Semiannual Fortinet report sheds light on numerous threats across North and Latin America
SAN JUAN – The figures are truly staggering.
Of a total 41 billion attempted cyber attacks reported throughout Latin America and the Caribbean, more than 152 million were registered in Puerto Rico during 2020, according to the semiannual FortiGuard Labs Global Threat Landscape Report published by Fortinet, a cybersecurity solutions provider.
From October to December alone there were 61.5 million attempted cyber attacks across the United States. During this period, threats known as phishing, or emails purporting to be from reputable senders, spread throughout Latin America with attached HTML files, in an attempt to redirect the browser to malicious websites.
According to the report, malware on the web has become the most common vehicle for distributing infected files, often being the gateway for data theft or hijacking, known as ransomware.
However, although the volume of attempted cyber attacks remains extremely high, what is most alarming is the degree of sophistication and efficiency that cybercriminals have achieved thanks to advanced technologies and artificial intelligence (AI), which allow them to develop targeted attacks with greater chances of success. This means that in fewer attempts, cybercriminals can do more damage.
The year “2020 demonstrated the ability of criminals to invest time and resources in more lucrative attacks, such as ransomware. In addition, they are adapting to the new era of remote work with more sophisticated actions to deceive victims and access corporate networks, ”explained Daniel Vega, country manager for Fortinet Puerto Rico and the US Virgin Islands.
“We see a trend towards peripheral attacks, and not just the core network. The use of IoT [internet of things] devices and mission-critical industrial environments are some examples of access points for criminals, ”he noted.
He also warned that in 2021, it is important to be attentive to the emergence of new smart networks, or botnets, that adapt and expand according to user needs. These not only create different attack vectors, but allow groups of compromised devices to work together to reach victims at 5G speeds.
“We must be alert to any suspicious mail or activity, and implement and follow all the necessary controls on personal devices to mitigate the risk of intrusion or violation of our companies’ security policies, including the periodic installation of available updates from manufacturers,” Vega recommended.
“From a business point of view, it is necessary to add the power of artificial intelligence (AI) and machine learning (ML) to security platforms that operate in an integrated and automated way on the main network, in multi-cloud environments, in branches and remote workers’ homes, ”he added
The report also noted that phishing campaigns continue to be the main attack vector, with numerous campaigns with Trojan viruses detected during this period, which carry out activities without the user’s knowledge and generally include the establishment of remote access connections, capturing keyboard input, collecting system information, downloading / uploading files, and placing other malware in the system. Infected assets can perform denial of service (DoS) attacks and run or stop processes.
He also indicated that remote work is a gateway to corporate networks registering a large number of malicious HTTP requests to exploit vulnerabilities in home routers, which could allow attackers to execute arbitrary commands. This may be an emerging trend, as more people work from home, with less protection and more access to corporate data, among other findings.
To access the report, go to: https://www.fortiguardthreatinsider.com/en/bulletin/Q4-2020
Highlights of the second 2020 FortiGuard Labs Global Threat Landscape Report follow:
—Onslaught of Ransomware Continues: FortiGuard Labs data shows a sevenfold increase in overall ransomware activity compared to 1H 2020, with multiple trends responsible for the increase in activity. The evolution of Ransomware-as-a-Service (RaaS), a focus on big ransoms for big targets, and the threat of disclosing stolen data if demands were not met combined to create conditions for this massive growth. In addition, with varying degrees of prevalence, the most active of the ransomware strains tracked were Egregor, Ryuk, Conti, Thanos, Ragnar, WastedLocker, Phobos / EKING and BazarLoader. Sectors that were heavily targeted in ransomware attacks included healthcare, professional services firms, consumer services companies, public sector organizations, and financial services firms.
To effectively deal with the evolving risk of ransomware, organizations will need to ensure data backups are timely, complete, and secure off-site. Zero-trust access and segmentation strategies should also be investigated to minimize risk.
—Supply Chain Takes Center Stage: Supply chain attacks have a long history, but the SolarWinds breach raised the discussion to new heights. As the attack unfolded, a significant amount of information was shared by affected organizations. FortiGuard Labs monitored this emerging intelligence closely, using it to create IoCs to detect related activity.
Detections of communications with internet infrastructure associated with SUNBURST during December 2020 demonstrates that the campaign was truly global in nature, with the “Five Eyes” exhibiting particularly high rates of traffic matching malicious IoCs. There is also evidence of possible spillover targets that emphasizes the interconnected scope of modern supply chain attacks and the importance of supply chain risk management.
—Adversaries Target Your Online Moves: Examining the most prevalent malware categories reveals the most popular techniques cybercriminals use to establish a foothold within organizations. The top attack target was Microsoft platforms, leveraging the documents most people use and consume during a typical workday. Web browsers continued to be another battlefront. This HTML category included malware-laden phishing sites and scripts that inject code or redirect users to malicious sites.
These types of threats inevitably rise during times of global issues or periods of heavy online commerce. Employees who typically benefit from web-filtering services when browsing from the corporate network continue to find themselves more exposed when doing so outside that protective filter.
—The Home Branch Office Remains a Target: The barriers between home and office eroded significantly in 2020, meaning that targeting the home puts adversaries one step closer to the corporate network. In the second half of 2020, exploits targeting Internet of Things (IoT) devices, such as those existing in many homes, were at the top of the list. Each IoT device introduces a new network “edge” that needs to be defended and requires security monitoring and enforcement at every device.
—Cast of Actors Joins Global Stage: Advanced Persistent Threat (APT) groups continue to exploit the COVID-19 pandemic in a variety of ways. The most common among them included attacks focused on gathering personal information in bulk, stealing intellectual property, and nabbing intelligence aligned with the APT group’s national priorities. As the end of 2020 neared, there was an increase in APT activity targeting organizations involved in COVID-19-related work including vaccine research and development of domestic or international healthcare policies around the pandemic. Targeted organizations included government agencies, pharmaceutical firms, universities, and medical research firms.
—Flattening the Curve of Vulnerability Exploits: Patching and remediation are ongoing priorities for organizations as cyber adversaries continue to attempt to exploit vulnerabilities for their benefit. By tracking the progression of 1,500 exploits in the wild over the last two years, data demonstrates how fast and how far exploits propagate. Even though it is not always the case, it seems that most exploits do not seem to spread far very fast. Among all exploits tracked over the last two years, only 5% were detected by more than 10% of organizations. With all things being equal, if a vulnerability is picked at random, data shows there is about a 1-in-1,000 chance that an organization will be attacked. About 6% of exploits hit more than 1% of firms within the first month, and even after one year, 91% of exploits have not crossed that 1% threshold. Regardless, it remains prudent to focus remediation efforts on vulnerabilities with known exploits, and among those, prioritize the ones propagating most quickly in the wild.
Fighting Cyber Adversaries Requires an Integrated Strategy and Broad Awareness