UPDATED 12:10 EST / AUGUST 13 2019

SECURITY

Fortinet’s cyberthreat report confirms hackers’ interest in the long game

Cybersecurity threats have evolved from “smash, grab and run” to “enter, turn off all alarms, hide in the basement, and stay awhile.”

That’s one of the conclusions that can be drawn from Fortinet’s Inc.’s latest “Threat Landscape Report,” a quarterly temperature reading produced by FortiGuard Labs of the most recent global cybersecurity threat activity. The report, released earlier this month, noted that threat activity increased 4% over the same period in 2018.

One of the trends that Fortinet reported was an increase in threats that turn off security controls and allow malware to remain dormant for a period of time, gathering intelligence and allowing it to strengthen attack capability. This was found in the Zegost malware, an infostealer exploit that stays under the radar by wiping out security, application, and system event logs.

“We’ve seen an uptick in Zegost activity,” said Tony Giandomenico (pictured), senior security strategist and researcher, FortiGuard Labs, at Fortinet. “They’ll have their threat there for a little while and they’ll go dormant. Then they’ll come back bigger, faster, stronger.”

Giandomenico spoke with John Furrier (@furrier), host of theCUBE, at SiliconANGLE Media’s livestreaming studio in Palo Alto, California. They discussed evasion techniques used by malicious actors, areas where researchers have noted a rise in vulnerabilities, and keys to protecting networks in an increasingly hostile environment (see the full interview with transcript here). (* Disclosure below.)

Disabling security controls

Fortinet’s report included a list of approximately 60 evasion techniques that malicious actors, such as the perpetrators of Zegost, have at their disposal. FortiGuard Labs researchers have seen an increase in the use of tools that run on workstations, can identify those processes that involve security, and can disable them along with any associated alerts, according to Giandomenico.

“All of the threats these days have some type of evasion capabilities,” Giandomenico said. “You want to make sure that you’re able to identify when someone is turning on or off those security controls.”

Perhaps even more alarming is the rise of vulnerabilities in remote desktop protocol sessions. FortiGuard Labs ran internet scans recently and found there were at least 800,000 different devices that were vulnerable to one particular RDP exploit that could replicate itself rapidly across systems and run code on millions of internet-connected machines without needing a username or password.

Named BlueKeep, the exploit was so troubling to the security community that Microsoft took an unusual step and issued a patch several weeks ago for operating systems it no longer supported.

“Do you know what Microsoft, NSA, and the Department of Homeland Security had in common last quarter?” Giandomenico asked. “Each one of them urged the public to patch a new vulnerability that was just released on RDP sessions called BlueKeep.”

Focus on smart homes

Along with the spread of unsecure internet of things devices, there has also been interest among malicious hackers in targeting smart home and smart building technologies. Given the general trend of remote workers providing services to clients and companies from home networks, this is creating a prime opportunity for gaining access to enterprise systems.

“You have a lot of your remote workers who have great access into the corporate environment,” Giandomenico said. “Now there is a great conduit for some adversaries. You definitely want to make sure your remote users have a hardened access into your environment.”

With all of the threats called out in Fortinet’s most recent report, is there a playbook for protection?

“It’s all about situational awareness,” Giandomenico said. “Work on the fundamentals: visibility, visibility, visibility. If you can’t understand all the assets that you are protecting in your environment, it’s game over from the beginning.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations. (* Disclosure: Fortinet Inc. sponsored this segment of theCUBE. Neither Fortinet nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU