As cyber threats continue to develop in sophistication and span the entire attack surface at an ever-increasing rate, organizations need solutions designed to interoperate rather than operate in isolation.
To do this, Fortinet has released the conclusions of its Global Threat Report, in which they warn that the increase in automation and the speed of attacks shows that persistent cybercrime strategies are more advanced, more destructive and unpredictable.
“Cybersecurity is a fast and dynamic industry. To protect against the broad range of threats, organizations need to implement AI-powered prevention, detection, and response strategies based on a cybersecurity mesh architecture,” explains Derek Manky, Chief, Security Insights & Global Threat Alliances at FortiGuard Labs. .
Cyber threats in new vectors
The Global Threats report from Fortinet cybersecurity experts highlights the following trends:
- Log4j demonstrates the dramatic speed of exploitation organizations face: The Log4j vulnerabilities that occurred in late 2021 demonstrate the rapidly increasing speed of exploitation that cybercriminals are trying to exploit to their advantage. Organizations today have very little time to react or patch, given the speed cyber adversaries are using to maximize new opportunities. Organizations need AI and ML-based intrusion prevention systems (IPS), aggressive patch management strategies, and the visibility of threat intelligence to prioritize the fastest-spreading threats and reduce overall risk.
- Cybercrime is rapidly targeting new attack surface vectors: Some minor or unimportant threats have the potential to cause bigger problems in the future and should be watched out for. One example is new malware designed to exploit Linux systems, often in the form of executable and linkable format (ELF) binaries. Linux is used in the back-end systems of many network and container-based solutions for IoT devices and mission-critical applications, and is becoming a more popular target for attackers Linux should be protected, monitored, and managed like any other device of the network with advanced, automated protection, detection, and response for endpoints. In addition, cyber hygiene should be prioritized to provide active threat protection to systems that may be affected by low-intensity threats.
The sophistication of cyber threats intensifies
- Botnet trends show a more sophisticated evolution of attack methods: Threat trends demonstrate that botnets are evolving to adopt newer and more evolved cybercriminal attack techniques. Rather than being primarily monolithic and heavily focused on DDoS attacks, botnets are now multi-purpose attack vehicles leveraging a variety of more sophisticated attack techniques, including ransomware. To protect networks and applications, organizations must implement zero-trust access solutions to provide least access privileges, especially to secure endpoints and IoT devices entering the network, as well as automated detection and response capabilities to Monitor abnormal behavior.
- Ransomware activity remains high, continuing and more destructive: Data from FortiGuard Labs reveals that ransomware is unabated from peak levels last year, and instead is increasing in sophistication, aggressiveness, and impact. Threat actors continue to attack organizations with a variety of new and previously seen ransomware strains, often leaving a trail of destruction. Old ransomware is actively updated and improved, sometimes with wiper malware included, while other ransomware is evolving to malware adopting Ransomware-as-Service (RaaS) business models. RaaS enables more threat actors to harness and distribute malware without having to create the ransomware themselves.
- Ransomware attacks remain a reality for all organizations, regardless of industry or size. Organizations must take a proactive approach with real-time visibility, analysis, protection, and remediation, along with zero-trust access solutions, segmentation, and regular data backups.
- A deeper understanding of attack techniques can help stop criminals faster: Analyzing opponents’ attack targets is important in order to better align defenses at the speed of changing attack techniques.
Protection against fast and sophisticated cyberattacks: As attacks continue to develop in sophistication and span the entire attack surface at an ever-increasing rate, organizations need solutions designed to interoperate rather than operate in isolation. Protecting against evolving attack techniques will require smarter solutions that know how to incorporate real-time threat intelligence, detect threat patterns and footprints, correlate massive amounts of data to detect anomalies, and automatically initiate a coordinated response. Point products must be replaced with a cybersecurity mesh platform that provides centralized management, automation, and integrated solutions that work in concert.
George is Digismak’s reported cum editor with 13 years of experience in Journalism