TRENDING
////////////////////////////////////////////////////////////////////
control devices such as environmental controls,
security cameras and safety systems.
names and hashes of files each time the
victim logs in, making it difficult to spot the
malware on infected host systems.
A signature related to building management
solutions was found to be triggered in 1%
of organisations, which may not seem like
much, but it is higher than typically seen for
ICS or SCADA products.
The growing use of anti-analysis and
broader evasion tactics is a reminder of
the need for multi-layered defences and
behaviour-based threat detection.
Under the radar attacks aim for the
long-haul
The Zegostinfostealer malware is the
cornerstone of a spear phishing campaign
and contains intriguing techniques.
Like other infostealers, the main objective of
Zegost is to gather information about the
victim’s device and exfiltrate it. Yet, when
compared to other infostealers, Zegost is
uniquely configured to stay under the radar.
For example, Zegost includes functionality
designed to clear event logs.
This type of cleanup is not seen in typical
malware. Another interesting development
in Zegost’s evasion capabilities is a
command that kept the infostealer ‘in stasis’
until after February 14, 2019, after which it
began its infection routine.
The threat actors behind Zegost utilise an
arsenal of exploits to ensure they establish
and maintain a connection to targeted
victims, making it far more of a long term
threat compared to its contemporaries.
Ransomware continues to trend to
more targeted attacks
The attacks on multiple cities, local
governments and education systems serve
as a reminder that ransomware is not
going away, but instead continues to pose
a serious threat for many organisations
going forward. Ransomware attacks
continue to move away from mass-volume,
opportunistic attacks to more targeted
attacks on organisations, which are
perceived as having either the ability or the
incentive to pay ransoms. In some instances,
cybercriminals have conducted considerable
reconnaissance before deploying their
ransomware on carefully selected systems to
maximise opportunity.
For example, RobbinHoodransomware
is designed to attack an organisation’s
18
INTELLIGENTCIO
Phil Quade, Chief Information Security
Officer, Fortinet
Cybercriminals are searching for new
opportunities to commandeer control
devices in homes and businesses. Sometimes
these types of devices are not as prioritised
as others or are outside the scope of
traditional IT management.
network infrastructure and is capable of
disabling Windows services that prevent
data encryption and to disconnect from
shared drives. The security of smart residential and small
business systems deserves elevated attention
especially since access could have serious
safety ramifications. This is especially
relevant for remote work environments
where secure access is important.
Another newer ransomware, called
Sodinokibi, could become another threat
for organisations. Functionally, it is not very
different from a majority of ransomware
tools in the wild. How to protect your organisation
– broad, integrated and
automated security
It is troublesome because of the attack
vector, which exploits a newer vulnerability
that allows for arbitrary code execution
and does not need any user interaction
like other ransomware being delivered by
phishing email.
Regardless of the vector, ransomware
continues to pose a serious threat for
organisations going forward, serving as a
reminder of the importance of prioritising
patching and infosecurity awareness
education. In addition, Remote Desktop
Protocol (RDP) vulnerabilities, such as
BlueKeep, are a warning that remote
access services can be opportunities for
cybercriminals and that they can also be used
as an attack vector to spread ransomware.
New opportunities in the digital
attack surface
Between the home printer and critical
infrastructure is a growing line of control
systems for residential and small business use.
These smart systems garner comparably less
attention from attackers than their industrial
counterparts, but that may be changing based
on increased activity observed targeting these
Threat intelligence that is dynamic, proactive
and available in real-time can help identify
trends showing the evolution of attack
methods targeting the digital attack surface
and to pinpoint cyberhygiene priorities.
The value and ability to take action on
threat intelligence is severely diminished if
it cannot be actionable in real-time across
each security device. A security fabric that
is broad, integrated and automated can
provide protection for the entire networked
environment, from IoT to the Edge, network
core and to multi-clouds at speed and scale.
Report and index overview
The latest Fortinet Threat Landscape Report
is a quarterly view that represents the
collective intelligence of FortiGuard Labs,
drawn from Fortinet’s vast array of global
sensors during Q2 2019. Research data
covers global and regional perspectives.
Also included in the report is the Fortinet
Threat Landscape Index (TLI), comprised
of individual indices for three central and
complementary aspects of that landscape
which are exploits, malware and botnets,
showing prevalence and volume in a
given quarter. n
www.intelligentcio.com