Q1 2019 Introduction and Overview

It’s time once again to head back out into the wilds of the cyber threat landscape to review another quarter of mischief and mayhem. Thank you for choosing us as your guide, and we look forward to spending the next dozen-ish pages helping to get you caught up on important Q1 events and prepared for the future. Here’s a quick synopsis of the attractions we’ll visit this quarter:

The Fortinet Threat Landscape Index : This summary measure of how bad it is out there was more volatile than ever, but rose a slight 1% overall during the quarter.

Tools and Tricks for Living Off the Land : Threat actors increasingly leverage legitimate tools already installed on target systems to carry out cyberattacks. We discuss several of these tools and how they’re being used.

Playbook Preview: Silence Group : This threat actor traditionally targets financial institutions in Russia and eastern Europe, but has expanded both their scope and repertoire over the years. We catch you up on their latest tactics.

Attackers Thinking More About ThinkPHP : Exploits targeting the ThinkPHP framework hit the #2 spot, reminding us that attackers don’t discriminate against lesser-known technologies to accomplish their goals on a global scale.

Coinhive Becomes Victim of Its Own “Success” : The Monero-based cryptomining service Coinhive, which became a favorite of cyber criminals, shut down in Q1. We study the effects of that move through the lens of our telemetry data.

Exploratory Analysis: A Web of (Filtered) Connections : Do threat actors carry out phases of their attack on different days of the week? Do threats use the same infrastructure for exploitation and control? We explore those questions here.

Content Management Needs Constant Management : We all know WordPress is a magnet for attacks, but what about less well-known CMS? We examine new exploits you need to know about if you use these tools in your organization.

Ransomware Becoming More Tailored and Targeted : Once the poster child for indiscriminate attacks, recent ransomware attacks exhibit a more designer and destructive nature. We trace this trend using several recent examples.

The findings in this report represent the collective intelligence of FortiGuard Labs, drawn from a vast array of network sensors collecting billions of threat events observed in live production environments around the world. According to independent research, Fortinet has the largest security device footprint in the industry. This unique vantage point offers excellent views of the cyber threat landscape from multiple perspectives that we’re excited to share with you this quarter. Read the full report here.