FortiGuard Labs finds increased cyber threats during Rio Olympics
By Digital News Asia August 12, 2016
- In June, Brazil’s percentage increase was higher in three of four categories
- The two most common delivery methods are phishing emails and malicious websites
THE volume of malicious and phishing artifacts (i.e. domain names and URLs) is on the rise particularly in Brazil as Rio Olympics 2016 gets underway. This is according to the findings in FortiGuard Labs cyber threat landscape global report published by Fortinet.
In June 2016, Brazil’s percentage increase was higher in three of four categories in Fortinet’s report when compared with the global percentage increase. The highest percentage growth was in the malicious URL category at 83% compared to 16% for the rest of the world.
As the 2016 summer Olympic Games unfolds, FortiGuard Labs is already seeing indicators of repeat techniques such as domain lookalikes for payment fraud and malicious websites or URLs targeting event and government officials.
“The expanding attack surface enabled by technology innovation, new IoT devices, regulatory pressures, and a global shortage of cybersecurity talent continue to drive cyber threats. All of these elements combined with global political events add more complexity to the situation and complexity is the enemy of security,” said Fortinet senior security strategist Ladi Adefala.
“Simply deploying security point solutions end-to-end is not enough. Organisations need to adopt a Security Fabric that will enable direct communication between solutions for a unified and rapid response to advanced threats.”
Fortinet FortiGuard Labs research is seeing a return of old threats and attack vectors, and the continued persistence of classic attacks, such as Conficker and ransomware, through updated variants. Fortinet’s telemetry data and research indicates that the two most common delivery methods are phishing emails and malicious websites.
Advanced Threat Technique - 'Behaviour Blending': Over the past three months a sophisticated method to help attackers persist inside systems they have breached is on the rise. Behaviour blending is a technique used by criminals that allows them to blend in on a compromised network. Given this evasion technique has a lot of potential for thwarting detection, Fortinet expects to see more of it as it is refined and new tools are developed to better mimic the behaviour of a credentialed target.
Phishing: The volume of global phishing activity remains high with a 76% increase from April to June based on FortiGuard Labs’ phishing domains and URLs threat data. The percentage growth from May to June was 11%. Additional email phishing takeaways include increased activity from Tokelau with the top four country code domains in Q2 2016 being Brazil, Columbia, Russia and India. Additionally, domain lookalikes are still very active (e.g. nefflix vs netflix). Lastly, FortiGuard also observed a number of large financial institutions’ names included as part of the phishing domains and URLs.
Exploit Kits: There’s an uptick in the use of JavaScript-based Exploit Kits (EKs) with malicious URLs to deliver ransomware mostly as first-stage downloader payloads. A shift is in play currently from Angler to Fiesta and Neutrino which both show up consistently in FortiGuard’s top 10 exploit kits globally.
Advanced Malware: The JS/Nemucod family has been the dominant malware family globally in the last three months. This family is currently the most active ransomware downloader, with overall ransomware attacks significantly on the rise.
Data Exfiltration - Botnet Indicators: FortiGuard’s threat telemetry shows botnet activity and chatter on the rise, with ransomware botnet activity from Locky and Cryptowall as the notable names in the top 10.
Related Stories:
Fortinet warns of ransomware targeting mobile devices
Fortinet advocates two-factor authentication as breaches escalate
Don't rely on ISPs for protection, Fortinet warns organisations
Black hat hackers will be more sophisticated in 2015: Fortinet
Channelling World Cup passion into smart security
Phishers and scammers targeting the World Cup: Kaspersky
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.