Threat Trends: Major Security Risks

Using threat trends to protect network resources:

The threat landscape is developing faster than the usual rate of security analysis

Leveraging threat intelligence to improve an organization's security posture should be an essential component of any security strategy.

Security-focused organizations produce an increasing number of threat reports, and they occur annually, quarterly, monthly, weekly, and even daily. These reports often contain critical information about the latest trends, targets, and tactics used by the cybercriminal community.

Tools and Threat Trends

Active threat feeds from security researchers, vendors, regional and vertical organizations, can be leveraged by tools such as SIEMs and integrated into SOCs to ensure that systems are continuously tuned to the latest threat trends.

Analyzing threat trends, especially those collected from live production environments, can provide security professionals with insights on how to better protect their organizations against the latest cyber threats.

Trend of cybercriminals working in packs

One of the most interesting insights gained when analyzing recent data collected during the first quarter of 2019 ( PDF ) is that cybercriminals tend to work in unorganized packages. If one exploit or one attack vector seems to have worked for one criminal, you can safely assume that there will soon be a swarm of attacks targeting the same thing. This is a high-level trend that anyone familiar with security can see. 

Threat Trends with FortiSIEM

Large-scale package behavior

WordPress is the world's leading solution in CMS (Content Management System), used to create hundreds of millions of websites. It is a fact that data stored on websites has a high black market value and the WordPress is a frequent target for attacks. When we recorded more than 100,000 attacks directed at this application in the first quarter, it was not a big surprise. There has also been an increase in attacks aimed at CMS systems from other developers, including those that develop third-party plug-ins.

This information may have been overlooked by some analysts. The total number of attacks directed at each CMS was comparatively smaller than the number of attacks directed at the largest player in the space.

Granular package behavior

This behavioral packaging trend is not just limited to large attacks overflowing into related areas. It also seems to occur in some of the more granular details of attacks.

Almost 60% of the threats analyzed in Q1 2019 shared at least one domain used at a specific point in an attack chain. Many attacks also tend to use the same web providers repeatedly.

The first is that cybercriminals pay close attention to each other. They interact on dark web forums, share code and strategies, and even reverse engineer each other's tools. And when things work, whether it's an obfuscation technique or a web domain provider, they get reused.

Second is that these patterns can be used to identify attacks. Traffic going back and forth between a device and a Web domain and that domain is hosted by an ISP often used by cybercriminals.

read on...

Do you like the content? Share it!