Cybersecurity leader Fortinet has announced the findings of its latest quarterly Global Threat Landscape Report, revealing that cybercriminals continue to evolve the sophistication of their attack methods. These range from tailored ransomware and custom coding for some attacks, to living-off-the-land (LoTL) or sharing infrastructure to maximise their opportunities.
“We, unfortunately, continue to see the cybercriminal community mirror the strategies and methodologies of nation-state actors, and the evolving devices and networks they are targeting,” says Phil Quade, chief information security officer at Fortinet. “Organisations need to rethink their strategy to better future proof and manage cyber risks. An important first step involves treating cybersecurity more like a science – doing the fundamentals really well – which requires leveraging the cyberspace fundamentals of speed and connectivity for defence.
“Embracing a fabric approach to security, micro and macro segmentation, and leveraging machine learning and automation as the building blocks of AI, can provide tremendous opportunity to force our adversaries back to square one.”
Highlights of the report include:
Pre- and Post-Compromise Traffic
Research to see if threat actors carry out phases of their attacks on different days of the week demonstrates that cybercriminals are always looking to maximise opportunity to their benefit. When comparing Web filtering volume for two cyber kill chain phases during weekdays and weekends, pre-compromise activity is roughly three times more likely to occur during the work week, while post-compromise traffic shows less differentiation in that regard. This is primarily because exploitation activity often requires someone to take an action such as clicking on a phishing email. In contrast, command-and-control (C2) activity does not have this requirement and can occur anytime. Cybercriminals understand this and will work to maximise opportunity during the week when Internet activity is the most prevalent. Differentiating between weekday and weekend Web filtering practices is important to fully understand the kill chain of various attacks.
Majority of Threats Share Infrastructure
The degree to which different threats share infrastructure shows some valuable trends. Some threats leverage community-use infrastructure to a greater degree than unique or dedicated infrastructure.
Nearly 60% of threats shared at least one domain, indicating the majority of botnets leverage established infrastructure. IcedID is an example of this “why buy or build when you can borrow” behaviour. In addition, when threats share infrastructure, they tend to do so within the same stage in the kill chain. It is unusual for a threat to leverage a domain for exploitation and then later leverage it for C2 traffic. This suggests infrastructure plays a particular role or function when used for malicious campaigns.
Understanding what threats share infrastructure and at what points of the attack chain enables organisations to predict potential evolutionary points for malware or botnets in the future.
Content Management Needs Constant Management
Adversaries tend to move from one opportunity to the next in clusters, targeting successfully exploited vulnerabilities and technologies that are on the upswing, to quickly maximise opportunity. An example of new technologies getting a lot of attention from cybercriminals recently are Web platforms that make it easier for consumers and businesses to build Web presences. They continue to be targeted, even associated third party plugins. This reinforces the fact that it is critical that patches be applied immediately and to fully understand the constantly evolving world of exploits to stay ahead of the curve.
Ransomware Far From Gone
In general, previous high rates of ransomware have been replaced with more targeted attacks, but ransomware is far from gone. Instead, multiple attacks demonstrate it is being customised for high-value targets and to give the attacker privileged access to the network.
LockerGoga is an example of a targeted ransomware conducted in a multi-stage attack. There is little about LockerGoga that sets it apart from other ransomware in terms of functional sophistication but, while most ransomware tools use some level of obfuscation to avoid detection, there was little of it used when analysed.
This suggests the targeted nature of the attack and predetermination that the malware would not be easily detected. In addition, like most other ransomware, the main goal of Anatova is to encrypt as many files as possible on the victim system, except that it systematically avoids encrypting anything that can impact the stability of the system it is infecting. It also avoids infecting computers that look like they are being used for malware analysis or as honeypots.
Both of these ransomware variants demonstrate that security leaders need to remain focused on patching and backups against commodity ransomware, but targeted threats require more tailored defences to protect against their unique attack methods.
Tools and Tricks for Living Off the Land
Because threat actors operate using the same business models as their victims, to maximise their efforts, attack methods often continue to develop even after gaining an initial entry. To accomplish this, threat actors increasingly leverage dual-use tools or tools that are already pre-installed on targeted systems to carry out cyberattacks.
This “living off the land” (LoTL) tactic allows hackers to hide their activities in legitimate processes and makes it harder for defenders to detect them. These tools also make attack attribution much harder. Unfortunately, adversaries can use a wide range of legitimate tools to accomplish their goals and hide in plain sight. Smart defenders will need to limit access to sanctioned administrative tools and log use in their environments.
The Need for Dynamic and Proactive Threat Intelligence
Improving an organisation’s ability not only to defend against current threat trends, but also prepare for the evolution and automation of attacks over time, requires threat intelligence that is dynamic, proactive, and available throughout the distributed network. This knowledge can help identify trends showing the evolution of attack methods targeting the digital attack surface and to pinpoint cyber hygiene priorities based on where bad actors are focusing their efforts.
The value and ability to take action on threat intelligence is severely diminished if it cannot be actionable in real time across each security device. Only a security fabric that is broad, integrated, and automated can provide protection for the entire networked environment, from IoT to the edge, network core and to multi-clouds at speed and scale.
Report and Index Overview
The latest Fortinet Threat Landscape Report is a quarterly view that represents the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of global sensors during Q1 2019. Research data covers global and regional perspectives. Also included in the report is the Fortinet Threat Landscape Index (TLI), comprised of individual indices for three central and complementary aspects of that landscape which are exploits, malware, and botnets, showing prevalence and volume in a given quarter.
Now for hardware-as-a-service
Integrated ICT and Infrastructure provider Vox has entered into an exclusive partnership with Go Rentals to introduce a Hardware-as-a-Service (HaaS) offering, which is aimed at providing local small and medium businesses (SMEs) with quick, affordable, and scalable access to a wide variety of IT infrastructure – as well as the management thereof.
“Despite an increasingly competitive business environment where every rand counts, many business owners are still buying technology-based equipment outright rather than renting it,” says Barry Kemp, Head of Managed IT at Vox. “The problem with this is that the modern device arena has grown in variety and complexity, making it more difficult to manage, and to reduce the overheads of controlling these devices.”
According to Kemp, there is a global trend being observed in businesses moving away from owning and managing IT infrastructure. This started with the move away from servers and toward cloud-based subscription services, and now organisations are looking to do the same with the remaining on-premise hardware – employees’ desktop systems.
The availability of HaaS changes the way in which local businesses consume IT, by allowing them to direct valuable capital expenditure toward the more efficient and competitive operation of their organisation, rather than spending on hardware products.
“The rental costs are up to 50% lower than if they buy these products through traditional asset financing methods. Furthermore, using HaaS gives businesses the ability to scale up and down depending on their infrastructure requirements. Customers on a 12 month contract can return up to 10% of the devices rented, while those customers on 24 and 36 month contracts can return up to 20% of the devices – at any time during the contract,” adds Kemp.
More than just a rental
HaaS gives business access to repurposed Tier 1 hardware from vendors such as Dell, HP and Lenovo, equipped with the required specifications (processor, memory, and storage), and come installed with the latest Microsoft Windows operating system, unless an older version is specifically requested by the customer.
Kemp says: “Where HaaS is different from simply renting IT hardware is that businesses get full asset lifecycle management, such as having all company software pre-installed, flexible refresh cycles and upgrades, support and warranty management and transparent and predictable per user monthly fees.”
The ability to upgrade during the contract period means that businesses can keep pace with the latest in technology without needing to invest on depreciating equipment, while ensuring maximum productivity and efficiency for employees. Returned devices are put through a decommissioning process that ensures anonymity, certified data protection, and environmental compliance.
Businesses further stand to benefit from Vox Care, which incorporates asset management and logistical services for customers. This includes initial delivery and setup in major centres, asset tagging of all rented items, creation, and the repair and/or replacement of faulty machines within three business days – again in the main metropolitan areas.
Vox Care also assists in the design, testing and deployment of custom images, whereby HaaS clients can have the additional programmes they need (security, productivity tools, business software, etc) easily pre-installed along with the Windows operating system, on all their machines.
Kemp says HaaS customers can get further peace of mind by outsourcing the day to day management of their desktop environment to Vox Managed Services, as well as leverage the company’s knowledge and expertise to manage and host workstation backups to ensure business continuity.
Says Kemp: “Hardware-as-a-Service allows businesses to reduce the total cost of ownership of their hardware and ensure they only pay for what they use. Making the switch to a service model helps them take advantage of the global move in this direction, and to turn their business into a highly functional, flexible, low cost, change your mind whenever you want workplace.”
Seedstars seeks tech to reverse land degradation in Africa
A new partnership is offering prizes to young entrepreneurs for coming up with innovations that tackle the loss of arable land in Africa.
The DOEN Foundation has joined forces with Seedstars, an emerging market startup community, to launch the DOEN Land Restoration Prize, which showcases solutions to environmental, social and financial challenges that focus on land restoration activities in Africa. Stichting DOEN is a Dutch fund that supports green, socially-inclusive and creative initiatives that contribute to a better and cleaner world.
While land degradation and deforestation date back millennia, industrialization and a rising population have dramatically accelerated the process. Today we are seeing unprecedented land degradation, and the loss of arable land at 30 to 35 times the historical rate.
Currently, nearly two-thirds of Africa’s land is degraded, which hinders sustainable economic development and resilience to climate change. As a result, Africa has the largest restoration opportunity of any continent: more than 700 million hectares (1.7 billion acres) of degraded forest landscapes that can be restored. The potential benefits include improved food and water security, biodiversity protection, climate change resilience, and economic growth. Recognizing this opportunity, the African Union set an ambitious target to restore 100 million hectares of degraded land by 2030.
Land restoration is an urgent response to the poor management of land. Forest and landscape restoration is the process of reversing the degradation of soils, agricultural areas, forests, and watersheds thereby regaining their ecological functionality. According to the World Resources Institute, for every $1 invested in land restoration it can yield $7-$30 in benefits, and now is the time to prove it.
The winner of the challenge will be awarded 9 months access to the Seedstars Investment Readiness Program, the hybrid program challenging traditional acceleration models by creating a unique mix to improve startup performance and get them ready to secure investment. They will also access a 10K USD grant.
“Our current economic system does not meet the growing need to improve our society ecologically and socially,” says Saskia Werther, Program Manager at the DOEN Foundation. “The problems arising from this can be tackled only if a different economic system is considered. DOEN sees opportunities to contribute to this necessary change. After all, the world is changing rapidly and the outlines of a new economy are becoming increasingly clear. This new economy is circular and regenerative. Landscape restoration is a vital part of this regenerative economy and social entrepreneurs play an important role to establish innovative business models to counter land degradation and deforestation. Through this challenge, DOEN wants to highlight the work of early-stage restoration enterprises and inspire other frontrunners to follow suit.”
Applications are open now and will be accepted until October 15th. Startups can apply here: http://seedsta.rs/doen
To enter the competition, startups should meet the following criteria:
- Existing startups/young companies with less than 4 years of existence
- Startups that can adapt their current solution to the land restoration space
- The startup must have a demonstrable product or service (Minimum Viable Product, MVP)
- The startup needs to be scalable or have the potential to reach scalability in low resource areas.
- The startup can show clear environmental impact (either by reducing a negative impact or creating a positive one)
- The startup can show a clear social impact
- Technology startups, tech-enabled startups and/or businesses that can show a clear innovation component (e.g. in their business model)
Also, a specific emphasis is laid, but not limited to: Finance the restoration of degraded land for production and/or conservation purposes; big data and technology to reverse land degradation; resource efficiency optimization technologies, ecosystems impacts reduction and lower carbon emissions; water-saving soil technologies; technologies focused on improving livelihoods and communities ; planning, management and education tools for land restoration; agriculture (with a focus on precision conservation) and agroforestry; clean Energy solutions that aid in the combat of land degradation; and responsible ecotourism that aids in the support of land restoration.