Fortinet researched the latest evolutions in the dark world of exploits, malware and botnets and came to the conclusion that the poacher is still one step ahead of the hunter. Not only are there more and more threats, the attackers are also expanding their field of action further.
The fact that the number of threats is increasing can certainly be correlated with the increasing migration of important applications and data to the cloud. It is very important to secure these communication channels and this does not always seem to be the case.
The fact that the field of action of cyber criminals is expanding should not come as a surprise, since more and more devices are connected.
The four most striking trends:
1. Sharp increase in the number of viruses
In the third quarter of 2018, a significant growth of malware was observed: more than 10000 new variants saw the light of day and the number of infections per company almost doubled. It is striking that malware developers focus on all platforms, Android, Linux, Win32 ... they are all under attack.
Also noteworthy is the shift to mobile malware, often involving mutations of existing viruses that have developed new features to attack mobile platforms. This is an interesting path for malware developers because mobile systems generally offer less security control than traditional systems.
2. Emergence of the mining malware
Mining malware is rogue software that abuses your system to denigrate cryptographic currency (such as bitcoins). Finding this cryptographic currency requires a lot of processing power and cryptojackers come and get it from you, often without you noticing it right away. Cryptojacking is not always given the highest priority because its impact on companies is rather limited, and your attacker doesn't want to steal data or shut down systems, he's particularly interested in free computing power. Nevertheless, a system that falls prey to cryptographic power is a system that is subject to cryptography.
3. Botnets are getting smarter
Botnets are networks of hacked computers that are used by rogue hosts for all kinds of dark things (sending spam, overloading servers by DDoS attacks, etc.). Botnets continue to evolve and become smarter and smarter through the application of machine learning and data analytics. In this way, they improve themselves and are able to find more efficient exploits and to identify vulnerable systems.
4. Industrial systems are increasingly becoming a target for attackers
Industrial technologies such as SCADA (Supervisory Control And Data Aquisition) and ICS (Industrial Control System) are less likely to be attacked than widespread IoT consumer devices, but the impact of such attacks can be much greater and lead to serious disruption of business and production processes, making it an interesting market for cybercriminals to specifically harm companies or demand ransoms. 60% of the companies that use SCADA or ICS technology in the past year had to deal with a break-in.
Keeping your system clean & up to date and managing it "like a good family man" is a good start, but you can do more to arm yourself against cybercrime. Based on their findings, Fortinet recommends a learn-segment-protect security approach:
Get to know your system and its vulnerabilities
Your Task Manager (or Activity Monitor) can make you wiser about which processes are active. Monitoring the network traffic can also provide you with a lot of interesting information. If there is a lot of traffic during weekends, for example, then it is worthwhile to zoom in on that. Guard your limits!
Segment your system
The segmentation of a network can greatly reduce the impact of a possible cyber attack. For example, it would be better to separate a production network in order to put rogue cybercriminals out of the picture.
Protect the separate segments and the whole
Between segments of your network you can monitor the traffic and secure the gateways. Redundancy, off-site storage and system backups are of course also best practices not to forget.
