{"id":1594,"date":"2020-03-04T11:37:41","date_gmt":"2020-03-04T07:37:41","guid":{"rendered":"https:\/\/www.techxmedia.com\/?p=1594"},"modified":"2025-04-17T23:59:21","modified_gmt":"2025-04-17T19:59:21","slug":"global-threat-trends-demonstrate-intentions-of-cybercriminals","status":"publish","type":"post","link":"https:\/\/techxmedia.com\/en\/global-threat-trends-demonstrate-intentions-of-cybercriminals\/","title":{"rendered":"Global threat trends demonstrate intentions of cybercriminals"},"content":{"rendered":"\n<p>Fortinet\u00ae announced the findings of the latest FortiGuard Labs Global Threat\nLandscape <a href=\"https:\/\/www.fortinet.com\/content\/dam\/maindam\/PUBLIC\/02_MARKETING\/08_Report\/Threat-Report-Q4-2019.pdf\">Report<\/a>.\n<\/p>\n\n\n\n<h6 class=\"wp-block-heading\"><strong><em>Derek Manky, Chief, Security Insights &amp; Global Threat Alliances, FortiGuard Labs<\/em><\/strong><\/h6>\n\n\n\n<p>&#8220;To get out ahead of the cycle of increasingly sophisticated and automated cyber <a href=\"https:\/\/techxmedia.com\/tag\/threats\/\">threats<\/a>, organizations need to use the same sorts of technologies and strategies to defend their networks that criminals are using to attack them. That means adopting integrated platforms that leverage the power and resources of AI-driven threat intelligence and playbooks to enable protection and visibility across the digital infrastructure.\u201d<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>The research from Q4 2019 not only shows that cybercriminals\ncontinue to attempt to exploit any possible opportunity throughout the digital infrastructure,\nbut that they are maximizing global economic and political realities to further\nenable their goals. <\/li><li>Global trends demonstrate that the prevalence and\ndetection of threats may differ by geography, but the sophistication and\nautomation of attacks remain consistent everywhere. In addition, the need to\nprioritize cybersecurity hygiene remains urgent around the world as threats are\nscaling faster than ever before. <\/li><li>For a detailed view of the report, as well as some\nimportant takeaways, read the <a href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/using-the-fortiguard-labs-threat-landscape-report-to-defend-against-evolving-cybercrime.html\">blog<\/a>.\nHighlights of the report follow. <\/li><\/ul>\n\n\n\n<p><strong>1) A\nNot So Charming Kitten:<\/strong> Research shows\nsignificant levels of activity across regions associated with Charming Kitten, an\nIran-linked advanced persistent threat (APT) group in Q4. Active since around\n2014, the threat actor has been associated with numerous cyberespionage\ncampaigns. Recent activity suggests that the threat actor has expanded into the\nelection disruption business, having been linked to a series of attacks on\ntargeted email accounts associated with a presidential election campaign. <\/p>\n\n\n\n<p><strong>2) Security\nRisks for IoT Devices Magnify:<\/strong> IoT\ndevices continue to be challenged with exploitable software and these threats can\naffect unexpected devices such as wireless IP cameras. This situation is\nmagnified when components and software are embedded into different commercial devices\nsold under a variety of brand names, sometimes by different vendors. Many of\nthese components and services are often programmed using bits and pieces of pre-written\ncode from a variety of common sources. These common components and pre-written\ncode are sometimes vulnerable to exploit, which is why some of the same\nvulnerabilities crop up repeatedly across a wide range of devices. A lack of\npatch awareness or availability, the prevalence of vulnerabilities in some IoT\ndevices, and the documented attempts to \u201censlave\u201d these devices in IoT botnets\nall contributed to these exploits having the third-highest volume among all IPS\ndetections during the quarter. <\/p>\n\n\n\n<p><strong>3) Senior Threats Help Junior Threats:<\/strong> Amidst the constant pressure to keep ahead of new threats, organizations sometimes forget that older exploits and vulnerabilities\nreally have no expiration date, and threat actors will continue to use them as\nlong as they work. A case in point is EternalBlue. The malware has been adapted\nover time to exploit common and major vulnerabilities. It has been used in\nnumerous campaigns, including, most notably, the WannaCry and NotPetya\nransomware attacks. In addition, a patch was issued last May for BlueKeep, a\nvulnerability that if exploited could be wormable, which had the potential to\nspread at the same speed and scale as WannaCry and NotPetya. And now, a new\nversion of the EternalBlue Downloader Trojan surfaced last quarter with the\nability to exploit the BlueKeep vulnerability. Fortunately, the version\ncurrently in the wild is not completely ironed out, forcing targeted devices to\ncrash before loading. But looking at the traditional development cycle of\nmalware, determined cybercriminals are likely to have a functional version of\nthis potentially devastating malware package in the near future. And while a\npatch for BlueKeep has been available since May, far too many organizations still\nhave not updated their vulnerable systems. <\/p>\n\n\n\n<p><strong>4) Trends Demonstrate a New Perspective\non Global Spam Trade<\/strong><strong>: <\/strong>This quarter\u2019s report combines the volume of spam\nflow between nations with data showing the ratios of spam sent vs. spam\nreceived, visually revealing a new perspective on an old problem. The majority\nof spam volume seems to follow economic and political trends. For example, the heaviest \u201cspam\ntrade partners\u201d of the United States include Poland, Russia, Germany, Japan,\nand Brazil. <\/p>\n\n\n\n<p><strong>5) Tracking the Tracks\nof Cybercriminals to See What is Next:<\/strong> Looking at\nIPS triggers detected in a region not only shows what resources are being\ntargeted, but may also indicate what cybercriminals might focus on in the\nfuture, either because enough of those attacks were ultimately successful, or\nsimply because there is more of a certain type of technology deployed in some\nregions. Assuming that companies patch their software at about the same rate in\neach region, if a botnet was simply probing for vulnerable instances of\nThinkPHP before deploying an exploit, the number of detected triggers should be\nmuch higher in APAC. However, only 6% more IPS triggers were detected in all of\nAPAC than in North America from a recent exploit, indicating that these botnets\nare simply deploying the exploit to any ThinkPHP instance they find.<\/p>\n\n\n\n<p><strong>The Need for Broad,\nIntegrated, and Automated Security:<\/strong><\/p>\n\n\n\n<p>Organizations are facing increased sophistication\nof attacks targeting the expanding digital infrastructure, including some being\ndriven by artificial intelligence and machine learning. To effectively secure\ntheir distributed networks, organizations have to shift from protecting just security\nperimeters to protecting the data spread across their new network edges, users,\nsystems, devices, and critical applications. Only a cybersecurity platform designed\nto provide comprehensive visibility and protection across the entire attack\nsurface\u2013including devices, users, mobile endpoints, multi-cloud environments, and\nSaaS infrastructures\u2013is able to secure today\u2019s rapidly evolving networks driven\nby digital innovation.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The research from Q4 2019 not only shows that cybercriminals continue to attempt to exploit any possible opportunity throughout the digital infrastructure, but that they are maximizing global economic and political realities to further enable their goals. <\/p>\n","protected":false},"author":8,"featured_media":1597,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[147,154,149],"tags":[631,686,592,527,206,706],"contributor":[],"class_list":["post-1594","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-artificial-intelligence","category-cloud-computing","category-networking","tag-artificial_intelligence","tag-cyber_attack","tag-cyber_crime","tag-cyber_threat","tag-fortinet","tag-global_threat"],"featured_image_src":"https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2020\/03\/Derek-Manky-HS-e1583307358549.jpeg","author_info":{"display_name":"Rabab","author_link":"https:\/\/techxmedia.com\/en\/author\/rabab\/"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/1594","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/comments?post=1594"}],"version-history":[{"count":0,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/1594\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media\/1597"}],"wp:attachment":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media?parent=1594"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/categories?post=1594"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/tags?post=1594"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/contributor?post=1594"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}