Fortinet Threat Landscape Index Hits Highest Point to Date, Demonstrating Continued Increase In Cyberattacks

News Summary:

Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated, and automated cybersecurity solutions, today announced the findings of its latest quarterly Global Threat Landscape Report.

• The research reveals that cybercriminals continue to look for new attack opportunities throughout the digital attack surface and are leveraging evasion as well as anti-analysis techniques as they become more sophisticated in their attempts.
• The Threat Landscape Index crossed a milestone this quarter. It is up nearly 4% from its original opening position year-over-year. The high point during that year-long timeframe is the peak and closing point of Q2 CY2019. The upsurge was driven by increased malware and exploit activity.
• For a detailed view of the Threat Landscape Index and subindices for exploits, malware, and botnets, as well as some important takeaways for CISOs read the blog.

“The ever-widening breadth and sophistication of cyber adversaries’ attack methods is an important reminder of how they are attempting to leverage speed and connectivity to their advantage”, said Phil Quade, Chief Information Security Officer, Fortinet. “Therefore, it is important for defenders to do the same and to relentlessly prioritize these important cybersecurity fundamentals, to position organizations to better manage and mitigate cyber risks. A security fabric approach across every security element that embraces segmentation and integration, actionable threat intelligence, and automation combined with machine learning is essential to enable these fundamentals to bear fruit.”

Highlights of the report follow.

Upping the Ante on Evasion Tactics

Many modern malware tools already incorporate features for evading antivirus or other threat detection measures, but cyber adversaries are becoming more sophisticated in their obfuscation and anti-analysis practices to avoid detection.

For example, a spam campaigndemonstrates how adversaries are using and tweaking these techniques against defenders. The campaign involves the use of a phishing email with an attachment that turned out to be a weaponized Excel document with a malicious macro. The macro has attributes designed to disable security tools, execute commands arbitrarily, cause memory problems, and ensure that it only runs on Japanese systems. One property that it looks for in particular, an xlDate variable, seems to be undocumented.

Another example involves a variant of the Dridexbanking trojanwhich changes the names and hashes of files each time the victim logs in, making it difficult to spot the malware on infected host systems.

The growing use of anti-analysis and broader evasion tactics is a reminder of the need for multi-layered defenses and behavior-based threat detection.

Under the Radar Attacks Aim for the Long-haul 

The Zegostinfostealer malware, is the cornerstone of a spear phishing campaignand contains intriguing techniques. Like other infostealers, the main objective of Zegost is to gather information about the victim’s device and exfiltrate it. Yet, when compared to other infostealers, Zegost is uniquely configured to stay under the radar. For example, Zegost includes functionality designed to clear event logs. This type of cleanup is not seen in typical malware. Another interesting development in Zegost’s evasion capabilities is a command that kept the infostealer “in stasis” until after February 14, 2019, after which it began its infection routine.

The threat actors behind Zegostutilize an arsenal of exploits to ensure they establish and maintain a connection to targeted victims, making it far more of a long term threat compared to its contemporaries.

Ransomware Continues to Trend to More Targeted Attacks

The attacks on multiple cities, local governments, and education systems serve as a reminder that ransomware is not going away, but instead continues to pose a serious threat for many organizations going forward. Ransomware attacks continueto move away from mass-volume, opportunistic attacks to more targeted attacks on organizations, which are perceived as having either the ability or the incentive to pay ransoms. In some instances, cybercriminals have conducted considerable reconnaissance before deploying their ransomware on carefully selected systems to maximize opportunity.

For example, RobbinHoodransomware is designed to attack an organization’s network infrastructure and is capable of disabling Windows services that prevent data encryption and to disconnect from shared drives.

Another newer ransomware called Sodinokibi,could become another threat for organizations. Functionally, it is not very different from a majority of ransomware tools in the wild. It is troublesome because of the attack vector, which exploits a newer vulnerability that allows for arbitrary code execution and does not need any user interaction like other ransomware being delivered by phishing email.

Regardless of the vector, ransomware continues to pose a serious threat for organizations going forward, serving as a reminder of the importance of prioritizing patching and infosecurity awareness education. In addition, Remote Desktop Protocol (RDP) vulnerabilities, such as BlueKeepare a warning that remote access services can be opportunities for cybercriminals and that they can also be used as an attack vector to spread ransomware.

New Opportunities in the Digital Attack Surface

Between the home printer and critical infrastructure is a growing line of control systems for residential and small business use. These smart systems garner comparably less attention from attackers than their industrial counterparts, but that may be changing based on increased activity observed targeting these control devicessuch as environmental controls, security cameras, and safety systems. A signature related to building management solutions was found to be triggered in 1% of organizations, which may not seem like much, but it is higher than typically seen for ICS or SCADA products.

Cybercriminals are searching for new opportunities to commandeer control devices in homes and businesses. Sometimes these types of devices are not as prioritized as others or are outside the scope of traditional IT management. The security of smart residential and small business systems deserves elevated attention especially since access could have serious safety ramifications. This is especially relevant for remote work environments where secure access is important.

How to Protect Your Organization: Broad, Integrated, and Automated Security

Threat intelligence that is dynamic, proactive, and available in real-time can help identify trends showing the evolution of attack methods targeting the digital attack surface and to pinpoint cyber hygiene priorities. The value and ability to take action on threat intelligence is severely diminished if it cannot be actionable in real-time across each security device. Only a security fabricthat is broad, integrated, and automated can provide protectionfor the entire networked environment, from IoT to the edge, network core and to multi-clouds at speed and scale.

Report and Index Overview
The latest Fortinet Threat Landscape Report is a quarterly view that represents the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of global sensorsduring Q2 2019. Research data covers global and regional perspectives. Also included in the report is the Fortinet Threat Landscape Index (TLI), comprised of individual indices for three central and complementary aspects of that landscape which are exploits, malware, and botnets, showing prevalence and volume in a given quarter.

By: Fadi Kanafani, Middle East Managing Director & General Manager at NetApp.

The impact of AI is being seen across industries and geographies. AI is now a key to success for organizations and is set to be a significant contributor towards global economic growth by 2030. According to a study by McKinsey Global Institute (MGI), on average, the global gross domestic product (GDP) could increase by 1.2 percentage points per year, which would correspond to a total value added of 13 trillion US dollars.

Among a number of industry segments, the automotive industry is one of the most technologically advanced and progressive industries. It’s no surprise that the industry is a frontrunner in adopting and incorporating AI into research, design, and manufacturing processes for smarter and better outcomes and products.

When you think about AI in automotive, autonomous vehicles is likely the first use case that comes to mind. While the holy grail in the industry is full self-driving, defined as level 5, most companies are already offering increasingly sophisticated adaptive driver assistance systems (ADAS) as stepping stones towards that level of autonomy.

In an industry like automotive, the number of possible AI use cases is large and essentially divided into four segments which are autonomous driving, connected vehicles, mobility as a service, and smart manufacturing. Naturally, there are overlaps between some of these segments; success in one area can yield benefits in another. For example, autonomous driving may be a key element of a mobility-as-a-service strategy. There are also many requirements that all segments have in common, including infrastructure integration, advanced data management, security, privacy, and compliance.

There are, however, challenges to achieving full self-driving. Each car deployed for R&D generates a mountain of data; 1TB per hour per car is typical. Teams can expect to accumulate hundreds of petabytes to exabytes of data as autonomous driving projects progress. This raises several critical questions such as how to create a pipeline to move data efficiently from vehicles to train a neural network or how to efficiently prepare and label data for neural network training are some of the concerns. Some questions that need to be addressed are how much storage and compute power is needed to train a neural network, to run inference on a trained neural network and if the training cluster should be on-premises or in the cloud. It is also important to determine how to correctly size the infrastructure for data pipelines and training clusters including storage needs, network bandwidth, and compute capacity.

Cars and other vehicles are quickly transforming into connected devices, and there are a number of immediate use cases for AI in connected cars such as Personal assistants / voice-activated operations, Telematics and predictive maintenance, Infotainment/recommenders.

Today, cars use cellular and WiFi connections to upload and download entertainment, navigation, and operational data. In the near future, we’ll also see cars connecting to each other, to our homes, and to infrastructure. For example, Audi has already introduced technology to connect cars to stoplight infrastructure, enabling drivers in select cities to catch a “green wave”, timing their drives to avoid red lights. That’s just one of many opportunities to use data from connected cars.

In the future, car ownership may decline in favor of various forms of ride sharing, particularly in dense urban areas. Car companies will need to become mobility service companies to address changing consumer demand. Many car companies such as Ford and home-grown Careem are already branching out, acquiring scooter- and bike-sharing companies and creating delivery services.

The machine learning and deep learning problems in mobility-as-a-service models are significantly different than those in autonomous driving: How do you predict customer demand? How do you optimize fleet efficiency and minimize customer wait times? How do you dynamically set prices in response to demand? How do you ensure passenger physical security? How do you protect customer data, prevent fraud, and balance privacy versus convenience?

From an infrastructure standpoint, these distributed problems require different strategies and may require smart algorithms on the consumer’s device (smart phone), in the vehicle, and in the cloud, plus long-term, secure data management for compliance.

The auto industry has a lot on its plate. Companies must look for ways to increase operational efficiency to free up capital for investments like those described above. Industrial Internet of Things (IIoT) and Industry 4.0 technologies are the key to streamlining business, automating and optimizing manufacturing processes, and increasing the efficiency of the supply chain.

Common manufacturing use cases include an increased use of computer vision for anomaly detection, process control for improved quality/reduced waste, predictive maintenance to maximize productivity of manufacturing equipment.

Competition in the auto industry is also fierce. Leaders look to train their own AI specialists and developers and cooperate with other companies to maintain their standing. While these measures are intended to close the current knowledge gap, it also helps achieve the overarching goals of higher product quality, better customer experience with AI, and reducing operating costs. Innovations are the key to keeping up with IT companies in the competitive field of autonomous driving.

The benefits that AI brings to the automotive industry are perceived as excessive. At the same time, there is an increasing pressure on business representatives not to miss out on the next big thing. Industry studies usually stop at a point where they become interesting: the impact on daily work routine. It would be exciting to see which AI technology the experts in the automotive industry are working on and what challenges they face.