Fortinet Threat Report Q4 2018

Fortinet has published its threat report for the fourth quarter of 2018. This summarises what threats and attacks were observed and how they changed in relation to previous quarters.

Exploits

There were few surprises in terms of exploits in the fourth quarter of 2018. Threat levels were consistently high. 5% more variants were discovered than in the previous quarter. Internet of Things (IoT) devices were popular attack targets as they are often directly accessible via the internet and often have known vulnerabilities. About 50% of the exploit attacks targeted IoT devices. However, well-known attacks on Apache Struts, for example, continue to be carried out, although the gap has been known worldwide since the Equifax hack in 2017 at the latest. The attacks on IoT devices were often used for so-called cryptojacking. Software is installed on the IoT devices that is supposed to "mine" a cryptocurrency by calculating complex algorithms. This not only increases power consumption, but also puts a strain on the device, which is not necessarily designed for permanent use.

Malware

There was a slight easing in the malware situation. The number of attacks is declining, which can probably also be attributed to better security awareness in companies. It is worth mentioning, however, that open source tools are being used to spread malware. This allows malware developers to use the latest software libraries to improve or develop their malware. In addition, developers have become more agile and have been able to develop and release variants of known malware more quickly and efficiently.

In terms of malware, cryptocurrency has also continued to be very popular, although we should see a sharp decline in this category in the future. This is related to the collapse of several exchanges that traded cryptocurrencies, as well as the shutdown of the Coinhive service, which made it possible to "mine" the cryptocurrency Monero via the browser.

Botnets

Fewer botnet infections were observed, but infected systems remained infected longer than in the previous quarter. There were no real changes in the variants detected.

Industry and IoT

Industrial and control systems and IoT devices remain attractive targets for attack and require appropriate security measures. There was an increase in attacks specifically targeting these devices in the fourth quarter of 2018. While a slowdown in cryptojacker attacks can be expected, there will likely be a transformation towards ransomware or even destructive attacks such as Brickerbot.

Countermeasures

In general, it is advisable to keep all devices in the company up to date after testing the updates. Vulnerability management tools, such as those from Greenbone, are a good way to keep track. This makes it possible to continuously check the company network for known vulnerabilities.

In addition, other common best practice approaches should be followed, such as the use of firewalls, as well as the segmentation of the network infrastructure. Each endpoint should also be adequately secured, if possible. Mobile devices such as smartphones and tablets also need such protection, as they are becoming increasingly popular targets.