Poor security hygiene results in worm-like attacks; report
Cybercriminals are exploiting known vulnerabilities resulting in maximum impact
Fortinet has discovered that poor cybersecurity hygiene and risky application usage allows for destructive worm-like attacks to take advantage of exploits.
Fortinet's Global Threat Landscape report highlighted that cybercriminals are spending more time on leveraging automated and intent-based tools that have not been patched or updated to impact an organisation.
The report found that 90% of organisations recorded exploits for vulnerabilities that were three or more years old. Overall, data from Q2 found a total of 184 billion exploit detections, 62 million malware detections, and 2.9 billion botnet communications attempts.
Furthermore, both WannaCry and NotPetya targeted a vulnerability that only had a patch available for a couple of months. Organisations that escaped the wrath of these ransomware attacks had security measures in place and/or applied the patch when it became available.
Phil Quade, chief information security officer, Fortinet, said: "The technology innovation that powers our digital economy creates opportunity for good and bad in cybersecurity. Yet, something we don't talk about often enough is the opportunity everyone has to limit bad consequences by employing consistent and effective cybersecurity hygiene.
"Cybercriminals aren't breaking into systems using new zero day attacks, they are primarily exploiting already discovered vulnerabilities. This means they can spend more of their resources on technical innovations making their exploits difficult to detect. Newer worm-like capabilities spread infections at a rapid pace and can scale more easily across platforms or vectors. Intent-based security approaches that leverage the power of automation and integration are critical to combat this new ‘normal'."
Cybercriminals are ready and able to exploit weakness or opportunities in these new technologies or services. In particular, business-questionable software usage and the vulnerable IoT devices of hyper-connected networks represent potential risk because they are not being consistently managed, updated, or replaced.