Wednesday, July 8, 2020

Threat Landscape Report for Q3 2019

Threat Landscape Report for Q3 2019


McDonald’s Now Offers Group Selections For You And Your Fam’s Different Cravings

They also launched a platter of McNuggets and BFF Fries that are good for up to 20 people!

EDC Lauds DOE Move To Promote Geothermal

“We highly welcome the DOE’s recent directives to explore and maximize geothermal energy sources in the country."

Watchdog Appeals To Pres. Duterte: Allocate Food Rations To Displaced Jeepney Drivers

"We are appealing to President Rodrigo Duterte to direct government agencies to work with the private sector to initiate a temporary food rationing program for all displaced jeepney drivers."

Phoenix Focuses On Retail To Boost Business

Phoenix Petroleum is diversifying its core petroleum operations and repositioning its portfolio towards high growth, high margin businesses as it transitions into the new normal.

While many of us may have taken a well-earned vacation over the summer, cybercriminals were hard at work looking for new ways to target and exploit our networks, devices, and services. The Fortinet Threat Landscape Report provides insights into the top threats and trends discovered and tracked by the FortiGuard Labs team, and the report for last quarter shows that cybercriminals are continuing to focus on finding ways to stay a step ahead of their cybersecurity professional adversaries.

When people consider cybercrime, they tend to think of some of the more high-profile events of the past that used sophisticated malware or exploited zero-day vulnerabilities. And while some efforts continue to be made in those areas, most criminals focus on leveraging their existing resources. The top issues for Q3 are no different.

Cybercriminals Are Looking To Augment Their Phishing Efforts
Cybercriminals Are Targeting Edge Services

Because over 90% of malware is still delivered via email, many organizations have responded by aggressively focusing on training users to identify phishing emails and not click on email attachments. They are also more aware of the importance of email security solutions. As a result, criminals have begun to expand their tactics by simply targeting other areas of the attack surface that aren’t being focused on.

For example, over the past quarter FortiGuard Labs has observed attacks targeting publicly available edge services with remote code execution exploits. Once criminals establish a foothold at the edge, they then use that attack vector to begin delivering their malware to targets inside the network, with the same result as having used phishing to deliver those same payloads.

Bypassing Adblockers Whitelist Malicious Sites
Another strategy is to prevent adblocker security tools from blocking access to malicious content. Adblock Plus, for example, is an open-source browser extension that provides content-filtering and ad blocking for all of the major browsers, including Firefox, Chrome, Internet Explorer, Edge, Opera, Safari, Yandex, and Android. It also uses a key to tag approved advertisement sites so they can be whitelisted. However, this key has been identified by attackers and is being exploited to also whitelist their malicious sites. These webpages can then serve their malicious advertisements, or even function as a phishing page to users who rely on the adblocker solution to block malicious sites and content.

The HTML/Framer.INF!tr IPS signature that detects these webpages is at the top of our list of most prevalent malware variants detected in Q3 2019 across all global regions. However, it is important to note that some of these detections may be false positives because of the way Adblock is designed, making it difficult to produce a fully reliable signature.

Malware-As-A-Service Continues To Grow
New Ransomware-As-A-Service Offerings On The Dark Web

The GandCrab ransomware and its Ransomware-as-a-Service (RaaS) offering netted its developers as much as $2 billion before they retired last year. As a result, many cybercriminal organizations are keen to jump on the bandwagon. Last quarter, FortiGuard Labs observed that at least two other significant ransomware families – Sodinokibi and Nemty – are now available on the dark web as ransomware-as-a-service offerings. By using this RaaS model, the authors of these malware tools are significantly lowering the bar, both in terms of overhead and expertise, for launching such attacks.

Emotet Offers A New Spin On MaaS
Emotet, a popular and successful banking trojan, has launched a similar service that rents access to devices infected with the Emotet trojan. This is especially malicious because the Emotet developers have added the ability for the malware to deliver malicious payloads. This means that attackers using this new malware-as-a-service offering can infect targeted networks with additional malware, such as the Trickbot trojan and Ryuk ransomware, launched from a previously compromised device.

Another new Emotet trick significantly increases the efficiency of distributing malware through phishing. Cybercriminals naturally want to deliver phishing email with the highest likelihood of being opened. This new Emotet phishing strategy steals email threads, not just email addresses, from infected devices. It then develops an infected reply from someone in the thread and sends it to the other thread participants disguised as being part of the thread. This strategy has proven to be exponentially more effective than trying to hook victims using a cold initial phishing attempt, or even a targeted spearphishing tactic.

Older Attacks Remain A Persistent Threat
It is important to remember that attacks don’t need to be new to be successful. According to the Q3 Threat Landscape Report, FortiGuard Labs saw more attempts to target vulnerabilities from 2007 than from 2018 and 2019 combined. And every year in between equaled 2018/19 levels. This trend shows how unpatched vulnerabilities—regardless of age—can heighten exposure. The point is that attackers (and their tools) don’t ignore older vulnerabilities and neither should you.

What You Can Do

Segment Your Networks
Many of these attacks and exploits are successful because vulnerable systems are not being adequately protected. Older vulnerabilities can be successfully protected by conducting a risk assessment and then prioritizing the likelihood of a device being exploited using the FortiGuard Security Rating Service. In addition to patching and upgrading devices, organizations should also consider implementing intent-based network segmentation and zero trust access strategies to prevent critical devices and vulnerable systems from being exploited. Segmentation also minimizes the risks of a successful intrusion by shrinking the available attack surface.

Latest News

Mayor Isko: 3 Manila Key Officials Positive For COVID-19

One of the saddest moments of Manila City: Mayor Isko on Monday announced that 3 ranking officials have tested positive for COVID-19.

Sen. Gatchalian: Penalize Distribution Utilities That Will Fail To Comply With Advisories

GATCHALIAN: “What action or steps have you taken to penalize those who don’t follow your advisories and to help our consumers get refunds?”

Gearing Up For 5G: What’s Real And What’s Not?

Globe has debunked 5 common misconceptions about 5G! Did you know some people think it is related to the spread of COVID-19?

Garmin Partners Physioq To Support And Accelerate COVID-19 Research

Neo helps users and family members keep track of their vitals including blood oxygen saturation (SpO2), heart rate, respiration rate, sleep and body temperature.

DOST Grants Community In Sibugay 1.4M For Livelihood Equipment

Members of the Balagon Alsa-Masa Service Provider Association (BAMSPA) recently received a Science and Technology grant worth 1.4M for the acquisition of a Rice and Corn Mill equipment.

ABS-CBN Vows That It Will Continue To Be A Responsible Content Producer

VIDANES: "It's not about us, it's about the people we serve, and that's what we've dedicated our lives to. We will continue to improve that service."

Self-Care Is Essential, Now And Always

Who says self-care has to be postponed this quarantine?

Self-Care Is Essential, Now And Always

Who says self-care has to be postponed this quarantine?

Latest Appliances From XTREME To Gear Your Home This New Normal

Check out XTREME's new line of appliances that promotes productivity and efficiency at its best price!

Mayor Angelo: Tacurong City To Welcome More LSIs, ROFs

Preparations are in place as the local government of Tacurong City is about to welcome residents listed as locally stranded individuals (LSIs) via buses that traveled by land from Metro Manila.