FortiGuard Labs Reports Cyber Adversaries Are Exploiting the Global Pandemic at Enormous Scale

“The first six months of 2020 witnessed an unprecedented cyber threat landscape. The dramatic scale and rapid evolution of attack methods demonstrate the nimbleness of adversaries to quickly shift their strategies to maximize the current events centered around the COVID-19 pandemic across the globe,” says Derek Manky, Chief, Security Insights & Global Threat Alliances, FortiGuard Labs. There has never been a clearer picture than now, of why organizations need to adjust their defense strategies going forward to fully take into account the network perimeter extending into the home. It is critical for organizations to take measures to protect their remote workers and help them secure their devices and home networks for the long term. It is also wise to consider adopting the same strategy for cyber viruses that we are adopting in the real world. Cyber social distancing is all about recognizing risks and keeping our distance.”

Seizing the Opportunity in Global Events: Attackers have used subjects in the news as social engineering lures before, but this moved to the next level in the first half of 2020. From opportunistic phishers to scheming nation-state actors, cyber adversaries found multiple ways to exploit the global pandemic for their benefit at enormous scale. This included phishing and business email compromise schemes, nation-state-backed campaigns and ransomware attacks. They worked to maximize the global nature of a pandemic that affected everyone around the world combined with an immediately expanded digital attack surface. These trends were seen with other newsworthy items and demonstrate how quickly attackers can move to take advantage of major developments with broad social impact at a global level.

The Perimeter Gets More Personal: The increase in remote work created a dramatic inverse of corporate networks almost overnight, which cyber adversaries immediately started to leverage as an opportunity. In the first half of 2020, exploit attempts against several consumer-grade routers and IoT devices were at the top of the list for IPS detections. In addition, Mirai and Gh0st dominated the most prevalent botnet detections, driven by an apparent growing interest of attackers targeting old and new vulnerabilities in IoT products. These trends are noteworthy because it demonstrates how the network perimeter has extended to the home with cybercriminals seeking to gain a foothold in enterprise networks by exploiting devices that remote workers might use to connect to their organizations’ networks.

Browsers Are Targets Too: For attackers the shift to remote work was an unprecedented opportunity to target unsuspecting individuals in multiple ways. For example, web-based malware used in phishing campaigns and other scams outranked the more traditional email delivery vector earlier this year. In fact, a malware family that includes all variants of web-based phishing lures and scams ranked at the top for malware in January and February and only dropped out of the top five in June. This may demonstrate the attempt of cybercriminals to target their attacks when individuals are the most vulnerable and gullible—browsing the web at home. Web browsers, not just devices, are also prime targets for cybercriminals, perhaps more than usual, as cybercriminals continue to target remote workers.

Ransomware Not Running Away: Well-known threats such as ransomware have not diminished during the last six months. COVID-19-themed messages and attachments were used as lures in a number of different ransomware campaigns. Other ransomware was discovered rewriting the computer’s master boot record (MBR) before encrypting the data. In addition, there was an increase in ransomware incidents where adversaries not only locked a victim organization’s data but stole it as well and used the threat of widescale release as additional leverage to try and extort a ransom payment. The trend significantly heightens the risks of organizations losing invaluable information or other sensitive data in future ransomware attacks. Globally, no industry was spared from ransomware activity and data shows that the five most heavily targeted sectors for ransomware attacks are telco, MSSPs, education, government, and technology. Unfortunately, the rise of ransomware being sold as a service (RaaS) and the evolution of certain variants indicates that the situation with ransomware is not going away.

OT Threats After Stuxnet: June marked the 10th anniversary of Stuxnet, which was instrumental in the evolution of threats to, and security of, operational technology. Now, many years later, OT networks remain a target for cyber adversaries. The EKANS ransomware from earlier this year shows how adversaries continue to broaden the focus of ransomware attacks to include OT environments. Also, the Ramsay espionage framework, designed for the collection and exfiltration of sensitive files within air-gapped or highly restricted networks, is an example of threat actors looking for fresh ways to infiltrate these types of networks. The prevalence of threats targeting supervisory control and data acquisition (SCADA) systems and other types of industrial control systems (ICS) is less in volume than those affecting IT, but that does not diminish the importance of this trend.

Mapping Exploitation Trends: A review of the CVE List shows the number of published vulnerabilities added has risen over the last few years, sparking discussion over the prioritization of patching. Even though 2020 looks to be on pace to break the number of published vulnerabilities in a single year, vulnerabilities from this year also have the lowest rate of exploitation ever recorded in the 20-year history of the CVE List. Meanwhile, vulnerabilities from 2018 claimed the highest exploitation prevalence at 65%, and more than a quarter of organizations registered attempts to exploit 15-year-old CVEs. For cyber adversaries, exploit development at scale and distribution via legitimate and malicious hacking tools continues to take time.

The Urgency to Secure the Network Perimeter Extending Into the Home

With the increase in connectivity, devices, and ongoing need for remote work, the digital attack surface is expanding. With the corporate network perimeter extending to the home, attackers are looking for the weakest link and fresh attack opportunities. Organizations need to prepare by taking concrete steps to protect their users, devices and information in ways similar to the corporate network. Threat intelligence and research organizations can help by providing broad insight as the threat landscape evolves as well as in-depth analysis of attack methods, actors, and new tactics to help supplement the cyber knowledge of organizations. The need for secure teleworker solutions to enable secure access to critical resources while scaling to meet the demands of the entire workforce has never been greater. Only a cybersecurity platform designed to provide comprehensive visibility and protection across the entire digital attack surface–including networked, application, multi-cloud, or mobile environments–is able to secure today’s rapidly evolving networks.

Report Overview
This latest Global Threat Threat Landscape Report is a view representing the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of sensors collecting billions of threat events observed around the world during the first half of 2020. It covers global and regional perspectives as well as research into three central and complementary aspects of that landscape: exploits, malware, and botnets.

Airport International Group Charts Course for Success through COVID-19 Crisis with Nutanix

Implementation of Xi Frame has ensured business continuity and rapidly empowered a newly formed remote workforce

Nutanix (NASDAQ: NTNX), a leader in enterprise cloud computing, today announced that Airport International Group – a Jordanian consortium of local and international investors with proven experience in airport rehabilitation, enhancement, operation and management – has implemented Xi Frame to maintain business continuity through the turmoil and uncertainty brought on by the COVID-19 pandemic. The Desktop-as-a-Service (DaaS) solution has facilitated set up of virtual training rooms for seamless delivery of extensive training on the newly implemented Airport Management System. It has also provided employees with secure access to specialized applications via shared desktops. As importantly, the solution has enabled the establishment of a virtual control room, giving the Operations Team secure, remote access to mission critical airport IT systems.

In 2007, Airport International Group was appointed by the Government of Jordan to manage the rehabilitation, expansion and operation of Queen Alia International Airport (QAIA), which serves as a pillar of the national economy and the local aviation, transport and tourism sectors. Under Airport International Group’s management, QAIA has successfully expanded, recorded significant growth in passenger numbers and received several Airports Council International (ACI) awards. Today, Airport International Group employs approximately 450 professionals and utilizes the latest technologies and innovations to ensure that the over 50 airlines and millions of annual passengers who rely on QAIA are assured truly world-class experiences.

With the COVID-19 pandemic necessitating the move to remote working, Airport International Group’s IT Team was keen to ensure that around-the-clock access to key services via shared desktops could be provided to employees (teams of technicians and skilled workers) in a secure and reliable manner. As a long-standing Nutanix customer, Airport International Group was quick to identify Nutanix Xi Frame as a perfect fit for its requirement.

Mr. Waseem Al Rousan, IT Director at Airport International Group, said, “Unlike other organizations that suddenly found themselves scrambling to deploy new cloud applications for their remote workers, we could offer our employees access to the same applications they were familiar with. This enabled us to maximize utilization of our existing IT infrastructure and eliminated unnecessary costs and learning curves. Providing employees with the secure access to applications using Xi Frame requires us to simply provide them with login credentials and a link – it’s that easy! Moreover, from an IT perspective, we have been impressed with the ease of deployment, intuitive and powerful web-based management interface, and the guaranteed availability that the solution offers.”

“The ease of use of Xi Frame meant we could easily and rapidly accommodate the business continuity requirements of each department in this challenging time. Moreover, rather than having to deal with the costs, complexities and inevitable slew of helpdesk requests typically associated with corporate VPNs, we could offer our new remote workers the most convenient, secure and intuitive access to the tools and applications they needed to stay productive,” said Mr. Al Rousan.

The timing of the deployment proved especially fortuitous as Airport International Group was in the midst of a mission-critical, multi-million dollar undertaking to migrate its Airport Management System (AMS), which controls everything, from the gates and immigrations services to check-in counters.

At the time when the Government of Jordan announced lock-down measures, consultants and implementation engineers were suddenly unable to travel to Amman. The team’s planned user acceptance and training programs for the new AMS solution looked to be in jeopardy. Using Xi Frame, in just a few hours, Airport International Group set up a fully equipped virtual training lab with 12 remotely accessible workstations. The team then simply provided users with an access link and login credentials, granting them instant, secure access to live training sessions. “We conducted four weeks of extensive training in this manner. The experience was seamless and our employees loved the ability to attend sessions from any location, and via any device,” said Mr. Al Rousan.

With members of the Operations Team also having to work remotely, Airport International Group decided to establish a virtual control room which enabled them to remotely access critical systems including the AMS, Airport Operations Data Base (AODB), Airport Resource Management System (RMS) in a secure manner. “Rigorous vulnerability testing gave us confidence that Nutanix’s solution could match our highest security expectations,” continued Mr. Al Rousan.

The feedback from users has been overwhelmingly positive and Mr. Al Rousan noted that the efforts of his team have been duly recognized by C-level executives and his counterparts in other departments. However, not ones to rest on their laurels, Mr. Al Rousan and his team are keen to build on their success. They are now exploring further use cases for Xi Frame which include enhanced support for BYOD (Bring Your Own Device) and robust ways to respond to unplanned business requirements. “This project has created a shift in mindset across our organization and there is a clear appetite to explore further VDI use cases. With its extremely dedicated on-ground support and range of market leading solutions, Nutanix has proven to be a reliable long-term technology partner. Over the last three years, we have become more and more invested into Nutanix and we will continue to strengthen our business relationship with them,” commented Mr. Al Rousan.

“Airport International Group like many organizations across the Middle East are dealing with the reality of needing to set up all their employees to work remotely, while still maintaining access to the same tools and applications they require to be productive. Through Xi Frame, we are proud to have been able to deliver an automated, fully managed cloud hosted service solution with ‘do-it-yourself’ simplicity that simplifies the continuous integration and continuous delivery of the digital workspace. We look forward to expanding our collaboration with Airport International Group in the near future,” concluded Aaron White, Regional Sales Director, Middle East at Nutanix.

Russian Helicopters to present upgraded Mi-171Sh at ARMY-2020 for the first time

The Russian Helicopters holding company (part of Rostec) will for the first time present upgraded Mi-171SH “Storm” military transport helicopter at the International Military-Technical Forum ARMY-2020. The helicopter, featuring enhanced protection and unique strike capabilities, was manufactured at the Ulan-Ude Aviation Plant.

The first flying prototype of the helicopter will be demonstrated at the forum. The presentation will also include the IBKV-17VP “glass cockpit” avionics suite and model of the new target sight system.

“Upgraded Mi-171Sh provides superior level of protection for both the crew and transported troops, thanks to titanium and kevlar armor protection, and the vehicle’s strike capabilities have been expanded to include guided missile weapons, noted the Director General of the Russian Helicopters, Andrey Boginsky.Mi-171SH is prepared for the most demanding combat and climatic conditions, which is why we named it “Storm” for our foreign customers. The name symbolizes its readiness to fight the elements, and on the other hand speaks of the helicopter’s flexible assault capabilities.” 

Mi-171Sh “Storm” is equipped with upgraded engines, new rotor system with an improved profile composite main rotor and X-shaped tail rotor, as well as latest version of the President-S on-board aircraft defense system. The armoring effectively protects the crew and the most parts of the helicopter, as well as the troop compartment. Two sliding doors on the sides and a ramp enable ultra-fast troop deployment.

In addition, the helicopter comes with improved armament, including 12.7 mm caliber machine guns and mdoern guided missile weapons with the OPS-24N-1L target sight system, which allows to engage against various ground and air targets.

JSC “Russian Helicopters”, a part of Rostec State Corporation, is a leading player in the global helicopter industry, the sole Russian designer and manufacturer of helicopters. The Holding Company was established in 2007 and is headquartered in Moscow. We operate five helicopter assembly plants, two design bureaus, component production and maintenance enterprises, aircraft repair plants and one helicopter service company providing after-sales support in Russia and abroad. The customers of the Holding Company are the Ministry of Defense, the Ministry of Home Affairs, EMERCOM of Russia, and other state customers, Gazpromavia, UTair Aviation company, large Russian and foreign companies.

State Corporation Rostec is one of the largest industrial companies in Russia. It unites more than 800 scientific and industrial organizations in 60 regions of the country. Its key areas of activity are transport engineering, electronics, medical technology, chemistry and innovative materials. Rostec holdings form three clusters: electronics, weapons and aviation. The corporation’s portfolio includes such well-known brands as AvtoVAZ, KAMAZ, Kalashnikov, Russian Helicopters, Uralvagonzavod and others. Rostec is active in the implementation of all 12 national projects. The company is a key provider of Smart City technology, it is engaged in the digitalization of public administration, industry and social sectors, and it is developing plans for the development of 5G wireless technologies, an Industrial Internet of Things, big data and blockchain systems. Rostec partners with leading world manufacturers such as Boeing, Airbus, Daimler, Pirelli and Renault. The corporation’s products are delivered to more than 100 countries worldwide. Almost a third of the company’s revenue comes from the export of high-tech products.