Poor security practices - infections spread rapidly

"The technological innovations that are driving our digital economy offer equal opportunities for good and evil when it comes to cybersecurity. Yet everyone has the opportunity to limit the impact of infections through consistent and effective security-related cyber practices," said Phil Quade, chief information security officer at Fortinet. "Many cyber criminals do not penetrate systems with new zero-day attacks, but mainly exploit already known vulnerabilities. This allows them to use more resources to camouflage their attacks, which are thus harder to detect. New "worm-like" features spread infections at a fast pace and can spread across platforms or vectors quite easily. Therefore, intent-based security strategies that rely on automation and integration are indispensable in this new reality."

Effective cyber practices are fundamental

Crime-as-a-service infrastructures and autonomous attack tools make it increasingly easy for attackers to operate globally. The remarkable thing about malware like "WannaCry" is its rapid spread and the fact that a wide range of industries can be attacked. Still, such attacks could be prevented if more companies placed value on consistent cyber practices. Unfortunately, hot exploit attacks on vulnerabilities that have not been patched or updated continue to be very successful. And it gets more complicated: once a given malware is automated, attackers no longer need to focus on specific industries, increasing their reach over time.

The results of the latest Global Threat Landscape Reports from Fortinet show the following:

• "Ransom worms" on the rise: Both WannaCry and NotPetya targeted a vulnerability for which a patch was available for only a few months. Companies that were spared from these attacks had either applied security tools that were sufficiently updated to detect the attacks on this vulnerability and/or had installed the patch as soon as it was available. Prior to "WannaCry" and "NotPetya," network worms had become less important in the last decade.
• Critical severity of attacks: More than two-thirds of all organizations were victims of significant or critical exploits in the second quarter of 2017. 90% of companies reported exploits of vulnerabilities that were three years old or older. Even after ten or more years after initial disclosure, 60% of companies still recorded related attacks. The second quarter data is clear: a total of 184 billion exploits detected, 62 million malware detections, and 2.9 billion botnet communication attempts.
• Active outside business hours: Automated threats know no closing time and no weekend. Nearly 44% of all exploit attempts occurred on a Saturday or Sunday. The average daily volume was twice as large on weekends as on weekdays.

Relationship between technology use and attack risk

 In the Digital Economy era, speed and efficiency are mission-critical factors, which means zero tolerance for device or system failures. As the use and configuration of technologies (applications, networks, and devices) evolve, the exploit, malware, and botnet tactics of cyber criminals become more advanced in parallel. Cyber criminals do not hesitate to exploit vulnerabilities in these new technologies or services. In particular, questionable software and vulnerable IoT devices on extremely connected networks pose a high risk because they are not consistently managed, updated, and replaced. In addition, encrypted traffic - while useful for cybersecurity and privacy - presents another challenge for many defense tools that have little visibility into encrypted communications.

• Application Usage: Risky applications create risk vectors that open the door to malware. Organizations with a large number of peer-to-peer (P2P) applications experience seven times more botnets and malware than those that do not allow P2P applications. Similarly, companies that allow numerous proxy applications. These report nearly nine times more botnets and malware than those where these applications are not allowed. Surprisingly, there was no evidence that increased use of cloud or social media applications leads to more malware and botnet infections.
• Analysis by industry: Education led in almost all areas of infrastructure and application use. The energy industry proved to be the most conservative, with all other industries falling between these two extremes.
• IoT devices: Nearly 20% of all organizations reported malware targeting mobile devices. IoT devices remain a challenge because they cannot get the same control, visibility, and protection as traditional systems.
• Encrypted Internet traffic: This quarter, encrypted communication on the Internet reached a record high for the second time in a row. At 57 percent, the share of HTTPS traffic has overtaken HTTP. This continues to be an important development, as malware uses encrypted communications for stealth.

Source: Fortinet

Methodology of the report: The Fortinet Global Threat Landscape Report summarizes FortiGuard Labs' information collected in Q2 2017 from Fortinet's myriad of network devices and sensors in production environments every three months. The research data is global and regional, and comes from a variety of industry sectors and organizations. The report also focuses on three key and complementary aspects of the threat landscape: application exploits, malware and botnets.