The report focused on the impact of the pandemic and how cybercriminals are taking advantage of it, the impact of remote working on security, operational technology (OT) security, the continued threat of ransomware, and the increase of disclosed vulnerabilities in the first half of 2020.
As shared in the report, despite the already copious dialogue regarding the pandemic and its impact on cybersecurity, it “would be remiss of us to ignore the topic for that reason, especially in a report summing up threat activity in the first half of 2020.”
It often happens in times of crisis; opportunistic criminals will always jump at the chance to exploit a disaster for their benefit.
According to FortiGuard Labs’ research, indicators of threat activity coincided with the growing awareness of the pandemic. This included a sharp increase of malicious emails seemingly sent from trusted sources such as the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO) with “documents purportedly containing pandemic-related guidance,” as well as coronavirus-themed malicious URLs.
In the following months, malicious activity involving the use of COVID-19-related lures has continued. Ensuring your employees, whether they are working from home or are now back in the office, can spot a suspicious or threatening email or URL, especially those regarding the pandemic, should continue to be a priority.
As a direct result of the pandemic, workers from every industry have shifted to working from home, presenting cybercriminals with the chance to break into enterprise networks through weakly protected home networks, consumer devices, VPN connectors, and other collaboration tools.
Netcore/Netis routers in particular were the target of sustained attack activity due to a hard-coded password security bypass issue. Linksys routers also received attention from attackers in the first half of 2020.
An additional concern is the large botnets that attackers have created through these flaws, such as Dark Nexus and Mozi, and are then used to launch DDoS attacks or distribute malware on a large scale.
Ensuring network security for remote employees continues to present challenges for IT security teams, but it’s absolutely essential to keeping your data safe.
As shared in the report, 2020 marked the 10-year anniversary of Stuxnet, a malicious worm that sabotaged industrial facilities critical to Iran’s nuclear program. In the time since, sophisticated cyberattacks have been launched on OT systems around the globe. FortiGuard Labs speculated this be because “OT networks are now increasingly connected to the internet, making them more vulnerable to attack.” A recent report from Fortinet discovered that 74 percent of OT organizations experienced malware intrusions in the previous 12 months.
Two noteworthy developments in 2020 came in the form of a surge of activity involving Modbus TCP servers and programable logic controllers (PLCs) across FortiGuard Labs’ IPS sensors in the U.S., Brazil, and Germany, which could result in information leakage, and a newly discovered cyber espionage framework called Ramsay. Ramsay specifically targets air-gapped or highly restricted networks, such as OT environments.
To keep your data safe, click here to see the solutions Fortinet offers specifically for OT environments.
Enterprises continue to be targeted by ransomware attacks. As shared in the report, a well-known manufacturer was hit in June and had production halted at several of the company’s facilities as a result. They are not the only company to face such issues related to ransomware, either.
Ransomware-as-a-Service has also grown more prevalent in 2020. Phobos, a ransomware-type that the exploits Remote Desktop Protocols (RDP) is one example. It was observed brute forcing credentials, using stolen credentials, and taking advantage of insecure connections on port 3389.
An additional point made in the report is cybercriminals utilizing ransomware are targeting every industry, so thinking your company may be spared because it’s not a traditional target (such as healthcare) is incorrect.
The telecom/carrier, education, government, and media/communication industries were all in the top ten sectors targeted in the first half of 2020.
As shared in the report, efforts to model and predict the exploitation of vulnerabilities has increased. However, as more vulnerabilities are added to the CVE list, the list of fixes gets longer and longer. As a result, prioritization of vulnerability remediation is more important than ever.
There are varying methods to do this. One method is to prioritize vulnerabilities that have been exploited in the wild, but determining which these are presents another challenge.
Regardless of the method of prioritization, it’s clear that IT security teams are dealing with more vulnerabilities than ever, and more of these vulnerabilities are being exploited.
Fortinet offers comprehensive and holistic security solutions for the largest enterprise, service provider, and government organizations in the world. Regardless of your enterprise’s specific need, Fortinet can ensure security without compromising performance. Recognized in 2019 in the Gartner Magic Quadrant for Network Firewalls report, Fortinet continues to empower its customers and help them stay ahead of evolving security challenges through intelligent security solutions.
NEXT STEPS: With a constantly evolving threat landscape, do you have the right security strategy in place to protect your enterprise? Find out which solutions our security experts recommend for a modern digital enterprise in our eBook below.