Connect with us

Market Research

FortiGuard Labs Reports Tenfold Increase in Ransomware

Published

on

Fortinet has announced the latest semiannual FortiGuard Labs Global Threat Landscape Report. Threat intelligence from the first half of 2021 demonstrates a significant increase in the volume and sophistication of attacks targeting individuals, organizations, and increasingly critical infrastructure. The expanding attack surface of hybrid workers and learners, in and out of the traditional network, continues to be a target. Timely collaboration and partnership momentum across law enforcement, as well as public and private sectors, is an opportunity to disrupt the cybercriminal ecosystem going into the second half of 2021.

Ransomware Is About Much More Than Just Money
FortiGuard Labs data shows average weekly ransomware activity in June 2021 was more than tenfold higher than levels from one year ago. This demonstrates a consistent and overall steady increase over a year period. Attacks crippled the supply chains of multiple organizations, in particular sectors of critical importance, and impacted daily life, productivity, and commerce more than ever before.

Organizations in the telecommunications sector were the most heavily targeted followed by government, managed security service providers, automotive, and manufacturing sectors. In addition, some ransomware operators shifted their strategy away from email-initiated payloads to focusing on gaining and selling initial access into corporate networks further showing the continued evolution of Ransomware-as-a-Service (RaaS) fueling cybercrime.

A key takeaway is that ransomware remains a clear and present danger for all organizations regardless of industry or size. Organizations need to take a proactive approach with real-time endpoint protection, detection, and automated response solutions to secure environments along with a zero-trust access approach, network segmentation, and encryption.

One in Four Organizations Detected Malvertising
Ranking the prevalence of top malware detections by malware families shows a rise in deceptive social engineering malvertising and scareware. More than one in four organizations detected malvertising or scareware attempts with Cryxos being a notable family. Although, a large volume of the detections is likely combined with other similar JavaScript campaigns that would be considered malvertising.

The hybrid work reality has undoubtedly encouraged this trend in tactics by cybercriminals as they attempt to exploit it, aiming for not just a scare but also extortion. Increased cybersecurity awareness is important as ever to provide timely training and education to help avoid falling victim to scareware and malvertising tactics.

Botnet Trends Show Attackers Push to the Edge
Tracking the prevalence of botnet detections showed a surge inactivity. At the beginning of the year, 35% of organizations detected botnet activity of one sort or another, and six months later it was 51%. A large bump in TrickBot activity is responsible for the overall spike in botnet activity during June.

TrickBot originally emerged on the cybercrime scene as a banking trojan but has since been developed into a sophisticated and multi-stage toolkit supporting a range of illicit activities. Mirai was the most prevalent overall; it overtook Gh0st in early 2020 and has reigned ever since well into 2021.

Mirai has continued adding new cyberweapons to its arsenal, but it is likely that Mirai’s dominance at least still partially stems from criminals seeking to exploit Internet-of-Things (IoT) devices used by work-from-home or learning-from-home individuals. Gh0st is also noticeably active, which is a remote access botnet that allows attackers to take full control of the infected system, capture live webcam and microphone feeds, or download files.

More than a year into remote work and learning shifts, cyber adversaries continue to target our evolving daily habits to exploit the opportunity. To protect networks and applications, organizations need zero-trust access approaches to provide the least access privileges to secure against IoT endpoints and devices entering the network.

Disruption of Cybercrime Shows Reduced Threat Volumes
In cybersecurity, not every action has an immediate or lasting effect, but several events in 2021 show positive developments specifically for defenders. The original developer of TrickBot was arraigned on multiple charges in June. Also, the coordinated takedown of Emotet, one of the most prolific malware operations in recent history, as well as actions to disrupt the Egregor, NetWalker, and Cl0p ransomware operations represent significant momentum by cyber defenders, including global governments and law enforcement to curb cybercrime.

In addition, the level of attention that some attacks garnered spooked a few ransomware operators to announce they were ceasing operations. FortiGuard Labs’ data showed a slowdown of threat activity following the Emotet takedown. Activity related to TrickBot and Ryuk variants persisted after the Emotet botnet was taken offline, but it was at a reduced volume. This is a reminder of how hard it is to eradicate cyber threats or adversary supply chains immediately, but these events are important achievements regardless.

Defensive Evasion and Privilege Escalation Techniques Favored by Cybercriminals
Studying higher resolution threat intelligence reveals valuable takeaways about how attack techniques are evolving currently. FortiGuard Labs analyzed the specific functionality inherent to detected malware by detonating the samples to observe what the intended outcome was for cyber adversaries.

The result was a list of negative things malware would have accomplished if the attack payloads had been executed in target environments. This shows cyber adversaries sought to escalate privileges, evade defenses, move laterally across internal systems, and exfiltrate compromised data, among other techniques. For example, 55% of observed privilege escalation functionality leveraged hooking, and 40% utilized process injection.

A takeaway is that there is an obvious focus on defense evasion and privilege escalation tactics. Although these techniques are not novel, defenders will be better positioned to secure against future attacks, armed with this timely knowledge. Integrated and artificial intelligence (AI)-driven platform approaches, powered by actionable threat intelligence, are essential to defend across all edges and to identify and remediate shifting threats organizations face today in real-time.

Derek Manky, Chief, Security Insights and Global Threat Alliances, FortiGuard Labs, said, “We are seeing an increase in effective and destructive cyberattacks affecting thousands of organizations in a single incident creating an important inflection point for the war on cybercrime. Now more than ever, everyone has an important role in strengthening the kill chain. Aligning forces through collaboration must be prioritized to disrupt cybercriminal supply chains. Shared data and partnership can enable more effective responses and better predict future techniques to deter adversary efforts. Continued cybersecurity awareness training, as well as AI-powered prevention, detection, and response technologies integrated across endpoints, networks, and the cloud, remain vital to counter cyber adversaries.”

While government and law enforcement agencies have taken actions relative to cybercrime in the past, the first half of 2021 could be a game-changer in terms of the momentum for the future. They are working with industry vendors, threat intelligence organizations, and other global partnership organizations to combine resources and real-time threat intelligence to take direct action against cyber adversaries.

Regardless, automated threat detection and AI remain essential to enable organizations to address attacks in real-time and to mitigate attacks at speed and scale across all edges. In addition, cybersecurity user awareness training is as important as ever with anyone being a target of cyberattacks. Everyone needs regular instruction on best practices to keep individual employees and the organization secure.

Cyber Security

The Rising Risk of Ransomware Attacks on Organisations and How to Mitigate it

Published

on

According to the 2022 SonicWall Cyber Threat Report, “ransomware volume increased 105% year over year and is up 232% since 2019.” With the risk of ransomware attacks continuing to rise, it’s crucial to shield your organization from these attacks to avoid unwanted financial fallout.

Ransomware attacks commonly target an organization’s file servers and databases using malicious code to encrypt files such as documents, images, and videos on the system. Ransomware can also be programmed to find vulnerabilities on the network and use these to spread to other systems in an organization. Ransomware attacks are typically executed through social engineering like widespread phishing attacks, but cybercriminals can also specifically target a certain entity, sometimes a popular one. These attacks have the potential to cripple an entire organization’s database.

Once encrypted by ransomware, files are almost impossible to retrieve without the decryption key. To get this key, the victim is demanded to pay a ransom—often millions of dollars—within a short timeframe, usually 24 to 48 hours. If the victim organization keeps a backup of its files, then it’ll be able to restore those files and avoid paying the ransom. If not, the organization often has no option but to pay the ransom.

However, if you fall victim to a ransomware attack, it’s strongly recommended that you don’t pay the ransom to regain access to your encrypted files. This is because you are relying on the integrity of a cybercriminal. The cybercriminal may not give you the decryption key after the transaction or, even worse, they may continue to target your organization and repeatedly demand higher ransoms now that they know you’re willing to pay.

In recent years, it has become much easier to develop ransomware, resulting in the continued rise in ransomware attacks. Cybercriminals can develop and execute a ransomware attack with readily available open-source code and with easy-to-use drag-and-drop platforms. It is also hard to track these cybercriminals because transactions involving ransomware are commonly made using cryptocurrency.

Ransomware attacks can result in exploitation and loss of your organization’s critical and confidential data. But there are steps you can take to prevent and mitigate these attacks.

Back-Up Your Data
Take regular backups of all your files and data; this way, even if your system is infected, you can erase the infected files and recover them using your backups. This cannot prevent a ransomware attack, but it can mitigate the risk of losing all your data.

Keep Your System and Software Up-to-Date
Maintain a healthy patching routine. This includes updating your software as soon as possible when patches for security vulnerabilities are released by vendors. To keep your device secure from ransomware attacks, use a security solution that can identify these attacks at their earliest stages and mitigate their impact.

Be Careful Where You Click
Beware of social engineering attacks and email scams, and avoid downloading files from untrusted sources as these can result in your system being exploited by malicious software like ransomware. What makes social engineering attacks so dangerous is that they take advantage of human error rather than system vulnerabilities.

Create Awareness Among Employees About Ransomware Attacks
Since human error is a major vector cybercriminal manipulate to carry out ransomware attacks, it is essential to educate and train employees on social engineering and email phishing attacks to effectively secure your organization against them.

ManageEngine’s security information and event management (SIEM) solutions protect your enterprise network from cyberattacks and insider threats. SIEM solutions collect and analyze the security data generated by your devices in real-time, alerting you about vulnerabilities, indicators of compromise, and any suspicious activity to help you mitigate the risk of ransomware attacks.

Continue Reading

Cyber Security

Ransomware Hit 59% of UAE Organizations Surveyed for Sophos’ Annual “State of Ransomware 2022”

Published

on

Sophos has released its annual international survey and review of real-world ransomware experiences in the State of Ransomware 2022. The report shows that 59% of UAE organizations surveyed were hit with ransomware in 2021, up from 38% in 2020.

The report summarizes the impact of ransomware on 5,600 mid-sized organizations in 31 countries across Europe, the Americas, Asia-Pacific, and Central Asia, the Middle East, and Africa. The main findings for the UAE in the State of Ransomware 2022 global survey, which covers ransomware incidents experienced during 2021, as well as related cyber insurance issues, include:

  • Many organizations rely on cyber insurance to help them recover from a ransomware attack – 85% of mid-sized organizations had cyber insurance that covers them in the event of a ransomware attack – and, in 100% of incidents, the insurer paid some or all the costs incurred.
  • Ninety-eight percent of those with cyber insurance said that their experience of getting it has changed over the last 12 months, with higher demands for cybersecurity measures, more complex or expensive policies, and fewer organizations offering insurance protection.

“The findings suggest we may have reached a peak in the evolutionary journey of ransomware, where attackers’ greed for ever higher ransom payments is colliding head-on with a hardening of the cyber insurance market as insurers increasingly seek to reduce their ransomware risk and exposure,” said Wisniewski. “In recent years, it has become increasingly easy for cybercriminals to deploy ransomware, with almost everything available as-a-service. Second, many cyber insurance providers have covered a wide range of ransomware recovery costs, including the ransom, likely contributing to ever higher ransom demands. However, the results indicate that cyber insurance is getting tougher and in the future ransomware victims may become less willing or less able to pay sky-high ransoms. Sadly, this is unlikely to reduce the overall risk of a ransomware attack. Ransomware attacks are not as resource intensive as some other, more hand-crafted cyberattacks, so any return is a return worth grabbing and cybercriminals will continue to go after the low hanging fruit.”

Sophos recommends the following best practices to help defend against ransomware and related cyberattacks:

  1. Install and maintain high-quality defenses across all points in the organization’s environment. Review security controls regularly and make sure they continue to meet the organization’s needs.
  2. Proactively hunt for threats to identify and stop adversaries before they can execute their attack – if the team lacks the time or skills to do this in house, outsource to a Managed Detection and Response (MDR) specialist.
  3. Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines, open RDP ports, etc. Extended Detection and Response (XDR) solutions are ideal for this purpose.
  4. Prepare for the worst. Know what to do if a cyber incident occurs and keep the plan updated.
  5. Make backups, and practice restoring from them so that the organization can get back up and running as soon as possible, with minimum disruption.
Continue Reading

Cyber Security

Cybersecurity Skills Gap Contributed to 80 Percent of Breaches: Fortinet Report

Published

on

Fortinet has released its 2022 Cybersecurity Skills Gap Report. The new global report reveals that the cybersecurity skills shortage continues to have multiple challenges and repercussions for organizations, including the occurrence of security breaches and subsequently loss of money. As a result, the skills gap remains a top concern for C-level executives and is increasingly becoming a board-level priority. The report also suggests ways the skills gap can be addressed, such as through training and certifications to increase employees’ education.

Sandra Wheatley, SVP Marketing, Threat Intelligence, and Influencer Communications at Fortinet says, “According to the Fortinet report released today, the skills gap isn’t just a talent shortage challenge, but it’s also severely impacting business, making it a top concern for executive leaders worldwide. Through Fortinet’s Training Advancement Agenda (TAA) and Training Institute programs, we are committed to tackling the challenges revealed in the report through various initiatives, including programs focused on cybersecurity certifications and recruiting more women into cyber. As part of this commitment, Fortinet has pledged to train 1 million professionals to increase cyber skills and awareness and make a dent in the skills gap by 2026.”

The Widespread Global Impact of the Cybersecurity Skills Shortage
According to (ISC)2’s 2021 Cyber Workforce Report, the global cybersecurity workforce needs to grow 65 percent to effectively defend organizations’ critical assets. While the number of professionals needed to fill the gap has decreased from 3.12 million down to 2.72 million in the past year, this is still a significant void that leaves organizations vulnerable.

Fortinet’s report demonstrates multiple risks resulting from the cybersecurity skills gap. Most notably, 8 in 10 organizations surveyed have suffered at least one breach they could attribute to a lack of cybersecurity skills or awareness. The survey also showed that globally 64 percent of organizations experienced breaches that resulted in the loss of revenue, recovery costs and/or fines.

Given the increasing costs of breaches on organizations’ profits and reputation, cybersecurity is becoming more of a board-level priority. Globally, 88 percent of organizations that have a board of directors reported that their board asks questions specifically about cybersecurity. And 76 percent of organizations have a board of directors who has recommended increases in IT and cybersecurity headcount.

Advancing Cybersecurity Skills Through Training and Certifications
Fortinet’s skills gap report demonstrated that training and certifications are critical ways organizations seek to further tackle the skills gap. The report revealed that 95 percent of leaders believe technology-focused certifications positively impact their role and their team, while 81 percent of leaders prefer to hire people with certifications. Additionally, 91 percent of respondents shared they are willing to pay for an employee to achieve cyber certifications. One major reason for certifications being highly regarded is due to their validation of increased cybersecurity knowledge and awareness.

In addition to valuing certifications, 87 percent of organizations have implemented a training program to increase cyber awareness. However, 52 percent of leaders believe their employees still lack the necessary knowledge, which raises questions about how effective their current security awareness programs are. For organizations looking for security awareness training, Fortinet offers a Security Awareness and Training service through the award-winning Fortinet Training Institute. The service further protects organizations’ critical digital assets from cyber threats by building employee cybersecurity awareness. This service receives updates from Fortinet’s FortiGuard Labs threat intelligence so that employees are learning and keeping up with the latest evolving cyberattack methods to prevent company breaches and risks from being introduced.

Addressing Recruitment and Retention Challenges with Diversity Commitments
A significant challenge for organizations has been finding and retaining the right people to fill critical security roles ranging from cloud security specialists to SOC analysts. The report found that 60 percent of leaders admit their organization struggles with recruitment and 52 percent struggle to retain talent.

Among hiring challenges is the recruitment of women, new college graduates, and minorities. Globally, 7 out of 10 leaders see the recruitment of women and new graduates as a top hiring hurdle and 61 percent said hiring minorities has been challenging. As organizations look to build more capable and more diverse teams, 89 percent of global companies have explicit diversity goals as part of their hiring strategy according to the report. The report also demonstrated that 75 percent of organizations have formal structures to specifically recruit more women and 59 percent have strategies in place to hire minorities. Additionally, 51 percent of organizations have efforts in place to hire more veterans.

Continue Reading
Advertisement


Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.