Fortinet today announced the findings of the latest semiannual FortiGuard Labs Global Threat Landscape Report. FortiGuard Labs threat intelligence from the first half of 2020 demonstrates the dramatic scale at which cybercriminals and nation-state actors leveraged a global pandemic as an opportunity to implement a variety of cyberattacks around the world. The adaptability of adversaries enabled waves of attacks targeting the fear and uncertainty in current events as well as the sudden abundance of remote workers outside the corporate network, which quickly expanded the digital attack surface overnight.
From opportunistic phishers to scheming nation-state actors, cyber adversaries found multiple ways to exploit the global pandemic for their benefit at an enormous scale. This included phishing and business email compromise schemes, nation-state-backed campaigns and ransomware attacks. They worked to maximize the global nature of a pandemic that affected everyone around the world combined with an immediately expanded digital attack surface. These trends were seen with other newsworthy items and demonstrate how quickly attackers can move to take advantage of major developments with broad social impact at a global level.
The report also noted that the attack perimeter also more personal, with more corporates opting to remote working globally. In the first half of 2020, exploit attempts against several consumer-grade routers and IoT devices were at the top of the list for IPS detections. In addition, Mirai and Gh0st dominated the most prevalent botnet detections, driven by an apparent growing interest of attackers targeting old and new vulnerabilities in IoT products.
Another important finding is that Web browsers, not just devices, are also prime targets for cybercriminals. For example, web-based malware used in phishing campaigns and other scams outranked the more traditional email delivery vector earlier this year. In fact, a malware family that includes all variants of web-based phishing lures and scams ranked at the top for malware in January and February and only dropped out of the top five in June.
Ransomware threats have not diminished during the last six months. COVID-19-themed messages and attachments were used as lures in a number of different ransomware campaigns. Other ransomware was discovered rewriting the computer’s master boot record (MBR) before encrypting the data. In addition, there was an increase in ransomware incidents where adversaries not only locked a victim organization’s data but stole it as well and used the threat of widescale release as additional leverage to try and extort a ransom payment. Data shows that the five most heavily targeted sectors for ransomware attacks are telco, MSSPs, education, government, and technology. The rise of ransomware being sold as a service (RaaS) and the evolution of certain variants indicates that the situation with ransomware is not going away.
OT networks remain a target for cyber adversaries. The EKANS ransomware and the Ramsay espionage framework are examples of threat actors looking for fresh ways to infiltrate OT networks. The prevalence of threats targeting supervisory control and data acquisition (SCADA) systems and other types of industrial control systems (ICS) is less in volume than those affecting IT, but that does not diminish the importance of this trend.
A review of the CVE list suggests that though 2020 looks to be on pace to break the number of published vulnerabilities in a single year, vulnerabilities from this year also have the lowest rate of exploitation ever recorded in the 20-year history of the list.
“The first six months of 2020 witnessed an unprecedented cyber threat landscape. The dramatic scale and rapid evolution of attack methods demonstrate the nimbleness of adversaries to quickly shift their strategies to maximize the current events centered around the COVID-19 pandemic across the globe,” says Derek Manky, Chief, Security Insights & Global Threat Alliances, FortiGuard Labs. “There has never been a clearer picture than now, of why organizations need to adjust their defense strategies going forward to fully take into account the network perimeter extending into the home. It is critical for organizations to take measures to protect their remote workers and help them secure their devices and home networks for the long term. It is also wise to consider adopting the same strategy for cyber viruses that we are adopting in the real world. Cyber social distancing is all about recognizing risks and keeping our distance.”