Cyber criminals targeting remote work to gain access to enterprise networks and critical data


Good threat intelligence can sift through mountains of data collected from sensors across the globe to provide insights into what is happening and what countermeasures need to be in place to defend against a dynamic threat environment. For example, Fortinet's FortiGuard Labs just released its latest Global Threat Landscape Report covering the first half of 2020. This report details the dramatic scale and lengths that cybercriminals – even nation-state actors – have been willing to go as a result of the global pandemic.

Key takeaways from the first half of 2020

The adaptability of adversaries enabled waves of attacks targeting the fear and uncertainty in current events as well as the sudden abundance of remote workers outside the corporate network, which quickly expanded the digital attack surface overnight. Below are some of the most prevalent cyber trends from Q1 and Q2 uncovered in the current Threat Landscape Report:

  • Well-known threats such as ransomware have not diminished or disappeared during the last six months; they continue a more targeted nature. Instead, COVID-19 themed messages and attachments were used as lures in a number of different campaigns. Other ransomware was discovered rewriting the computer's master boot record (MBR) before encrypting the data.
  • Web-based malware became the most common vehicle for delivering malware, outpacing email as the primary malware delivery vector. For attackers the shift to remote work was an unprecedented opportunity to target unsuspecting individuals in multiple ways. Web browsers are targets too. The network perimeter has extended to the home.
  • While 2020 is publishing a record number of vulnerabilities, we are also seeing the lowest number of exploits targeting those vulnerabilities ever recorded in the 20-year history of the CVE List. Instead, vulnerabilities from 2018 make up 65% of detected exploits, while more than a quarter of firms detected attempts to exploit CVEs from 2004.
  • Several consumer-grade routers and IoT devices were at the top of the list for IPS detections, which is an indication that cybercriminals are looking to exploit vulnerabilities that still exist in home networks. The objective is to use those compromised home networks to launch attacks into the corporate networks that home workers log into remotely.
  • Similarly, Mirai (from 2016) and Gh0st (2009) were the top botnet detections, again to target older vulnerabilities, although this time in consumer IoT products attached to home networks.

What now?

Review ransomware countermeasures – A ransomware strategy should include the ability to strip out malicious content in email using new content disarm and reconstruction (CDR) tools. Networks also need to be segmented to restrict access to critical resources. Full data backups need to be stored off-network to ensure a rapid recovery. And data needs to be encrypted so that it cannot be used or exposed by cybercriminals. This needs to be coupled with a detailed response strategy that is drilled regularly to eliminate downtime.

Secure Endpoints – Ensure that appropriate security is in place to protect remote data and applications, and to inspect VPN connections to ensure they aren't a conduit for malware. This requires more than just loading traditional antivirus (AV) and endpoint protection (EPP) security onto endpoint devices. New endpoint detection and recovery (EDR) solutions can identify sophisticated attacks and prevent malware that has made its way onto a device from executing.

Inspect all VPN traffic – VPN connections require a full inspection to detect malware originating from remote workers' home networks. This requires firewalls not only capable of managing increased VPN traffic but also provide the heavy processing required to inspect encrypted traffic without becoming a network bottleneck.

Use threat intelligence to stay abreast of threat trends

CISOs and other security professionals are strongly advised to subscribe to and read weekly, monthly, semiannual, and annual threat reports. They should also subscribe to threat feeds and IOC lists, and participate in local or industry ISAC communities. This allows them to gain a broader perspective of the threat landscape, review recommendations, and take appropriate countermeasures.

This information is designed to help security professionals keep a finger on the pulse of the evolving threat environment. Critical insights inform professionals of the latest and most prevalent threats and provide analysis and guidance to build proactive defenses that can defend against new threat trends.

As always, the best defense against cyber threats is good information. Leveraging critical threat intelligence, such as the latest edition of the Fortinet Threat Landscape Report, enables organizations to refocus and refine their resources and strategies so they can remain a step ahead of threat actors who mean to do them harm.

Read more about the latest cybersecurity threat trends and the rapidly evolving threat landscape in our latest 2020 Threat Landscape Report.

Derek Manky, Chief, Security Insights & Global Threat Alliances, Fortinet’s FortiGuard Labs

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.