Businesses all over are worried that they’re ill prepared to fend off novel cybersecurity threats. A quick scan of the latest “Threat Landscape Report” from Fortinet Inc. may calm their frazzled nerves. It shows that new intrusion methods have more or less plateaued. Deeper examination, however, reveals darker pixels in a still-scary cybercrime picture.

Entry points need not be novel to let hackers in through some unnoticed crack, according to Tony Giandomenico (pictured), senior security strategist and researcher — cyber threat intelligence lead, at Fortinet. “We started to see a little bit of a shift of tactics. … What the adversaries like to do is penetrate an organization where, maybe, us as defenders aren’t necessarily as focused,” he said.

For example, many companies may have put a muscular phishing defense in place some time ago. But criminals are responding by putting new twists on email hacking that could catch them off guard.

Giandomenico sat down with Peter Burris (@plburris), host of theCUBE, SiliconANGLE Media’s livestreaming studio, for a CUBEConversation at our studio in Palo Alto, California. They discussed the finding’s of the 2019 Q3 Fortinet “Threat Landscape Report.” (* Disclosure below.)

Email keeps cyber hits coming

Land-and-expand attacks employing techniques like remote code execution are on the rise. They’re not new, but they are the single most prevalence attack type in Fortinet’s Q3 report. Nowadays, they may target edge devices that are not strongly protected. In theory, hackers can get into a system through internet of things connected devices or services and advance from there to valuable data assets. Giandomenico recommends multi-factor authentication to prevent hackers from entering through these channels.

In a new spin on that old favorite — the email attack — criminals are turning up in ongoing email threads. In a malware variant called Emotet, a criminal may mail a spoofed email to a victim participating in some ongoing correspondence.

“So when the victim opens up that particular email, they see that thread that looks like, ‘Hey, I’ve had this correspondence before,'” Giandomenico said. 

To be successful, attackers like these need authorization to be able to move, and to copy malware, from system to system. Chaining these steps together through a common language helps potential victims understand and hunt for threats, Giandomenico explained. Fortinet recently released a “playbook” for chaining together and hunting for Emotet attacks.

“I guarantee you we’re going to see innovation in technology where they’re going to be doing automatic threat hunting for you based on these types of understandings in the future,” Giandomenico concluded. 

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s CUBE Conversations. (* Disclosure: Fortinet Inc. sponsored this segment of theCUBE. Neither Fortinet nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE