Fortinet Threat Landscape Report Confirms Increase in Malware-as-a-Service Edge Surface Attacks

The recently released Fortinet Threat Landscape Report for Q3, 2019 shows hackers are targeting edge services and malware-as-a-service continues to grow in popularity.

While there are many methods of delivering malware, email remains the most common delivery vector, being implicated in 90% of malware attacks. Businesses are realizing the importance of implementing powerful email security solutions to block email threats. End users are also being provided with security awareness training, which is making it harder for these attacks to succeed. Consequently, different tactics are being explored by cybercriminals and increasingly, attacks are being performed on edge services that are less well defended.

One of the areas where attacks have increased is on publicly available edge services. Vulnerabilities are found and remote code execution exploits are used to gain a foothold at the edge, where malware can be delivered.

FortiGuard Labs also identified several attacks that exploited flaws in adblockers – Solutions that are added to browsers to block malicious content. One such solution, Adblock Plus, blocks advertisements but allows certain sites to be whitelisted. That feature has been hijacked by hackers and has been used to whitelist malicious websites, ensuring malicious content is not blocked.

Malware-as-a-service and ransomware-as-a-service continues to be popular as it lowers the bar for conducting attacks. In Q3, 2019, GandCrab ransomware attacks were commonplace before the individuals behind the ransomware retired and closed down the RaaS operation. However, new threats including Sodinokibi and Nemty have taken over.

The Emotet botnet is also being rented out. Devices infected with the Emotet Trojan are being offered to cybercriminals groups in a different form of malware-as-a-service. The Emotet Trojan serves as a malware downloader and has been used to deliver the TrickBot Trojan and Ryuk ransomware. Emotet is also capable of spreading itself to other devices by generating its own phishing emails from an infected device and inserts a copy of itself into email threads.

New threats are constantly emerging, but cybercriminals are still using tried and tested techniques to deliver malware, such as the exploitation of vulnerabilities in software and operating systems. This highlights the importance of prompt patching. FortiGuard Labs has found an increase in attacks exploiting vulnerabilities from more than a decade ago. In fact, in Q3, 2019 there were more attacks targeting vulnerabilities from 2017 than newer vulnerabilities discovered in 2018 and 2019.

Author: NetSec Editor