From July through September, unique malware variants grew 43%, while the number of malware families grew by nearly 32%.
Fortinet announced the findings of its latest quarterly Global Threat Landscape Report 2018. The research reveals that malware, exploits, and threats are all on the increase and are evolving to become more sophisticated. The research shows unique threat variants and families are also on the rise, while botnet infections continue to infect organizations.
Key takeaways of Cyber Threat Landscape 2018 Q3 report
- Threat Development Continues to Be a Top Focus for Cybercriminals. Cybercriminals are not only expanding their attack arsenal but also developing new strategies for breaching defenses. Unique malware variants grew 43%, while the number of malware families grew by nearly 32%. The number of unique daily malware detections per firm also rose 62%. In line with these trends, unique exploits increased nearly 10% and the number of exploit detections per firm rose 37%. Cybercriminals continue to evolve threats by creating unique malware variants and families, demonstrating the ongoing importance of threat intelligence and assessment tools.
- Mobile Devices Remain a Target. Over one-quarter of organizations experienced a mobile malware attack, with the majority being on the Android operating system. In fact, of the threats organizations faced from all attack vectors, 14% of total malware alerts were Android related. By comparison, only .000311% of threats were targeted at Apple iOS. Mobile threats are a looming threat that must be addressed, especially as the mobile-shopping holiday season nears. These threats can become a gateway for corporate networks to be exploited. Criminals know mobile is an accessible target for infiltrating a network, and they are exploiting it.
“As our cyber adversaries continue to incorporate new threats and leverage increasingly automated techniques at speed and scale for their malicious activities, segmentation and integration have become critical security strategies for IT and OT environments today.” - Phil Quade, Chief Information Security Officer, Fortinet
- Cryptojacking is a Gateway to Other Attacks. Cryptojacking remains prevalent and continues to grow in scope. The number of platforms affected by cryptojacking jumped 38% and the number of unique signatures nearly doubled in the past year. These include new sophisticated platforms for advanced attackers as well as “as-a-service” platforms for novice criminals. IoT botnets are also increasingly leveraging cryptojacking exploits for their attack strategy. Although it is often considered to be a nuisance threat that simply hijacks unused CPU cycles, security leaders are realizing how cryptojacking can become a gateway for additional attacks. Underestimating the repercussions of cryptojacking places an organization under heightened risk.
- Percentage of Malicious Network Traffic is Higher on Weekends or Holidays. Data shows malicious network traffic represents a higher percentage of overall traffic on weekends and holidays as business traffic slows down significantly since many employees are not working during this time. For many organizations this may be an opportune time to sweep for malware because as the “haystack” of traffic becomes smaller, the chance of finding malicious “needles” is much greater. With cybercriminals using more automated and sophisticated techniques, any opportunity to increase visibility can be an advantage.
- Burstiness of Botnets. The botnet index rose only 2%, though the number of infection days per firm increased 34% from 7.6 days to 10.2 days. This may be an indication that botnets are becoming more sophisticated, difficult to detect, or harder to remove. It may also denote a failure to practice good cyber hygiene in general by some organizations. The importance of consistent security hygiene remains vital to thoroughly addressing the total scope of these attacks. Sometimes botnets can go dormant, only to return after normal business operations have resumed, if the root cause or “patient zero” is not determined.
- Encrypted Traffic Reaches a New Threshold. Encrypted traffic reached a new high, comprising 72% of all network traffic, up from 55% just one year ago. While encryption can certainly help protect data in motion as it moves between core, cloud, and endpoint environments, it also represents a challenge for traditional security solutions. The critical firewall and IPS performance limitations of some legacy security solutions continue to limit the ability of organizations to inspect encrypted data at business speeds. As a result, a growing percentage of this traffic is increasingly not analyzed for malicious activity, making it an ideal mechanism for criminals to spread malware or exfiltrate data.
"14% of malware alerts this past quarter were Android related. This isn’t just mobile device alerts. It’s 14% of all malware."
Mobile devices are a growing threat
Threats from mobile devices are having a bigger impact on network security. During Q3, more than a quarter of organizations experienced a mobile malware attack. Android OS for mobile devices is far and away the top culprit. By comparison, only .0003% of threats were attributable to Apple iOS. In fact, 14% of malware alerts this past quarter were Android related. This isn’t just mobile device alerts. It’s 14% of all malware. Security leaders without a strategy to address mobile threats, especially those with an open BYOD policy, are making their organizations extremely vulnerable as mobile devices are increasingly an entry point into corporate assets.
(IoT) Botnets persist longer than ever
While the number of botnet infections didn’t climb appreciably during Q3, the number of days that an botnet infection was able to persist inside an organization increased 34% from 7.6 days to 10.2 days. This indicates that botnets are becoming more sophisticated, difficult to detect, and harder to remove. However, this increase is also the result of many organizations still failing to practice good cyber hygiene, including patching and updating vulnerable devices. In addition to implementing best security practices, organizations need to adopt tools to see, segment, and track every device on the network, including IoT devices, and augment those efforts with solutions designed to find the weaknesses and vulnerabilities within your environment, providing actionable recommendations. This solution needs to be applied before an outbreak to prevent exploits, and after an event to ensure that post-event clean-up has been thorough enough.
As mentioned in our article on the Top 5 Cyber Security Threats in 2019, with more and more IoT devices out there, the new generation of IoT botnet DDoS attacks means that the number of threats and their devastating potential will grow in 2019. That’s why mitigating massive traffic volumes using DDoS protection solutions is considered a major cyber security priority for the years to come.
Digital Change Requires a New Approach to Cyber Security in 2019
To stay ahead of the ongoing efforts of cybercriminals, organizations need to transform their security strategies as part of their digital transformation efforts. Isolated, legacy security devices and poor cyber security hygiene continue to be a formula for increased risk to today’s threat landscape as they do not provide adequate visibility or control. Instead, a security fabric that spans the entire expanded network environment and is integrated between each security element is vital to address today’s growing threat environment and to protect the expanding attack surface. This approach enables actionable threat intelligence to be shared at speed and scale, shrinks the necessary windows of detection, and provides the automated remediation required for today’s multi-vector exploits.
15 November 2018