Connect with us

Featured

Cyber crooks ‘Living off the Land’ – new research findings

Fortinet’s latest Threat Landscape Report reveals evolving sophistication of attack methods, including sharing infrastructure

Published

on

Cybersecurity leader Fortinet has announced the findings of its latest quarterly Global Threat Landscape Report, revealing that cybercriminals continue to evolve the sophistication of their attack methods. These range from tailored ransomware and custom coding for some attacks, to living-off-the-land (LoTL) or sharing infrastructure to maximise their opportunities.

“We, unfortunately, continue to see the cybercriminal community mirror the strategies and methodologies of nation-state actors, and the evolving devices and networks they are targeting,” says Phil Quade, chief information security officer at Fortinet. “Organisations need to rethink their strategy to better future proof and manage cyber risks. An important first step involves treating cybersecurity more like a science – doing the fundamentals really well – which requires leveraging the cyberspace fundamentals of speed and connectivity for defence.  

“Embracing a fabric approach to security, micro and macro segmentation, and leveraging machine learning and automation as the building blocks of AI, can provide tremendous opportunity to force our adversaries back to square one.” 

Highlights of the report include:

Pre- and Post-Compromise Traffic

Research to see if threat actors carry out phases of their attacks on different days of the week demonstrates that cybercriminals are always looking to maximise opportunity to their benefit. When comparing Web filtering volume for two cyber kill chain phases during weekdays and weekends, pre-compromise activity is roughly three times more likely to occur during the work week, while post-compromise traffic shows less differentiation in that regard. This is primarily because exploitation activity often requires someone to take an action such as clicking on a phishing email. In contrast, command-and-control (C2) activity does not have this requirement and can occur anytime. Cybercriminals understand this and will work to maximise opportunity during the week when Internet activity is the most prevalent. Differentiating between weekday and weekend Web filtering practices is important to fully understand the kill chain of various attacks.

Majority of Threats Share Infrastructure

The degree to which different threats share infrastructure shows some valuable trends. Some threats leverage community-use infrastructure to a greater degree than unique or dedicated infrastructure. 

Nearly 60% of threats shared at least one domain, indicating the majority of botnets leverage established infrastructure. IcedID is an example of this “why buy or build when you can borrow” behaviour. In addition, when threats share infrastructure, they tend to do so within the same stage in the kill chain. It is unusual for a threat to leverage a domain for exploitation and then later leverage it for C2 traffic. This suggests infrastructure plays a particular role or function when used for malicious campaigns.

Understanding what threats share infrastructure and at what points of the attack chain enables organisations to predict potential evolutionary points for malware or botnets in the future.

Content Management Needs Constant Management

Adversaries tend to move from one opportunity to the next in clusters, targeting successfully exploited vulnerabilities and technologies that are on the upswing, to quickly maximise opportunity. An example of new technologies getting a lot of attention from cybercriminals recently are Web platforms that make it easier for consumers and businesses to build Web presences. They continue to be targeted, even associated third party plugins. This reinforces the fact that it is critical that patches be applied immediately and to fully understand the constantly evolving world of exploits to stay ahead of the curve.

Ransomware Far From Gone

In general, previous high rates of ransomware have been replaced with more targeted attacks, but ransomware is far from gone. Instead, multiple attacks demonstrate it is being customised for high-value targets and to give the attacker privileged access to the network.

LockerGoga is an example of a targeted ransomware conducted in a multi-stage attack. There is little about LockerGoga that sets it apart from other ransomware in terms of functional sophistication but, while most ransomware tools use some level of obfuscation to avoid detection, there was little of it used when analysed.

This suggests the targeted nature of the attack and predetermination that the malware would not be easily detected. In addition, like most other ransomware, the main goal of Anatova is to encrypt as many files as possible on the victim system, except that it systematically avoids encrypting anything that can impact the stability of the system it is infecting. It also avoids infecting computers that look like they are being used for malware analysis or as honeypots. 

Both of these ransomware variants demonstrate that security leaders need to remain focused on patching and backups against commodity ransomware, but targeted threats require more tailored defences to protect against their unique attack methods.

Tools and Tricks for Living Off the Land

Because threat actors operate using the same business models as their victims, to maximise their efforts, attack methods often continue to develop even after gaining an initial entry. To accomplish this, threat actors increasingly leverage dual-use tools or tools that are already pre-installed on targeted systems to carry out cyberattacks. 

This “living off the land” (LoTL) tactic allows hackers to hide their activities in legitimate processes and makes it harder for defenders to detect them. These tools also make attack attribution much harder. Unfortunately, adversaries can use a wide range of legitimate tools to accomplish their goals and hide in plain sight. Smart defenders will need to limit access to sanctioned administrative tools and log use in their environments.

The Need for Dynamic and Proactive Threat Intelligence

Improving an organisation’s ability not only to defend against current threat trends, but also prepare for the evolution and automation of attacks over time, requires threat intelligence that is dynamic, proactive, and available throughout the distributed network. This knowledge can help identify trends showing the evolution of attack methods targeting the digital attack surface and to pinpoint cyber hygiene priorities based on where bad actors are focusing their efforts. 

The value and ability to take action on threat intelligence is severely diminished if it cannot be actionable in real time across each security device. Only a security fabric that is broad, integrated, and automated can provide protection for the entire networked environment, from IoT to the edge, network core and to multi-clouds at speed and scale.

Report and Index Overview

The latest Fortinet Threat Landscape Report is a quarterly view that represents the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of global sensors during Q1 2019. Research data covers global and regional perspectives. Also included in the report is the Fortinet Threat Landscape Index (TLI), comprised of individual indices for three central and complementary aspects of that landscape which are exploits, malware, and botnets, showing prevalence and volume in a given quarter.

Featured

Projection tech transforms retail

By TIMOTHY WILSON, visual imaging business account manager at Epson South Africa

Published

on

Display designs, such as those found in retail stores, are no longer confined to static visuals on pull-up banners, 2D print and posters. The increasingly popular use of projection technology has ushered in new and exciting ways to create immersive displays using rich media and high-quality visual content to go beyond the four walls of traditional marketing.

In the past, projectors were lamp-based and prone to failure when used in a harsh environment, such as a retail store. Today, newly introduced laser projection technology has unlocked a range of capabilities.

Transforming the way brands engage with audiences

Creative techniques such as projection mapping, which can be described as the projection of video, animation and other colourful displays onto 3D surfaces, have completely transformed the way brands engage with audiences and can live in retail spaces, concert halls and even sports stadiums.

Projection mapping offers venues wide-spread creativity in using lighting in small or large environments, as was the case with Epson’s showstopping kinetic portal, which implemented projection mapping on a 360 degree vortex at the largest AV and systems integration show in the world – Integrated Systems Europe 2019. Driven by a new, affordable generation of projectors, mapping not only covers flat walls and traditional projections screens but also irregular shapes, objects, and even entire building façades.

When projecting on a larger scale, such as at events and music concerts, the process of visually combining several projectors to display one single seamless image might sound simple enough in principle but can prove to be a challenging task in reality. To overcome this challenge, experiential marketers are adopting the use of image edge blending, which refers to the process of stacking multiple projectors to create a single overlapped projection that appears continuous and clear.

It’s due to these advancements that displays in retail and events no longer pivot just on aesthetic appeal but can now deliver immersive consumer experiences that drive engagement and increase foot traffic. This is starting to drastically change the way that retailers, events and even restaurants host, engage, entertain and communicate with their audiences.

Projection is driving growth in experiential marketing

Consumer interest in the transition towards projection has seen this technology take centre stage at leading retailers such as Mall of Africa, events by brands such as ABSA and restaurants like Saint, transforming their environments into immersive spaces through projection that displays captivating imagery and video.

Saint restaurant in Sandton has pushed the boundaries of branding and displays, transforming all surfaces into a visual delight. Patrons entering the restaurant are greeted by a visual experience within a dome, featuring a series of moving, constantly changing artworks – such as a starry night sky or a replica of the Sistine Chapel – projected onto walls and the ceiling.

In fact, EventTrack research, which showcases the current state of marketing around the globe, highlights the continuous growth of event and experiential marketing. It notes that high-quality projection technology, more specifically its ability to emit stunning visual experiences, has grown in popularity to become the go-to tool for event organisers and retailers looking to captivate and engage with consumers.

The future of projection technology

Projection technology has proven to be an outstanding, much more cost-effective and reliable form of marketing collateral – setting an entirely new standard for high-resolution projection.

Sandton City recently embraced this market-leading technology with the installation of a virtual aquarium in its Centre Court. This installation centred on creating a 3D mapping concept that enabled shoppers to select an undersea creature from a touchpad to swim across digitised hoarding.

With capabilities to meet the demands of large-scale projection and the ability to effectively transform the way brands remain visible at shopping malls, restaurants and retail spaces – the unprecedented imaging power of projection technology has set a considerably high bar when it comes to retail and event displays. 

Epson, which is not only pioneering imaging technology and innovative projection solutions, is also the market leader when it comes to high lumen laser projection, having recently announced its 30,000 lumens laser projector (EB-L30000U) which will officially launch in 2020. This high-end installation laser projector, complete with 4K enhancement, is aimed at rental and staging companies, hospitality markets and visitor attractions, which is yet another progressive step towards transforming the way marketers engage with their consumers in the 21st century. 

Continue Reading

Featured

GoFundMe hits R9bn in donations for people and causes

The world’s largest social fundraising platform has announced that Its community has made more than 120-million donations

Published

on

GoFundMe this week released its annual Year in Giving report, revealing that its community has donated more than 120-million times, raising over $9-billion for people, causes, and organisations since the company’s founding in 2010.

In a letter to the GoFundMe community, CEO Rob Solomon emphasised how GoFundMe witnesses not only the good in people worldwide, but their generosity and their action every day.

“As we enter a new decade, GoFundMe is committed to spreading compassion and empathy through our platform,” said Solomon in the letter. “Together, we can bring more good into the world and unlock the power of global giving.”

The GoFundMe giving community continues to grow with both repeat donors and new donors. In fact, nearly 60% of donors were new this year. After someone makes a donation, they continue to engage with the community and give to multiple causes. In fact, one passionate individual donated 293 times to 234 different fundraisers in this past year alone. Donations are made every second, ranging from $5 to $50,000. This year, more than 40% of donations were under $50.

GoFundMe continues to be a mirror of current events across the globe. This year, young changemakers started the Fridays for Futuremovement to fight climate change, which led to a 60% increase in fundraiser descriptions mentioning ‘climate change’. Additionally, the community rallied together to support one another during natural disasters like Hurricane Dorian and the California wildfires, where thousands of fundraisers were started to help those in need.

The report includes a snapshot of giving trends from the year based on global GoFundMe data. It also includes company milestones from 2019, such as launching the company’s non-profit and advocacy arm, GoFundMe.org, and introducing GoFundMe Charity, which provides enterprise software with no subscription fees or contracts to charities of every size.

Highlights from GoFundMe’s 2019 Year in Giving report include:

  • Global giving trends and data
  • Top 10 most generous countries
  • Top 10 most generous U.S. states and cities
  • Biggest moments in 2019

To view the entire report, visit: www.gofundme.com/2019

Continue Reading

Trending

Copyright © 2019 World Wide Worx