Cybersecurity leader Fortinet has announced the findings of its latest quarterly Global Threat Landscape Report, revealing that cybercriminals continue to evolve the sophistication of their attack methods. These range from tailored ransomware and custom coding for some attacks, to living-off-the-land (LoTL) or sharing infrastructure to maximise their opportunities.
“We, unfortunately, continue to see the cybercriminal community mirror the strategies and methodologies of nation-state actors, and the evolving devices and networks they are targeting,” says Phil Quade, chief information security officer at Fortinet. “Organisations need to rethink their strategy to better future proof and manage cyber risks. An important first step involves treating cybersecurity more like a science – doing the fundamentals really well – which requires leveraging the cyberspace fundamentals of speed and connectivity for defence.
“Embracing a fabric approach to security, micro and macro segmentation, and leveraging machine learning and automation as the building blocks of AI, can provide tremendous opportunity to force our adversaries back to square one.”
Highlights of the report include:
Pre- and Post-Compromise Traffic
Research to see if threat actors carry out phases of their attacks on different days of the week demonstrates that cybercriminals are always looking to maximise opportunity to their benefit. When comparing Web filtering volume for two cyber kill chain phases during weekdays and weekends, pre-compromise activity is roughly three times more likely to occur during the work week, while post-compromise traffic shows less differentiation in that regard. This is primarily because exploitation activity often requires someone to take an action such as clicking on a phishing email. In contrast, command-and-control (C2) activity does not have this requirement and can occur anytime. Cybercriminals understand this and will work to maximise opportunity during the week when Internet activity is the most prevalent. Differentiating between weekday and weekend Web filtering practices is important to fully understand the kill chain of various attacks.
Majority of Threats Share Infrastructure
The degree to which different threats share infrastructure shows some valuable trends. Some threats leverage community-use infrastructure to a greater degree than unique or dedicated infrastructure.
Nearly 60% of threats shared at least one domain, indicating the majority of botnets leverage established infrastructure. IcedID is an example of this “why buy or build when you can borrow” behaviour. In addition, when threats share infrastructure, they tend to do so within the same stage in the kill chain. It is unusual for a threat to leverage a domain for exploitation and then later leverage it for C2 traffic. This suggests infrastructure plays a particular role or function when used for malicious campaigns.
Understanding what threats share infrastructure and at what points of the attack chain enables organisations to predict potential evolutionary points for malware or botnets in the future.
Content Management Needs Constant Management
Adversaries tend to move from one opportunity to the next in clusters, targeting successfully exploited vulnerabilities and technologies that are on the upswing, to quickly maximise opportunity. An example of new technologies getting a lot of attention from cybercriminals recently are Web platforms that make it easier for consumers and businesses to build Web presences. They continue to be targeted, even associated third party plugins. This reinforces the fact that it is critical that patches be applied immediately and to fully understand the constantly evolving world of exploits to stay ahead of the curve.
Ransomware Far From Gone
In general, previous high rates of ransomware have been replaced with more targeted attacks, but ransomware is far from gone. Instead, multiple attacks demonstrate it is being customised for high-value targets and to give the attacker privileged access to the network.
LockerGoga is an example of a targeted ransomware conducted in a multi-stage attack. There is little about LockerGoga that sets it apart from other ransomware in terms of functional sophistication but, while most ransomware tools use some level of obfuscation to avoid detection, there was little of it used when analysed.
This suggests the targeted nature of the attack and predetermination that the malware would not be easily detected. In addition, like most other ransomware, the main goal of Anatova is to encrypt as many files as possible on the victim system, except that it systematically avoids encrypting anything that can impact the stability of the system it is infecting. It also avoids infecting computers that look like they are being used for malware analysis or as honeypots.
Both of these ransomware variants demonstrate that security leaders need to remain focused on patching and backups against commodity ransomware, but targeted threats require more tailored defences to protect against their unique attack methods.
Tools and Tricks for Living Off the Land
Because threat actors operate using the same business models as their victims, to maximise their efforts, attack methods often continue to develop even after gaining an initial entry. To accomplish this, threat actors increasingly leverage dual-use tools or tools that are already pre-installed on targeted systems to carry out cyberattacks.
This “living off the land” (LoTL) tactic allows hackers to hide their activities in legitimate processes and makes it harder for defenders to detect them. These tools also make attack attribution much harder. Unfortunately, adversaries can use a wide range of legitimate tools to accomplish their goals and hide in plain sight. Smart defenders will need to limit access to sanctioned administrative tools and log use in their environments.
The Need for Dynamic and Proactive Threat Intelligence
Improving an organisation’s ability not only to defend against current threat trends, but also prepare for the evolution and automation of attacks over time, requires threat intelligence that is dynamic, proactive, and available throughout the distributed network. This knowledge can help identify trends showing the evolution of attack methods targeting the digital attack surface and to pinpoint cyber hygiene priorities based on where bad actors are focusing their efforts.
The value and ability to take action on threat intelligence is severely diminished if it cannot be actionable in real time across each security device. Only a security fabric that is broad, integrated, and automated can provide protection for the entire networked environment, from IoT to the edge, network core and to multi-clouds at speed and scale.
Report and Index Overview
The latest Fortinet Threat Landscape Report is a quarterly view that represents the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of global sensors during Q1 2019. Research data covers global and regional perspectives. Also included in the report is the Fortinet Threat Landscape Index (TLI), comprised of individual indices for three central and complementary aspects of that landscape which are exploits, malware, and botnets, showing prevalence and volume in a given quarter.
It’s printing, Jim, but not as we know it
Selling printing services is not only about the hardware anymore, writes ARTHUR GOLDSTUCK
The seminal science fiction series Star Trek generated many catch-lines, like “The Prime Directive” and “Live long and prosper”. One of its most parodied lines, however, is Doctor Bones McCoy’s words to Captain Kirk on encountering an alien species: “It’s life, Jim, but not as we know it.”
That’s exactly the way one could describe the printer industry today. Every time an HP, Epson or Konica Minolta releases a new machine for this sector, one can sense the puzzled frowns of people taken by surprise that it still exists.
The difference is that it has evolved from a focus on paper to an emphasis on document management.
One of the first companies to spot that shift in the market, Japanese-headquartered Konica-Minolta, pioneered the concept of a dedicated printer company introducing its own software development division.
“We’ve always believed our role is solving problems for the customer, and not just to provide print, copy and scan solutions,” says Marc Pillay, CEO of the company’s South African division. “Our primary focus is multi-functional devices, but we always look at adding value to clients. Our real job is to assist in achieving a better return on investment.”
The proof of the pudding is that the local division is one of the biggest Konica-Minolta distributors in the world. The reason is simple: unlike most other countries, the South African operation has both a direct and indirect channel. That means it is able to supply companies through its reseller network, while also having a presence on the ground in the form of a dealer network across the country. That, in turn, has given it access to municipalities and other organs of state.
“Our value proposition is based on quality products, service and an unparalleled supply chain,” says Pillay. “When everyone was afraid to do business with government, we thrived on it. It comes from being located in areas where it’s easy to do business with us.”
One could call that the secret of success for existing demand. The coming era, however, will require an appreciation of the next big shifts in printing, says Pillay.
“We’ve seen the big shifts from analog to digital, from monochrome to colour, and from decentralisation to centralisation of printing. The next shift is unbundling printing into a hybrid approach, using both cloud and managed solutions. It’s all going to become subscription-based, and it will be print-on-demand. The high-end customers go into that very quickly, but we still have to cater for people who just do copying.”
Pillay believes that the opening of Microsoft’s Azure data centres in South Africa in March has already made a difference.
“Now you can scan from a device into Microsoft’s SharePoint online or Google Drive. It’s not about screen size anymore, but what you can do to make an impact.”
Where people don’t print, says Pillay, they’re absorbing documents digitally.
“We have to make sure that, where we lose the print, we are gaining the management of the scan, digitisation of the document or management of the workflow. Our income will come out of the workflow.
“Clearly, we’re not just focused on selling a piece of hardware anymore.”
- Arthur Goldstuck is founder of World Wide Worx and editor-in-chief of Gadget.co.za. Follow him on Twitter and Instagram on @art2gee
SA chooses most loved local businesses
A new World Wide Worx research report identifies and names South Africa’s 12 Most Loved Local businesses, and places the spotlight on the vital role commercial businesses play in the South African economy. The country’s favourite local businesses include the Chapman’s Peak Hotel in Hout Bay – famed for its calamari, celebrity chef David Higgs’ Rosebank eatery Marble as well as Rouge Day Spa with branches in Kenilworth and Constantia in Cape Town run by a dynamic mother and daughter duo.
The aim of the Most Loved Local report was to celebrate those businesses South Africans love the most and to investigate exactly what makes consumers big fans of these entities. It further offers these enterprises insights into what it takes to succeed in business, highlights the qualities that convert clients into fans and encourages more South Africans to ‘shop’ local.
Commissioned by Santam, results were compiled using a combination of digital listening tools and traditional research. Social media listening using organic search analysis looked into which business categories were being searched for most. This was followed up with a trend analysis to assess whether a business category was growing in popularity, keyword volume analysis to refine the categories and finally social listening within the categories which businesses were being spoken about in the most positive terms. Thereafter, a poll was conducted among 2 489 respondents to find out what made them love a local business – or not. The sample was nationally representative and aligned to the economically active population per province. A respected independent research house World Wide Worx conducted the research.
The full list of businesses that came top across 12 categories are:
- Place to Stay: Chapmans Peak Hotel (Cape Town) – the one with the perfect calamari
- Eatery: Marble (Johannesburg) – the one with the celebrity chef in the kitchen
- Butcher: The Butcher Man (Cape Town) – the one that people cross town for
- Bakery: Fournos (Johannesburg) – the one that is way more than a bakery
- Spa: Rouge Day Spa (Cape Town) – the one run by a dynamic mother-daughter team
- Entertainment Spot: Gold Reef City (Johannesburg) – the one with the heart of gold
- Gym: Dream Body Fitness (Johannesburg) – the one that is completely unintimidating to work out at
- Interior Designer: By Dezign Interiors (Johannesburg) – the one that really, really gets its clients’ style
- Market: Bryanston Organic & Natural Market (Johannesburg) – the one that was an organic market before it was trendy to be an organic market
- Laundromat: Exclusive Dry Cleaners (Johannesburg) – the one that treats every single client like family
- Car Wash: Tubbs’s Car Wash (Johannesburg) – the one that cleans your car while you have a haircut
- Construction company: Radon Projects (Pretoria) – the one that is ready all day and all night
Delving into what makes a consumer go from ‘client to fan’, the key factor standing out above all others was service. Arthur Goldstuck, CEO of World Wide Worx, says it seems South Africans will forgive a multitude of ‘sins’ if they are treated well. “Good service was the number one factor that makes 40% of those surveyed support a local business. This was followed by quality products at 18%. Third place went to value for money at 10%, proving the old adage that competing on price alone is not a sound business strategy,” said Goldstuck.
When asked what makes them loyal to a local business, some interesting views across age groups emerged. “Younger clients are more swayed by quality, while older ones are impressed by service. This seems to fit with younger people wanting the status of nice things, and older people wanting to feel valued and respected,” said Goldstuck.
Unsurprisingly, all 12 Most Loved Locals called out service as one of their guiding lights and core pillars when interviewed. Theo and George Parpottas, owners of Exclusive Dry Cleaners, the selected company in the laundromat category, believe when someone walks into their shop, they should be greeted with smiling faces and courteous people. “We don’t care if it’s the president or a beggar, from the moment they walk in, they are a client. We greet them, we are courteous, and we treat them with respect. It doesn’t matter what they bring.”
For Gary Karycou, who co-owns Marble in Rosebank with celebrity chef David Higgs, it is all about attitude. “You can teach someone anything if they want to do it, but we employ on attitude. You get the basic skills but if someone really wants to learn, you can transform them.” He continues, “Giving the best service to our clients, is our motto. It’s something that’s lacking in South Africa and even globally. Businesses just become a bit complacent.”
Famed Green Point butchery and restaurant, The Butcher Man, is owned by Arie Fabiani. He says people will drive past other butcheries and come all the way to the Butcher Man because “we deliver a great service. Good service is critical, and our team knows it.”
Another key finding was that people are more likely to recommend a business if there is a good deal or excellent value for money. Mokaedi Dilotsotlhe, Chief Marketing Officer at Santam, says this is an interesting finding. “Perhaps we are more likely to share a good deal with others and keen to help others find great nuggets of the positive trade-off between value and price. So, it is worth ensuring that, in addition to service and quality, your clients feel like they are getting value for the money they spend with you. That way, they are more likely to tell family and friends the good news!”
Dilotsotlhe added that the report’s release has been well-timed as the need to stimulate sectors of the economy which can create jobs has never been more vital. Commercial enterprises are responsible for a significant percentage of the labour-force in South Africa, and the impact thereof is significant. Due to the fact that these enterprises remain a largely underinsured sector, the campaign also seeks to highlight the need for insurance as a vital aspect of business continuity. When they thrive, it benefits the whole nation, and from a Santam perspective, this translates into sustainable growth for our business.
To download the full report, click here.