Fortinet has just released its global Threat Landscape Report for Q3 of 2018, analyzing threat data culled from millions of Fortinet devices deployed across the globe. One of the unique aspects to this report is that we provide a regular analysis of the threat landscape, rather than the annual or semi-annual formats provided elsewhere. This allows us to dig a bit deeper into what is happening across exploits, malware, and botnets, with deeper dive indices to provide cybersecurity professionals with timely information on issues they should be concerned with right now, rather than with a recap long after events have taken place.
It also provides us with the opportunity to deliver a running analysis of trends. Like any other sort of security strategy, identifying patterns helps cybersecurity professionals get out in front of threats rather than simply reacting to them. Of course, even a quarterly report isn’t enough. Our FortiGuard Labs Weekly Threat Brief provides timely insight and analysis that help organizations see and respond to breaking threats and trends. And for near real-time information, organizations can subscribe to our FortiGuard Threat Intelligence services that provides live threat updates, hot bulletins on breaking threats, and real-time software updates to Fortinet security solutions.
One of the most interesting aspects of producing the quarterly Threat Landscape Report is that we are able to uncover some critical trends that might be missed when looking at risk on a minute-by-minute basis. This quarter has been no different. Below are trends highlighted in the Q3 report that bear emphasizing.
Over the past year or so we have seen cryptojacking increase as the top security concern. This is reflected in the fact that during 2018, the number of platforms used to mine data jumped 38%. Even more concerning, however, is that people are beginning to realize that cryptojacking is more than simply a drain on system performance and resources. We have begun to see a rise in cryptojacking variants that disable existing security solutions such as antivirus, open additional communications ports on deployed firewalls, and add administrator accounts that enable attackers to return to propagate new malware. The result is that a cryptojacking infection doesn’t just steal CPU cycles, but is also creating a gateway for additional exploits.
Threats from mobile devices are having a bigger impact on network security. During Q3, more than a quarter of organizations experienced a mobile malware attack. Android OS for mobile devices is far and away the top culprit. By comparison, only .0003% of threats were attributable to Apple iOS. In fact, 14% of malware alerts this past quarter were Android related. This isn’t just mobile device alerts. It’s 14% of all malware. Security leaders without a strategy to address mobile threats, especially those with an open BYOD policy, are making their organizations extremely vulnerable as mobile devices are increasingly an entry point into corporate assets.
While the number of botnet infections didn’t climb appreciably during Q3, the number of days that an botnet infection was able to persist inside an organization increased 34% from 7.6 days to 10.2 days. This indicates that botnets are becoming more sophisticated, difficult to detect, and harder to remove. However, this increase is also the result of many organizations still failing to practice good cyber hygiene, including patching and updating vulnerable devices. In addition to implementing best security practices, organizations need to adopt tools like FortiNAC Network Access Control to see, segment, and track every device on the network, including IoT devices, and augment those efforts with Fortinet’s Security Rating solution that is designed to find the weaknesses and vulnerabilities within your environment and provides actionable recommendations. This solution needs to be applied before an outbreak to prevent exploits, and after an event to ensure that post-event clean-up has been thorough enough.
Based on our analysis, for the first time ever encrypted traffic now represents over 72% of all network traffic. That’s a nearly 20% increase in a single year, up from 55% in Q3 of 2017. While many folks see the growth of encryption as a good thing for security, higher encryption rates also present serious challenges to threat monitoring and detection. Many cyberattacks use encrypted communications for cover, knowing that critical performance limitations inherent in nearly all Firewall and IPS devices continue to restrict an organization’s ability to inspect encrypted data without seriously impacting network performance. On average, the performance hit for deep packet inspection is a whopping 70%, rendering them nearly useless in networks where performance is critical.
This is why most security vendors don’t publish their SSL inspection numbers, and why much of today’s encrypted traffic is simply not analyzed for malicious activity—making it an ideal mechanism for criminals to spread malware or exfiltrate data. To address this challenge, Fortinet has developed custom security processors designed to accelerate the inspection of SSL traffic. As a result, FortiGate solutions are consistently rated as the highest performing encryption inspection solutions on the market. With a performance impact of less than 15%, FortiGate appliances are one of the only solutions able to perform deep packet inspection at network speeds.
As cybercriminals successfully target the growing number of attack vectors being implement due to digital transformation efforts, doing more of the same when it comes to security is a losing strategy. Threat advances outlined in Fortinet’s Q3 Threat Landscape Report indicates that organizations not only need to become more hypervigilant about security, but they also need to be smarter about what they do with that information. Those who fail to meet their digital transformation efforts with an equally aggressive security transformation strategy will forfeit their ability to compete in today’s digital marketplace as they become victims to the continually innovative cybercrime community.