Small businesses are facing the highest levels of cyber attacks in both number and sophistication as automated swarm attacks increase.
A cyber threat report reveals an average of 274 exploit detections per firm were recorded in the last quarter of 2017, up 82% from the previous quarter, according to Fortinet’s latest global threat landscape report.
The Fortinet report shows that the number of malware families also increased by 25% and unique variants grew by 19%, indicating not only growth in volume, but also an evolution of the malware.
Also, automated and sophisticated “swarm attacks” are accelerating, the report said, making it increasingly difficult for organisations to protect users, applications and devices.
As small businesses become more digital, the report warned that cyber criminals are taking advantage of the expanding attack surface to carry out new disruptive attacks, including swarm-like assaults that target multiple vulnerabilities, devices and access points simultaneously.
The combination of rapid threat development and the increased propagation of new variants is increasingly difficult for many organisations to counter, the report said.
The researchers found that encrypted traffic using HTTPS and SSL (secure sockets layer) grew to a high of 60% of total network traffic, but the report noted that although encryption can help protect data in motion as it moves between core, cloud and endpoint environments, it also represents a real challenge for traditional security technology that has no way of filtering encrypted traffic.
Three of the top 20 attacks identified in the quarter targeted internet of things (IoT) devices and exploit activity quadrupled against devices such as Wi-Fi cameras. None of these detections was associated with a known or named vulnerability, which the report said is one of the troubling aspects of vulnerable IoT devices.
Unlike previous IoT-related attacks, which focused on exploiting a single vulnerability, the report said new IoT botnets such as Reaper and Hajime can target multiple vulnerabilities simultaneously, which is much harder to combat.
The data shows ransomware is still prevalent, with several strains topping the list of malware variants. Locky was the most widespread malware variant and GlobeImposter was second.
The report highlighted an increase in sophisticated industrial malware, with the data showing an uptick in exploit activity against industrial control systems (ICS) and safety instrumental systems (SIS). This suggests these under-the-radar attacks might be climbing higher on attackers’ radar, the report said, citing an attack dubbed Triton, which has the ability to cover its tracks by overwriting the malware itself with garbage data to thwart forensic analysis.
Because these platforms affect vital critical infrastructures, they are enticing for threat actors, the report said, adding that successful attacks can cause significant damage with far-reaching impact.
The report also pointed out that steganography, which embeds malicious code in images, also appears to be resurgent.
The Sundown exploit kit, the report said, uses steganography to steal information, and although it has been around for some time, it was reported by more organisations than any other exploit kit, and was found dropping multiple ransomware variants.
The threat data in the quarter’s report reinforces many of the predictions made by the Fortinet FortiGuard Labs global research team for 2018, which forecast the rise of self-learning hivenets and swarmbots.
The report predicted that the attack surface will continue to expand, while visibility and control over today’s infrastructures diminish. To address the problems of speed and scale by adversaries, the report said organisations need to adopt strategies based on automation and integration.
“Security should operate at digital speeds by automating responses as well as applying intelligence and self-learning so that networks can make effective and autonomous decisions,” the report said.
So if you want to save yourself stress, money and a damaged reputation from a data incident with affordable, live systems protection please ring us now on 01242 521967 or email [email protected] or complete the form on our contact page NOW