Two recent industry reports warned of the dangers of over-reliance on perimeter security as an enterprise defense method. Even as one study noted an inability among many enterprise organizations to prevent common threats that have plagued the industry for years, another report warned of a new attack vector that may compound existing threats facing organizations.
Fortinet's Threat Landscape Report details 185 million incidents that bypassed perimeter defense and anti-virus detection. The report revealed details on botnets, malware, and distributed denial-of-service (DDoS) attacks.
Botnet activity continues to serve as a common method of malware distribution, according to Fortinet. The study found especially high volumes of botnet activity distributing Zeus malware (accounting for 15 percent of the botnet activity observed by the firm. The Trojan family has been popular since 2013. Fortinet also found a high density of botnet activity distributing Tepfer (accounting for 14 percent of botnet activity), CIG (13 percent), and Regin (13 percent) malware families.
Fortinet senior cyber security researcher Aamir Lakhani said many of the threats “are quite dated” yet continue to bypass defense methods. “As a researcher, it is quite disheartening,” he told SCMagazine.com.
The report noted a rising number of attacks that were the result of enterprises increasingly relying on open source software, although Lakhani said vendors are slow to update open source components into commercial software.
The ongoing success of common threats is especially concerning in light of a blog post published by Invincea that noted the detection of an attempted attack against a financial institution using a malicious document that imitated a SWIFT banking transfer receipt. The attack did not fit the pattern profile of previous malicious attachments and led to the discovery of a site that appears to be “the first ever turnkey solution to create weaponized documents,” the blog post stated.
Invincea CEO Anup Ghosh told SCMagazine.com that the platform allows individuals possessing no technical skills to launch sophisticated spear-phishing attacks. “Anyone with a grudge” can launch an attack with only access to bitcoin and a target's email address, whereas earlier platforms required “at least some level of hacking skills,” he said.
The Fortinet report also noted an increase in OpenBSD denial-of-service attacks against healthcare targets. Lakhari said he believes it is “very unlikely” that most of the OpenBSD DoS attacks originate from outside the network. “They may have attackers who are sitting in the networks,” Lakhani said.