Between the third and fourth quarters of 2017, cyberattacks rose 82% and malware spread at a rapid pace, according to new data from digital security firm Fortinet.
The Sunnyvale, California-based company reported that almost 18,000 different varieties of malware existed during the quarter — a 19% increase in just three months — and firms in the study faced an average of 274 attempted attacks during the quarter.
“The volume, sophistication and variety of cyber threats continue to accelerate with the digital transformation of our global economy,” Fortinet chief information security Officer Phil Quade said. “Cybercriminals have become emboldened in their attack methods as they undergo a similar transformation, and their tools are now in the hands of many. The stark reality is that traditional security strategies and architectures simply are no longer sufficient for a digital-dependent organization. There is incredible urgency to counter today's attacks with a security transformation that mirrors digital transformation efforts.”
Cybercriminals also appear to be shifting their tastes in ransom payments from Bitcoin to other digital currencies, according to the study.Cybercriminals also tend to swarm when they find out about a widespread, vulnerable target, Fortinet said.
“Exploits targeting flaws in the Apache Struts framework remain high on the list after jumping in popularity among attackers in Q3 due to Struts' role in the Equifax breach,” it noted.
The “internet of things” (IoT) is increasingly attractive to criminals as well. Three of the top 20 attacks during the fourth quarter of 2017 targeted IoT devices such as wifi cameras, and exploit activity in the IoT world quadrupled. Two challenges in particular are slowing down the industry's ability to address the growth in attacks, Fortinet said.
“The first is that few IoT manufacturers have a Product Security and Incident Response Teams (PSIRT) in place that can respond quickly to new vulnerabilities. This means that after we or other researchers detect device vulnerabilities, getting that information to the right team inside their organization is often a complicated process,” it said. “And second, the lack of regulations around IoT security means getting some of these manufacturers to prioritize a known threat can be even more frustrating, as evidenced by the number of exploits that have been successfully targeting known vulnerabilities for months that still don't have an official CVE attached to them.”
The growth in cybercrime, malware and ransomware should prompt credit unions and other organizations to plan for the worst, according to Fortinet.
“Several strains of ransomware led the throng of malware variants detected in Q4. It's a good reason to make sure the impact of an infection in your firm has minimum impact. That starts with good offline backups. Don't rely on shadow copy or online backups; they'll get encrypted too,” the study said. “Like it or not, the question of to pay or not to pay is something that deserves attention too.” We generally don't recommend paying, but a situation may arise that forces you to at least consider it. Working out the policies and processes ahead of time will likely lead to a more clearheaded decision.”
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
