- Security TWENTY
- Women in Security
Automated cyber threats do not take weekends or nights off, according to Fortinet‘s latest Global Threat Landscape Report. Nearly 44 per cent of all exploit attempts occurred on either Saturday or Sunday. The average daily volume on weekends was twice that of weekdays.
This year’s high profile WannaCry and NotPetya targeted a vulnerability that only had a patch available for a couple of months, the firm points out. Organisations who were spared from these attacks tended to have one of two things in common. They had either deployed security tools that had been updated to detect attacks targeting this vulnerability, and/or they applied the patch when it became available, says Fortinet, a firewall and wi-fi and email security product company.
Phil Quade, chief information security officer at Fortinet, said: “The technology innovation that powers our digital economy creates opportunity for good and bad in cyber security. Yet, something we don’t talk about often enough is the opportunity everyone has to limit bad consequences by employing consistent and effective cyber security hygiene. Cyber-criminals aren’t breaking into systems using new zero day attacks, they are primarily exploiting already discovered vulnerabilities. This means they can spend more of their resources on technical innovations making their exploits difficult to detect. Newer worm-like capabilities spread infections at a rapid pace and can scale more easily across platforms or vectors. Intent-based security approaches that leverage the power of automation and integration are critical to combat this new ‘normal’.”
According to the report, cyber hygiene is critical to fight worm-like attacks. ‘Crime-as-a-Service’ infrastructure and autonomous attack tools enable adversaries to operate on a global scale, the report suggests. Threats like WannaCry were remarkable for how fast they spread and for their ability to target a wide range of industries. Yet, they could have been largely prevented if more organisations practiced consistent cyber hygiene, it’s claimed. Adversaries are still seeing a lot of success in using hot exploits for their attacks that have not been patched or updated. To complicate matters more, once a particular threat is automated, attackers are no longer limited to targeting specific industries, therefore, their impact and leverage only increases over time.
As for the Internet of Things (IoT), almost one in five organisations reported malware targeting mobile devices. IoT devices continue to present a challenge because they don’t have the level of control, visibility, and protection that traditional systems receive, Fortinet says. Visit also http://blog.fortinet.com/.