Intelligent CIO Logo
Regional NewsResearchTop Stories

Fortinet Report reveals cybercriminals are using common exploits and ‘Swarm’ Technology

Fortinet Report reveals cybercriminals are using common exploits and ‘Swarm’ Technology

Research from Fortinet reveals high botnet reoccurrence rates and an increase of automated malware

Fortinet, a global leader in cybersecurity, has announced the findings of its latest Global Threat Landscape Report. The research reveals high botnet reoccurrence rates and an increase of automated malware demonstrate cybercriminals are leveraging common exploits combined with automated attack methods at an unprecedented scale.

“Whether it’s WannaCry in May or Apache Struts in September, long-known and yet still-unpatched vulnerabilities serve as the gateway for attacks time and time again.” said Phil Quade, chief information security officer, Fortinet.

“Remaining vigilant of new threats and vulnerabilities in the wild is critical, but organisations also need to keep sight of what is happening within their own environment. There is an incredible urgency to prioritise security hygiene and embrace fabric-based security approaches that leverage automation, integration and strategic segmentation.”

Keeping up with swarm attacks, botnet reoccurrences or the latest ransomware attack is daunting for even the most strategic security team. To facilitate learning from what is happening in the wild, the intelligence included in the latest report offers views of the cyberthreat landscape from many perspectives. It focuses on three central aspects, namely application exploits, malicious software and botnets. It also examines important zero-day vulnerabilities and infrastructure trends of the corresponding attack surface.

  • Severity of Attacks Creates Urgency: 79% of firms saw severe attacks in Q3 2017. Research data during the quarter quantified 5,973 unique exploit detections, 14,904 unique malware variants from 2,646 different malware families, and 245 unique botnets detected. In addition, Fortinet identified 185 plus zero-day vulnerabilities.
  • Botnet Reoccurrence: Many organisations experienced the same botnet infections multiple times. Either the organisations did not thoroughly understand the scope of the breach and the botnet went dormant only to return after business operations went back to normal, or the root cause was never found and the organisation was re-infected with the same malware.
  • Swarming Vulnerabilities: The exact application exploit used by attackers to breach Equifax was the most prevalent with 6,000+ unique detections recorded last quarter, and it is once again the most prevalent this quarter. In fact, three exploits against the Apache Struts framework made the top 10 list of most prevalent. This is an example of how attackers swarm when they catch scent of widespread, vulnerable targets.
  •  Mobile Threats: One in four firms detected mobile malware. Four mobile malware specific families stood out for the first time because of their prevalence. This is an indication that mobile is increasingly becoming a target.
  • Pervasive and Evasive Malware: The most common functionality among top malware families was downloading, uploading, and dropping malware onto infected systems. This behaviour helps slip malicious payloads through legacy defences by wrapping them in dynamic packaging.
  • Cybercriminals Target All Sizes: Midsize firms saw higher rates of botnet infections. Cybercriminals potentially view midsize organisations as a ‘sweet spot’ because often they do not have the same level of security resources as large enterprises but are seen as having valuable data assets.