Cyber attacks are spreading at record pace through known vulnerabilities

Friday 25 August 2017

Cyber criminals are exploiting known vulnerabilities and maximising the impact with a hybrid threat known as ransomware

Fortinet has today announced the findings of its latest threat landscape report. The research reveals that poor cyber security hygiene and risky application usage enables destructive worm-like attacks to take advantage of hot exploits at record speed.

Adversaries are spending less time developing ways to break in, and instead are focusing on leveraging automated and intent-based tools to infiltrate with more impact to business continuity.

Effective cyber hygiene is critical to fight worm-like attacks

Crime-as-a-service infrastructure and autonomous attack tools enable adversaries to easily operate on a global scale. Threats like WannaCry were remarkable for how fast they spread and for their ability to target a wide range of industries.

Yet, they could have been largely prevented if more organisations practiced consistent cyber hygiene. Unfortunately, adversaries are still seeing a lot of success in using hot exploits for their attacks that have not been patched or updated.

To complicate matters more, once a particular threat is automated, attackers are no longer limited to targeting specific industries, therefore, their impact and leverage only increases over time.

• Ransomworms on the rise: Both WannaCry and NotPetya targeted a vulnerability that only had a patch available for a couple of months. Organisations who were spared from these attacks tended to have one of two things in common.

They had either deployed security tools that had been updated to detect attacks targeting this vulnerability, and/or they applied the patch when it became available. Prior to WannaCry and NotPetya, network worms had taken a hiatus over the last decade.

• Critical-severity of attacks: More than two-thirds of firms experienced high or critical exploits in Q2 2017. 90% of organisations recorded exploits for vulnerabilities that were three or more years old.

Even ten or more years after a flaw’s release, 60% of firms still experienced related attacks. Q2 data overall quantified 184 billion total exploit detections, 62 million malware detections, and 2.9 billion botnet communications attempts.

• Active during downtime: Automated threats do not take weekends or nights off. Nearly 44% of all exploit attempts occurred on either Saturday or Sunday. The average daily volume on weekends was twice that of weekdays.