Cyber attackers hit victims faster and with more force owing to increases in automation and other key factors, signaling advanced persistent threat actors have again elevated their game to a more destructive and unpredictable level, a recent report from Fortinet’s FortiGuard Labs for 2H 2021 said.
Moreover, hackers are increasingly attempting to exploit the expanding attack surface of hybrid workers and hybrid IT, according to the study.
Per FortiGuard Labs, here are some highlights from the report and the impact on managed security service providers (MSSPs):
- The Log4j vulnerabilities, despite emerging at the close of 2021, quickly escalated in less than a month to become the most prevalent IPS detection of 2H 2021. MSSP impact: Organizations have very little time to react or patch today given the speeds that cyber adversaries are employing to maximize fresh opportunities.
- Some lesser or low-lying threats have the potential to cause bigger problems in the future. How so? Linux malware is increasingly becoming part of cyber attackers’ repertoire. MSSP impact: Linux runs the back-end systems of many networks and container-based solutions for IoT devices and mission-critical applications and is becoming a more popular target for attackers. Linux needs to be secured, monitored and managed as any other endpoint in the network.
- Botnets are now multipurpose attack vehicles leveraging a variety of more sophisticated attack techniques, including ransomware. MSSP impact: To protect networks and applications, organizations must implement zero trust access solutions to secure IoT endpoints and devices entering the network.
- A sustained interest by cyber adversaries in maximizing the remote work and learning attack vector often shows up as phishing lures or scripts that inject code or redirect users to malicious sites. MSSP impact: Organizations must take a "work-from-anywhere" approach to their security by deploying solutions capable of following, enabling, and protecting users no matter where they are located.
- Ransomware has not subsided from peak levels over the last year and the sophistication, aggressiveness, and impact of ransomware is increasing. MSSP impact: Threat actors continue to attack organizations with a variety of new and old ransomware that is being actively updated and enhanced, sometimes with wiper malware included, while other ransomware is used in a ransomware-as-a-service (RaaS) business model.
- Analyzing the attack goals of adversaries is important to be able to better align defenses against the speed of changing attack techniques. MSSP impact: Stopping an adversary earlier is more critical than ever. By focusing on a handful of those identified techniques, in some situations an organization could effectively shut down a malware’s methods for attack.
“Cybersecurity is a fast-moving and dynamic industry, but recent threat events show unparalleled speeds at which cyber adversaries are developing and executing attacks today,” said Derek Manky, FortiGuard Labs security insights and global threat alliances chief. “New and evolving attack techniques span the entire kill chain but especially in the weaponization phase, showing an evolution to a more advanced persistent cybercrime strategy that is more destructive and unpredictable,” he said.
