Threat Landscape Report for Q3 2019

Threat Landscape Report for Q3 2019

Spotlight

Celebrate The Holidays With MMFF 2020, Globe, And Upstream

Globe and its partners also encourages moviegoers to fight online privacy.

More Than 124k Drivers, Operators Join Transport Cooperatives

A total 124,443 drivers and franchise owners and operators have joined accredited transport cooperatives ready for franchise consolidation.

Globe Recreates The Way You Learn With Special Promos

Globe introduces special Go promos for students and the GoTOK series to make quality learning and self-improvement accessible for everyone online and in real life!

Roma Point Bridge Construction In Full Swing With Republic Cement Support

Expected to be the longest bridge in Calabarzon, the Roma Point Bridge, also known as the Alabat Bridge, will be 1.7 kilometers long upon completion and will connect Alabat Island to mainland Quezon province.

While many of us may have taken a well-earned vacation over the summer, cybercriminals were hard at work looking for new ways to target and exploit our networks, devices, and services. The Fortinet Threat Landscape Report provides insights into the top threats and trends discovered and tracked by the FortiGuard Labs team, and the report for last quarter shows that cybercriminals are continuing to focus on finding ways to stay a step ahead of their cybersecurity professional adversaries.

When people consider cybercrime, they tend to think of some of the more high-profile events of the past that used sophisticated malware or exploited zero-day vulnerabilities. And while some efforts continue to be made in those areas, most criminals focus on leveraging their existing resources. The top issues for Q3 are no different.

Cybercriminals Are Looking To Augment Their Phishing Efforts
Cybercriminals Are Targeting Edge Services

Because over 90% of malware is still delivered via email, many organizations have responded by aggressively focusing on training users to identify phishing emails and not click on email attachments. They are also more aware of the importance of email security solutions. As a result, criminals have begun to expand their tactics by simply targeting other areas of the attack surface that aren’t being focused on.

For example, over the past quarter FortiGuard Labs has observed attacks targeting publicly available edge services with remote code execution exploits. Once criminals establish a foothold at the edge, they then use that attack vector to begin delivering their malware to targets inside the network, with the same result as having used phishing to deliver those same payloads.

Bypassing Adblockers Whitelist Malicious Sites
Another strategy is to prevent adblocker security tools from blocking access to malicious content. Adblock Plus, for example, is an open-source browser extension that provides content-filtering and ad blocking for all of the major browsers, including Firefox, Chrome, Internet Explorer, Edge, Opera, Safari, Yandex, and Android. It also uses a key to tag approved advertisement sites so they can be whitelisted. However, this key has been identified by attackers and is being exploited to also whitelist their malicious sites. These webpages can then serve their malicious advertisements, or even function as a phishing page to users who rely on the adblocker solution to block malicious sites and content.

The HTML/Framer.INF!tr IPS signature that detects these webpages is at the top of our list of most prevalent malware variants detected in Q3 2019 across all global regions. However, it is important to note that some of these detections may be false positives because of the way Adblock is designed, making it difficult to produce a fully reliable signature.

Malware-As-A-Service Continues To Grow
New Ransomware-As-A-Service Offerings On The Dark Web

The GandCrab ransomware and its Ransomware-as-a-Service (RaaS) offering netted its developers as much as $2 billion before they retired last year. As a result, many cybercriminal organizations are keen to jump on the bandwagon. Last quarter, FortiGuard Labs observed that at least two other significant ransomware families – Sodinokibi and Nemty – are now available on the dark web as ransomware-as-a-service offerings. By using this RaaS model, the authors of these malware tools are significantly lowering the bar, both in terms of overhead and expertise, for launching such attacks.

Emotet Offers A New Spin On MaaS
Emotet, a popular and successful banking trojan, has launched a similar service that rents access to devices infected with the Emotet trojan. This is especially malicious because the Emotet developers have added the ability for the malware to deliver malicious payloads. This means that attackers using this new malware-as-a-service offering can infect targeted networks with additional malware, such as the Trickbot trojan and Ryuk ransomware, launched from a previously compromised device.

Another new Emotet trick significantly increases the efficiency of distributing malware through phishing. Cybercriminals naturally want to deliver phishing email with the highest likelihood of being opened. This new Emotet phishing strategy steals email threads, not just email addresses, from infected devices. It then develops an infected reply from someone in the thread and sends it to the other thread participants disguised as being part of the thread. This strategy has proven to be exponentially more effective than trying to hook victims using a cold initial phishing attempt, or even a targeted spearphishing tactic.

Older Attacks Remain A Persistent Threat
It is important to remember that attacks don’t need to be new to be successful. According to the Q3 Threat Landscape Report, FortiGuard Labs saw more attempts to target vulnerabilities from 2007 than from 2018 and 2019 combined. And every year in between equaled 2018/19 levels. This trend shows how unpatched vulnerabilities—regardless of age—can heighten exposure. The point is that attackers (and their tools) don’t ignore older vulnerabilities and neither should you.

What You Can Do

Segment Your Networks
Many of these attacks and exploits are successful because vulnerable systems are not being adequately protected. Older vulnerabilities can be successfully protected by conducting a risk assessment and then prioritizing the likelihood of a device being exploited using the FortiGuard Security Rating Service. In addition to patching and upgrading devices, organizations should also consider implementing intent-based network segmentation and zero trust access strategies to prevent critical devices and vulnerable systems from being exploited. Segmentation also minimizes the risks of a successful intrusion by shrinking the available attack surface.

Tourism Grad In Leyte Thrives In Farming

A millennial based in Leyte quits his white-collar job and breaks the old-age claim that there is no career in farming by venturing into agriculture. Read his story here:

Fishermen Still Advised Not To Sail In Pangasinan

Fishermen were advised not to sail in Pangasinan as tropical cyclone wind signal no. 1 is still up over 10 towns and Alaminos City in the western part of the province, according to the Pangasinan Provincial Disaster Risk Reduction and Management Office.

Nueva Ecija IP Group Gets Training On Mushroom Processing

The Department of Agriculture in Central Luzon is promoting the processing of mushroom products that can give benefits to one’s health and provide additional source of income amid the challenges brought by the health pandemic.

Dim Water Prospects Continue To Haunt 3 Luzon Dams

The Angat, San Roque, and Pantabangan dams in Luzon may still be struggling for water this November.

Pasig Temporarily Shuts Down Community Kitchen

The Pasig city government has temporarily closed its community kitchen after one of its workers tested positive for the COVID-19.

Gatchalian Files Bill Seeking Reforms To Improve Teacher Education

The Teachers Education Council will institutionalize the National Educators Academy of the Philippines, the Department of Education's professional development arm, which will provide and streamline professional development of teachers and school leaders.

50 ‘COVID-Busters’ Deployed In Catanduanes Town

A total of 50 newly hired contact tracers of the Department of the Interior and Local Government in Bicol have been deployed to Virac town in Catanduanes province to help in the continuous fight against the COVID-19.

Rep. Aglipay Calls For Proper Disposal Of Face Masks, Face Shields

"The proper disposal of such medical waste is not only a vital part of defeating COVID-19 but also a means to ensure that future generations have a ‘balanced and healthful ecology in accord with the rhythm and harmony of nature’ as guaranteed by no less than the 1987 Philippine Constitution," said DIWA Rep. Michael Edgar Aglipay.

Quiapo Church Introduces Mobile App

The Quiapo Church goes digital! This newly launched app will help devotees attend mass virtually and deliver their prayer intentions. Will you be using it?

Specialty Pulp Manufacturing Inc. Chooses 100% Clean Energy From EDC

Agriculture-based manufacturing company SPMI is now being powered by clean, renewable, reliable energy from EDC!