Dell Software Group sold to help fund looming EMC deal

    By admin
    21/06/2016
  • WatchGuard Firebox M500 – The Cure for HTTPS Performance Headaches

    By admin
    05/03/2015
  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Paul Sillars
    on
    21/06/2016

    Dell Software Group sold to help fund looming EMC deal

    I received this in ...
  • Paul Sillars
    on
    20/06/2016

    Ingram Micro gets distribution access to Dell’s security range in Australia

    This is going to ...

Follow Me

  • Contact
  • About Us
  • Home