Intelligent CIO Africa Issue 33 | Page 18

TRENDING //////////////////////////////////////////////////////////////////// control devices such as environmental controls, security cameras and safety systems. names and hashes of files each time the victim logs in, making it difficult to spot the malware on infected host systems. A signature related to building management solutions was found to be triggered in 1% of organisations, which may not seem like much, but it is higher than typically seen for ICS or SCADA products. The growing use of anti-analysis and broader evasion tactics is a reminder of the need for multi-layered defences and behaviour-based threat detection. Under the radar attacks aim for the long-haul The Zegostinfostealer malware is the cornerstone of a spear phishing campaign and contains intriguing techniques. Like other infostealers, the main objective of Zegost is to gather information about the victim’s device and exfiltrate it. Yet, when compared to other infostealers, Zegost is uniquely configured to stay under the radar. For example, Zegost includes functionality designed to clear event logs. This type of cleanup is not seen in typical malware. Another interesting development in Zegost’s evasion capabilities is a command that kept the infostealer ‘in stasis’ until after February 14, 2019, after which it began its infection routine. The threat actors behind Zegost utilise an arsenal of exploits to ensure they establish and maintain a connection to targeted victims, making it far more of a long term threat compared to its contemporaries. Ransomware continues to trend to more targeted attacks The attacks on multiple cities, local governments and education systems serve as a reminder that ransomware is not going away, but instead continues to pose a serious threat for many organisations going forward. Ransomware attacks continue to move away from mass-volume, opportunistic attacks to more targeted attacks on organisations, which are perceived as having either the ability or the incentive to pay ransoms. In some instances, cybercriminals have conducted considerable reconnaissance before deploying their ransomware on carefully selected systems to maximise opportunity. For example, RobbinHoodransomware is designed to attack an organisation’s 18 INTELLIGENTCIO Phil Quade, Chief Information Security Officer, Fortinet Cybercriminals are searching for new opportunities to commandeer control devices in homes and businesses. Sometimes these types of devices are not as prioritised as others or are outside the scope of traditional IT management. network infrastructure and is capable of disabling Windows services that prevent data encryption and to disconnect from shared drives. The security of smart residential and small business systems deserves elevated attention especially since access could have serious safety ramifications. This is especially relevant for remote work environments where secure access is important. Another newer ransomware, called Sodinokibi, could become another threat for organisations. Functionally, it is not very different from a majority of ransomware tools in the wild. How to protect your organisation – broad, integrated and automated security It is troublesome because of the attack vector, which exploits a newer vulnerability that allows for arbitrary code execution and does not need any user interaction like other ransomware being delivered by phishing email. Regardless of the vector, ransomware continues to pose a serious threat for organisations going forward, serving as a reminder of the importance of prioritising patching and infosecurity awareness education. In addition, Remote Desktop Protocol (RDP) vulnerabilities, such as BlueKeep, are a warning that remote access services can be opportunities for cybercriminals and that they can also be used as an attack vector to spread ransomware. New opportunities in the digital attack surface Between the home printer and critical infrastructure is a growing line of control systems for residential and small business use. These smart systems garner comparably less attention from attackers than their industrial counterparts, but that may be changing based on increased activity observed targeting these Threat intelligence that is dynamic, proactive and available in real-time can help identify trends showing the evolution of attack methods targeting the digital attack surface and to pinpoint cyberhygiene priorities. The value and ability to take action on threat intelligence is severely diminished if it cannot be actionable in real-time across each security device. A security fabric that is broad, integrated and automated can provide protection for the entire networked environment, from IoT to the Edge, network core and to multi-clouds at speed and scale. Report and index overview The latest Fortinet Threat Landscape Report is a quarterly view that represents the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of global sensors during Q2 2019. Research data covers global and regional perspectives. Also included in the report is the Fortinet Threat Landscape Index (TLI), comprised of individual indices for three central and complementary aspects of that landscape which are exploits, malware and botnets, showing prevalence and volume in a given quarter. n www.intelligentcio.com