Connect with us

Featured

Cyber crooks ‘Living off the Land’ – new research findings

Fortinet’s latest Threat Landscape Report reveals evolving sophistication of attack methods, including sharing infrastructure

Published

on

Cybersecurity leader Fortinet has announced the findings of its latest quarterly Global Threat Landscape Report, revealing that cybercriminals continue to evolve the sophistication of their attack methods. These range from tailored ransomware and custom coding for some attacks, to living-off-the-land (LoTL) or sharing infrastructure to maximise their opportunities.

“We, unfortunately, continue to see the cybercriminal community mirror the strategies and methodologies of nation-state actors, and the evolving devices and networks they are targeting,” says Phil Quade, chief information security officer at Fortinet. “Organisations need to rethink their strategy to better future proof and manage cyber risks. An important first step involves treating cybersecurity more like a science – doing the fundamentals really well – which requires leveraging the cyberspace fundamentals of speed and connectivity for defence.  

“Embracing a fabric approach to security, micro and macro segmentation, and leveraging machine learning and automation as the building blocks of AI, can provide tremendous opportunity to force our adversaries back to square one.” 

Highlights of the report include:

Pre- and Post-Compromise Traffic

Research to see if threat actors carry out phases of their attacks on different days of the week demonstrates that cybercriminals are always looking to maximise opportunity to their benefit. When comparing Web filtering volume for two cyber kill chain phases during weekdays and weekends, pre-compromise activity is roughly three times more likely to occur during the work week, while post-compromise traffic shows less differentiation in that regard. This is primarily because exploitation activity often requires someone to take an action such as clicking on a phishing email. In contrast, command-and-control (C2) activity does not have this requirement and can occur anytime. Cybercriminals understand this and will work to maximise opportunity during the week when Internet activity is the most prevalent. Differentiating between weekday and weekend Web filtering practices is important to fully understand the kill chain of various attacks.

Majority of Threats Share Infrastructure

The degree to which different threats share infrastructure shows some valuable trends. Some threats leverage community-use infrastructure to a greater degree than unique or dedicated infrastructure. 

Nearly 60% of threats shared at least one domain, indicating the majority of botnets leverage established infrastructure. IcedID is an example of this “why buy or build when you can borrow” behaviour. In addition, when threats share infrastructure, they tend to do so within the same stage in the kill chain. It is unusual for a threat to leverage a domain for exploitation and then later leverage it for C2 traffic. This suggests infrastructure plays a particular role or function when used for malicious campaigns.

Understanding what threats share infrastructure and at what points of the attack chain enables organisations to predict potential evolutionary points for malware or botnets in the future.

Content Management Needs Constant Management

Adversaries tend to move from one opportunity to the next in clusters, targeting successfully exploited vulnerabilities and technologies that are on the upswing, to quickly maximise opportunity. An example of new technologies getting a lot of attention from cybercriminals recently are Web platforms that make it easier for consumers and businesses to build Web presences. They continue to be targeted, even associated third party plugins. This reinforces the fact that it is critical that patches be applied immediately and to fully understand the constantly evolving world of exploits to stay ahead of the curve.

Ransomware Far From Gone

In general, previous high rates of ransomware have been replaced with more targeted attacks, but ransomware is far from gone. Instead, multiple attacks demonstrate it is being customised for high-value targets and to give the attacker privileged access to the network.

LockerGoga is an example of a targeted ransomware conducted in a multi-stage attack. There is little about LockerGoga that sets it apart from other ransomware in terms of functional sophistication but, while most ransomware tools use some level of obfuscation to avoid detection, there was little of it used when analysed.

This suggests the targeted nature of the attack and predetermination that the malware would not be easily detected. In addition, like most other ransomware, the main goal of Anatova is to encrypt as many files as possible on the victim system, except that it systematically avoids encrypting anything that can impact the stability of the system it is infecting. It also avoids infecting computers that look like they are being used for malware analysis or as honeypots. 

Both of these ransomware variants demonstrate that security leaders need to remain focused on patching and backups against commodity ransomware, but targeted threats require more tailored defences to protect against their unique attack methods.

Tools and Tricks for Living Off the Land

Because threat actors operate using the same business models as their victims, to maximise their efforts, attack methods often continue to develop even after gaining an initial entry. To accomplish this, threat actors increasingly leverage dual-use tools or tools that are already pre-installed on targeted systems to carry out cyberattacks. 

This “living off the land” (LoTL) tactic allows hackers to hide their activities in legitimate processes and makes it harder for defenders to detect them. These tools also make attack attribution much harder. Unfortunately, adversaries can use a wide range of legitimate tools to accomplish their goals and hide in plain sight. Smart defenders will need to limit access to sanctioned administrative tools and log use in their environments.

The Need for Dynamic and Proactive Threat Intelligence

Improving an organisation’s ability not only to defend against current threat trends, but also prepare for the evolution and automation of attacks over time, requires threat intelligence that is dynamic, proactive, and available throughout the distributed network. This knowledge can help identify trends showing the evolution of attack methods targeting the digital attack surface and to pinpoint cyber hygiene priorities based on where bad actors are focusing their efforts. 

The value and ability to take action on threat intelligence is severely diminished if it cannot be actionable in real time across each security device. Only a security fabric that is broad, integrated, and automated can provide protection for the entire networked environment, from IoT to the edge, network core and to multi-clouds at speed and scale.

Report and Index Overview

The latest Fortinet Threat Landscape Report is a quarterly view that represents the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of global sensors during Q1 2019. Research data covers global and regional perspectives. Also included in the report is the Fortinet Threat Landscape Index (TLI), comprised of individual indices for three central and complementary aspects of that landscape which are exploits, malware, and botnets, showing prevalence and volume in a given quarter.

Featured

IoT sensors are anything from doctor to canary in mines

Industrial IoT is changing the shape of the mining industry and the intelligence of the devices that drive it

Published

on

The Internet of Things (IoT) has become many things in the mining industry. A canary that uses sensors to monitor underground air quality, a medic that monitors healthcare, a security guard that’s constantly on guard, and underground mobile vehicle control. It has evolved from the simple connectivity of essential sensors to devices into an ecosystem of indispensable tools and solutions that redefine how mining manages people, productivity and compliance. According to Karien Bornheim, CEO of Footprint Africa Business Solutions (FABS), IoT offers an integrated business solution that can deliver long-term, strategic benefits to the mining industry.

“To fully harness the business potential of IoT, the mining sector has to understand precisely how it can add value,” she adds. “IoT needs to be implemented across the entire value chain in order to deliver fully optimised, relevant and turnkey operational solutions. It doesn’t matter how large the project is, or how complex, what matters is that it is done in line with business strategy and with a clear focus.”

Over the past few years, mining organisations have deployed emerging technologies to help bolster flagging profits, manage increasingly weighty compliance requirements, and reduce overheads. These technologies are finding a foothold in an industry that faces far more complexities around employee wellbeing and safety than many others, and that juggles numerous moving parts to achieve output and performance on a par with competitive standards. Already, these technologies have allowed mines to fundamentally change worker safety protocols and improve working conditions. They have also provided mining companies with the ability to embed solutions into legacy platforms, allowing for sensors and IoT to pull them into a connected net that delivers results.

“The key to achieving results with any IoT or technology project is to partner with service providers, not just shove solutions into identified gaps,” says Bornheim. “You need to start in the conceptual stage and move through the pre-feasibility and bankable feasibility stages before you start the implementation. Work with trained and qualified chemical, metallurgical, mechanical, electrical, instrumentation and structural engineers that form a team led by a qualified engineering lead with experience in project management. This is the only way to ensure that every aspect of the project is aligned with the industry and its highly demanding specifications.”

Mining not only has complexities in compliance and health and safety, but the market has become saturated, difficult and mercurial. For organisations to thrive, they must find new revenue streams and innovate the ways in which they do business. This is where the data delivered by IoT sensors and devices can really transform the bottom line. If translated, analysed and used correctly, the data can provide insights that allow for the executive to make informed decisions about sites, investment and potential.


“The cross-pollination of different data sets from across different sites can help shift dynamics in plant operation and maintenance, in the execution of specific tasks, and so much more,” says Bornheim. “In addition, with sensors and connected devices and systems, mining operations can be managed intelligently to ensure the best results from equipment and people.”

The connection of the physical world to the digital is not new. Many of the applications currently being used or presented to the mining industry are not new either. What’s new is how these solutions are being implemented and the ways in which they are defined. It’s more than sticking on sensors. It’s using these sensors to streamline business across buildings, roads, vehicles, equipment, and sites. These sensors and the ways in which they are used or where they are installed can be customised to suit specific business requirements.

“With qualified electronic engineers and software experts, you can design a vast array of solutions to meet the real needs of your business,” says Bornheim. “Our engineers can programme, create, migrate and integrate embedded IoT solutions for microcontrollers, sensors, and processors. They can also develop intuitive dashboards and human-machine interfaces for IoT and machine-to-machine (M2M) devices to manage the input and output of a wide range of functionalities.”

The benefits of IoT lie in its ubiquity. It can be used in tandem with artificial intelligence or machine learning systems to enhance analytics, improve the automation of basic processes and monitor systems and equipment for faults. It can be used alongside M2M applications to enhance the results and the outcomes of the systems and their roles. And it can be used to improve collaboration and communication between man, machine and mine.

“You can use IoT platforms to visualise mission-critical data for device monitoring, remote control, alerts, security management, health and safety and healthcare,” concludes Bornheim. “The sky is genuinely the limit, especially now that the cost of sensors has come down and the intelligence of solutions and applications has gone up. From real-time insights to hands-on security and safety alerts to data that changes business direction and focus, IoT brings a myriad of benefits to the table.”

Continue Reading

Featured

Oracle leads in clash of
e-commerce titans

Published

on

Three e-commerce platforms have been awarded “gold medals” for leading the way in customer experience. SoftwareReviews, a division of Info-Tech Research Group, named Oracle Commerce Cloud the leader in its 2020 eCommerce Data Quadrant Awards, followed by Shopify Plus and IBM Digital Commerce. The awards are based on user reviews. 
The three vendors received the following citations:

  • Oracle Commerce Cloud ranked highest among software users, earning the number-one spot in many of the product feature section areas, shining brightest in reporting and analytics, predictive recommendations, order management, and integrated search. 
  • Shopify Plus performed consistently well according to users, taking the number-one spot for catalogue management, shopping cart management and ease of customisation.
  • IBM Digital Commerce did exceptionally well in business value created, quality of features, and vendor support.

The SoftwareReviews Data Quadrant differentiates itself with insightful survey questions, backed by 22 years of research in IT. The study involves gathering intelligence on user satisfaction with both product features and experience with the vendor. When distilled, the customer’s experience is shaped by both the software interface and relationship with the vendor. Evaluating enterprise software along these two dimensions provides a comprehensive understanding of the product in its entirety and helps identify vendors that can deliver on both for the complete software experience.

“Our recent Data Quadrant in e-commerce solutions provides a compelling snapshot of the most popular enterprise-ready players, and can help you make an informed, data-driven selection of an e-commerce platform that will exceed your expectations,” says Ben Dickie, research director at Info-Tech Research Group. 

“Having a dedicated e-commerce platform is where the rubber hits the road in transacting with your customers through digital channels. These platforms provide an indispensable array of features, from product catalog and cart management to payment processing to detailed transaction analytics.”

Continue Reading

Trending

Copyright © 2020 World Wide Worx