Fortinet Threat Landscape Report Highlights Cybercriminals Bypassing Popular Phishing Tactics to Inject or Execute Code Onto a Range of Publicly Facing Services

“Cybercriminals continue to attempt to be a step ahead of cybersecurity professionals. While they develop new malware and zero-day attacks, they also redeploy previously successful tactics to maximize opportunity across the entire attack surface,”said Derek Manky, Chief, Security Insights & Global Threat Alliances, Fortinet. “In addition to essential strategies like patching, segmenting, and training, organizations also need to embrace automation and AI to enhance their ability to correlate threat intelligence and respond to threats in real time. This approach will only be successful, however, when organizations integrate all of their security resources into a security fabric that can see across, and adapt to their rapidly expanding network.”

Highlights of the report follow.

Shifting Tactics to Catch Organizations By Surprise: The majority of malware is delivered via email, therefore many organizations have been aggressively addressing phishing attacks with end user training and advanced email security tools. As a result, cybercriminals are expanding their ability to deliver malicious malware through other means. These include targeting publicly facing edge services such as web infrastructure, network communications protocols, as well as bypassing ad blocker tools to open attack vectors that don’t rely on traditional phishing tactics. For example, this quarter FortiGuard Labs saw attacks against vulnerabilities that would allow the execution of code remotely targeting edge services, at the top in terms of prevalence amongst all regions. Although this tactic is not new, changing tactics where defenders may not be as closely watching can be a successful way to catch organizations off guard and increase chances for success. This can be especially problematic ahead of a busy online shopping season when online services will experience increased activity.

Maximizing Earning Potential: Following in the footsteps of the lucrative GandCrab ransomware, which was made available on the dark web as a Ransomware-as-a-Service (RaaS) solution, cybercriminal organizations are launching new services to expand their earning potential. By establishing a network of affiliate partners, criminals are able to spread their ransomware widely and scale earnings dramatically in the process. FortiGuard Labs observed at least two significant ransomware families—Sodinokibi and Nemty—being deployed as RaaS solutions. These are potentially just the beginning of what could be a flood of similar services in the future.

Refining Malware for Success: Expanding on these approaches, cybercriminals are also refining malware to evade detection and deliver increasingly sophisticated and malicious attacks, such as the evolution of the Emotet malware. This is a troubling development for organizations as cybercriminals increasingly use malware to drop other payloads on infected systems to maximize their opportunities for financial gain. Recently, attackers have begun using Emotet as a payload delivery mechanism for ransomware, information stealers, and banking trojans including TrickBot, IcedID, and Zeus Panda. In addition, by hijacking email threads from trusted sources and inserting malicious malware into those email threads, attackers are significantly increasing the likelihood that those malicious attachments will be opened.

Maximizing Opportunity with Older Vulnerabilities and Botnets: Targeting older, vulnerable systems that have not been properly secured is still an effective attack strategy. FortiGuard Labs discovered that cybercriminals target vulnerabilities twelve or more years old more often than they target new attacks. And in fact, they target vulnerabilities from every subsequent year since then at the same rate as they do current vulnerabilities.

Similarly, this trend of maximizing existing opportunity also extends to botnets. More so than any other type of threat, the top botnets also tend to carry over from quarter to quarter and region to region globally with little change. This suggests the control infrastructure is more permanent than particular tools or capabilities, and that cybercriminals not only follow new opportunities, but like legitimate businesses, also leverage existing infrastructure whenever possible to increase efficiency and reduce overhead.

Protecting for the Unexpected: Broad, Integrated, and Automated Security

The expanding attack surface and shifting attack strategies of cybercriminals means organizations cannot afford to over-focus on a narrow set of threat trends. It is essential that organizations adopt a holistic approach to securing their distributed and networked environments. This requires the deployment of a security fabric that is broad, integrated, and automated. This approach will enable organizations to reduce and manage the expanding attack surface through broad visibility across integrated devices, stop advanced threats through AI-driven breach prevention, and reduce complexity through automated operations and orchestration. In addition, threat intelligence that is dynamic, proactive, and available in real-time plays a crucial role in identifying trends by following the evolution of attack methods targeting the digital attack surface and then pinpointing cyber hygiene priorities.

Report and Index Overview
The latest Fortinet Threat Landscape Report is a quarterly view that represents the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of global sensors during Q3 of 2019. Research covers global and regional perspectives. Also included in the report is the Fortinet Threat Landscape Index (TLI), comprised of individual indices for three central and complementary aspects of that landscape, which are exploits, malware, and botnets, broken down by prevalence and volume in a given quarter.

Nutanix, a leader in enterprise cloud computing, announced today that it will host its annual .NEXT on Tour with the theme ‘Invisible Clouds, Visible IT’ at the Fairmont Riyadh, Saudi Arabia on November 18, 2019. The conference will focus on helping enterprises in the Kingdom free themselves from the complexity and cost of legacy IT and embrace the power of cloud. 

 

Executives from Nutanix will deliver a number of informative sessions including latest insights into data center modernization, multi-cloud and automation and application workloads. The event will feature keynotes and talks, hands-on learning with experts, and a first-hand look at the latest Nutanix products. The solutions-oriented event will educate attendees on how they can build virtual apps and desktops on Nutanix. Topics include:

 

The illustrious speaker lineup includes Dheeraj Pandey Co-Founder & CEO Nutanix, who has been identified as being one of the top 30 most influential IT leaders in the world and Stephen Hadley, principal of RiceHadleyGates LLC, an international strategic consulting firm founded with Condoleezza Rice, Robert Gates, and Anja Manuel. AvinashShetty, Sr. Director, Strategy at Nutanix will conduct technical sessions, giving deeper insights into specific product features, workloads and latest technology announcements. One of the attractions at the event will be the presence of Sophia the robot, the world’s first robot citizen who is a Saudi national.

 

Mohammad Abulhouf, Country Manager – Saudi & Bahrain at Nutanix says, “.NEXT on has become a premier event for the latest in cloud technologies. With our company’s well-earned reputation as a global leader in hyperconverged infrastructure (HCI), we aim to help regional organizations embrace the power of hybrid clouds by eliminating pain points, and enabling them to manage, govern and optimize applications across public and private cloud architectures. I’m confident that this event in Riyadh will give attendees a clear roadmap so that they can help drive digital transformation initiatives within their organizations.”

Nitin Kaushal

Vice President Sales META of Capillary Technologies

As Vice President Sales META of Capillary Technologies, Nithin Kaushal has a deep understanding of the technology sector with expertise in Enterprise Sales Strategy especially Value Based selling & Channel Development.

Currently there are over 800 Capillary associates across 14 global offices continually innovating to find new ways for brands to make their consumers’ lives easier, and experiences memorable.

Nithin talks to us about the outlook on the current retail landscape in Middle East (UAE and KSA) in an interview.

1. Countries in the GCC are on the cusp of retail revolution. What is driving their growth at the moment?

In a trend that is growing all over the world, consumers in GCC are also increasingly expecting personalised engagement with the brands that they interact with. This has persuaded brands to deepen their involvement through the customer’s journey, and not just at the time of transaction.

The greatest driver of this growth in the retail industry has been consumers moving to online shopping. The ecommerce market is predicted to expand threefold by 2022 as compared to 2018, making the penetration rate 7% of total retail sales.

• How is technology going to drive growth for brands? How is Loyalty, CRM, Ecommerce, AI and personalization enhancing this growth?

Technology has been at the core of helping brands stay Consumer Ready through an evolving consumer environment. 

It starts with helping brands collect data related to customer behaviour and transactions across all channels (offline, online and social). This allows for a single view of the customer; the Customer Data Platform is an exemplary way for brands to do this with ease.

Following this is enhancing communication with customers. Mass campaigns and discount-based loyalty is a thing of the past. AI-powered tech is helping brands bring personalised communication to life. We have seen brands gain five times their usual engagement (like hit rates, redemption) when they personalise engagement. Additionally, technology like behavioural data capture and gamification is helping brands create experiential loyalty programs for their customers. We’ve also seen that brands resonate with Loyalty Programs and apps especially when purchase cycles are longer.

A critical aspect of e-commerce is the experience customers receive. Technology can be broadly divided into 2 categories: Front-end (or consumer-facing), and Back-end. At the front-end, the key is to create sector-specific consumer journeys using tech-enabled customisations that are both easy and quick. At the back-end, it is crucial to have a strong Order Management System (OMS), powered by open APIs for easy integration. The region is also witnessing the rising trend of Online-to-Offline customer journeys.

A brand provides a consistent customer experience across all their channels when the various segments of technology are robustly integrated with each other to work in sync.

• How tech-ready are retailers in the GCC, and what trends should brands be embracing right now?

Getting tech-ready for the next generation of consumers boils down to two parts: System Readiness and People Readiness.

System Readiness – The majority of retailers still operate on legacy systems that are not integrated with each other, and prevent retailers from providing a consistent experience across channels. Legacy systems hinder retailers from moving fast with evolving customers because a lot of data isn’t available while recreating a single view of the customer. With new channels emerging (such as online and social), brands can leverage the data generated to understand their customers better. Hence, it is important for retailers to move to cloud-based technologies which are easy to integrate and allow brands to keep up with the changing consumer due to its very nature. 

People Readiness – This is a positive trend in the region. There is an increased focus on investing in consistent customer experiences across platforms. We see retailers creating roles like CRM Head, Chief Digital Officer and Chief Customer Officer among others. This definitely pushes retailers in the region to have System Readiness.

• If retailers embrace new technology, how can Capillary Technologies help them protect their data, and how do firewalls, security programmes and anti-virus software help?

Not really relevant. We are a SaaS-based product company for CRM, Loyalty, e-commerce and in-store technology. We do help retailers capture data, but we have a strict data security policy. We use the world’s highest security standards–the Payment Card Industry Data Security Standard (PCI DSS) certification–to ensure that customer data is secure at all times, no matter where they shop. In addition to this, we are also ISO 27001:2013 certified.

• Consumers now have a number of touchpoints to interact with their favourite brands, and data is generated in the form of their transactional history, personal data and buying preferences. How much can retailers know about buyers using technology?

I will divide this into 3 broad buckets – Online, Offline and Social

Online – Online platforms help retailers collect massive amounts of data. Here, the complete online customer journey is available to retailers. 

Offline – This is where the real challenge lies. Apart from transactional history, retailers really don’t know the details about the customer journey (such as visit history, browsing history, demographics and other data). For the same reason, we recently launched an AI-powered solution which, on the one hand, helps brands track people as they walk into a store; on the other hand, brands can track the demographics of walk-in customers. With this information at the brands’ disposal, they can know the power hours of every store and staff their stores accordingly.

Social – This is the newest channel to evolve, and plays a very important role in pre- and post-purchase journeys. Brands do have limited information about their consumers here, but the bigger challenge is tying that information back to the complete customer journey to obtain a single view of the customer. 

Finally, all this data is integrated into one single platform to create a single view of the customer. This is utilised to develop personalised campaigns and strategies, which in turn accelerates growth.

Powered by Nutanix’s Xi IoT Platform, Solution to Improve Supply Chain and Logistics Operations in Real-time by Leveraging AI, IoT, and Edge Computing

Nutanix, Inc.(NASDAQ: NTNX), a leader in enterprise cloud computing, announced today a partnership with Hardis Group, a consulting, digital services and software publishing company, to deliver Vision Insights powered by Xi IoT, an innovative solution to manage supply chain operations efficiency. Available now, Vision Insights powered by Xi IoT is a supply chain optimisation solution comprised of Hardis Group Vision Insights software running as a container on the Nutanix Xi IoT platform. This solution will help companiesharness the potential of cognitive services (image and voice recognition), IoT, edge computing, and machine learning technologies to dramatically improve efficiency, traceability, and safety of logistics and supply chain operations in warehouses, factories and distribution centres.

In a new survey of 2,650 IT decision-makers around the world by Vanson Bourne, commissioned by Nutanix, IoT and edge computing ranked highest among other high-impact technologies and trends as having a “significant impact” overall on respondents’ businesses. In addition, AI and IoT will have a strong impact on supply chain management operations and according to Gartner “by 2023, at least 50 percent of large global companies will be using AI, advanced analytics and IoT in supply chain operations.”^[1]

Vision Insights powered by Xi IoT allows Hardis Group’s Vision Insight customers to get easy traceability of assets through real-time image monitoring and recognition. For example, sensor data from cameras, fixed or embedded on systems such as an automatic guided vehicle (AGV) or cart, will be ingested into the Xi IoT platform through data pipelines and passed to Vision Insights for AI inferencing at the edge. This enables the creation of a digital twin of the warehouse and real-time analysis of a situation, which can include comprehensive visibility of a specific logistics process flow, number of pallets incorrectly positioned, wet or damaged package detection, or an operator not equipped with proper safety equipment. Any anomalies in the image recognition are sent to the Hardis Group cloud for deep learning purposes and the entire edge platform is managed by the Xi IoT SaaS management.

By bringing this new solution to market with Hardis Group as part of their new Vision Insights and IoT Insights programs, Nutanix helps its customers address common supply chain operations challenges such as efficiency, traceability and safety. Key benefits of this solution include:

• Ability to centrally deploy, secure, monitor and manage the lifecycle of supply chain applications and AI models across thousands of edge locations
• Capability to seamlessly work with existing remote camera deployments for a quick path to ROI
• Support for a large variety of edge hardware devices to accommodate nearly any logistics facility 

By partnering with Nutanix’s Xi IoT platform, Hardis Group was able to focus on the business logic behind their Vision Insights program, and dramatically decrease the time to develop the application, go-to-market, onboard and prove ROI to its customers, as well as drastically improve IoT security, app debuggability and manageability.

“Historically, warehouse and supply chain managers have had to rely on manual processes to track warehouse logistics. With our joint solution, we’re helping customers improve the logistics performance in their factories, including upstream and downstream of their production lines, from the moment their components and raw materials arrive on-site, to storage and shipment of finished products. Customers can now seamlessly track and control routine processes through automation and IoT to improve efficiency, traceability and safety,” said Satyam Vaghani, Senior Vice President and General Manager of AI and IoT at Nutanix. “This partnership will bring better management of customer’s logistics flows by leveraging AI, advanced analytics and IoT to improve supply chain operations.”

“When we started developing this solution in the cloud, we quickly realised we needed a partner who was able to operationalise this at industrial scale at the edge. Nutanix and its Xi IoT platform was the right partner to assist us in doing so,” said Nicolas Odet, CEO of Hardis Group. “By working with Nutanix, we were able to drastically reduce the time this innovative solution was brought to market for our customers and help them accelerate their supply chain and digital transformation. We’re excited to continue working with Nutanix to scale and deploy these solutions worldwide.” 

By: Craig Sanderson, Senior Director of Security Products at Infoblox

Historically, organizations have struggled to gain visibility of what users, devices and applications are accessing their network infrastructure. If the maxim “you can’t protect what you can’t see” holds true, then the prospect of the Internet of Things (IoT) business transition which will result in billions of devices connecting to IP networks is a nightmare in waiting. Identification and classification of IoT devices is particularly problematic because the range of new device types leveraging the IP network is going to explode making it harder for IT security teams to manage and control policies that protect these new devices from themselves and the existing IP connected services.

Beyond controlling accessing and setting policy, IoT also presents a sizable headache when it comes to detecting breaches and enabling effective response. The plethora of protocols that IoT devices will leverage, spanning a broad range of vertical industries from Healthcare to Retail will make it hard for traditional security platforms to detect breaches. Malware sandboxes whose expertise is identifying abuse of well-known operating systems such as Windows servers will have a steep learning curve to apply the same detection for the bespoke applications running on proprietary software platforms. Instead organizations will have to rely heavily on secure IoT endpoint platforms to try and reduce the potential attack surface area. Surely there must be a simpler way to approach these problems. A common denominator that can cope with the breadth of platforms and devices that IoT will present.

That common denominator could well be an infrastructure that is already prevalent across all IP networks, whether they be corporate network, public clouds, next generation data centers and even the Internet. That infrastructure would be the DHCP, DNS and IP address management (DDI) infrastructure which for the past 30 years has provided internet scale to all IP connected devices. How could this ubiquitous infrastructure be applied to the address the challenges of IoT?

Device Identification and Classification

Starting with device identification and classification. IP connected IoT devices are going to require an IP address. If the addresses are statically provisioned organizations will need an IP address management platform to manage the IP address space, even more so given the dramatic increase in consumption of addresses. Even if the devices are going to use IPv6 where address space is not constrained, managing and tracking those addresses is an important operational need. Similarly, if the devices obtain their addresses dynamically, they will still need a DHCP (Dynamic Host Configuration Protocol) server to provide those addresses. In either case the centralized platforms that manage the IP address space will have a comprehensive view of what devices are on the network. More so, through the static address management process there is the opportunity to classify the device at the moment of provisioning. In the case of DHCP, the DHCP request from the IoT device provides a fingerprint that would enable the DHCP server to classify what devices is requesting an address. There does not seem to be any better common way to identify and classify the broad range of IoT devices than with an IP address management and DHCP platform.

Threat Detection

In the case of threat detection there is an advantage to protecting devices over users. Anomaly detection for users is difficult because it’s hard to predict what a user’s normal behaviour is. Machines on the other hand tend to be far more predictable which means anomaly detection could be a fruitful way of identifying compromised machines. One common means of applying anomaly detection across the breadth of IoT devices would be to leverage their DNS activity. Since statically configuring applications and services is impractical and not scalable, most IoT devices will leverage DNS to dynamically locate the services and platforms it needs to interact with. DNS provides that flexibility enabling services to be re-located between networks whilst maintaining a common point of reference: the fully qualified domain. 

On this premise, it’s possible to monitor and model the services the IoT device seeks to communicate with. If for example there is an IoT thermostat made by a manufacturer in Germany, it may communicate back to the manufacturer for software updates, leveraging DNS to resolve the address of the update server in Germany. DNS servers could model that behaviour and if the device began to deviate from its typical pattern of behaviour, perhaps by attempting to resolve services in a previously unknown location, that would provide an indication of compromise. The common need for IoT devices to use DNS to locate services provides a simple, scalable and consistent model for detecting potential breaches.

Given the looming challenges of IoT, it’s worth considering how the DNS and DHCP platforms that serve IT infrastructure today could be repurposed as a scalable tool for device classification and breach detection.