Cybercriminals continually plot ways to exploit vulnerabilities in technology as a key strategy for launching their attacks. And though new vulnerabilities always seem to sprout up, older vulnerabilities can still be problematic, especially if they’re not fixed or patched. A report from Fortinet on the threat landscape for the final quarter of 2019 reveals that cybercriminals will exploit every possible opportunity, both new and old, to attack organizations and users alike.
In its latest Threat Landscape Report, Fortinet discussed an old favorite with a new twist, namely EternalBlue. Designed to exploit a vulnerability in Microsoft Windows, EternalBlue was used to deliver the destructive WannaCry and NotPetya ransomware attacks of 2017.
In May 2019, a newer “wormable” vulnerability known as BlueKeep surfaced. This one hasn’t been as troublesome as EternalBlue, but it does have the potential to spread malware as efficiently as did WannaCry and NotPetya.
More recently, a new version of the EternalBlue Downloader Trojan has emerged and is able to exploit the BlueKeep vulnerability. The version currently in the wild isn’t yet perfected as it causes machines to crash several times before loading. But cybercriminals are expected to create a more effective version in the near future, according to Fortinet.
Of course, a patch for BlueKeep has been available from Microsoft for a number of months now, while the threat itself has been publicized by the security community. But still, many organizations have yet to update their systems with the patch. As such, Fortinet strong urges all organizations to patch their vulnerable systems as soon as possible.
Last quarter, cybercriminals exploited flaws in content management systems more than almost any other platform, according to Fortinet. In particular, a weakness in the popular forum management platform vBulletin allowed attackers to take control of the host and use their access to launch malware, install backdoors, execute shell commands, and even try to move laterally within the network.
vBulletin released a patch for the flaw just two days after it was disclosed in September. But organizations that use vBulletin and have not patched their systems remain vulnerable to the exploit.
The fourth quarter also saw more activity from Charming Kitten, a cyberwarfare group linked to Iran and described by US government agencies and threat researchers as an Advanced Persistent Threat (APT).
Over the years, this group has been associated with cyberespionage campaigns, including those against government officials, political journalists, and Iranian expatriates. More recently, Charming Kitty has been linked to attacks targeting email accounts used by a presidential election campaign.
An increase in the use of Internet of Things (IoT) devices and their exploitability have caught the interest of cybercriminals. Certain devices, such as a wireless IP camera described by Fortinet, continue to pose risks due to exploitable software. Different components and software are often built into IoT devices, many of them cobbled together with bits of pre-written code from common sources. This is why some of the same vulnerabilities pop up across a variety of such devices, according to Fortinet.
Patches for IoT devices may not be available, or customers just might not be aware of them. Cybercriminals have also tried to harness these devices into IoT botnets. As a result, IoT exploits showed the third-highest volume among all intrusion prevention system (IPS) detections during the quarter.
SEE: Special report: A winning strategy for cybersecurity (free PDF) (TechRepublic Premium)
How to protect your organization
“As applications proliferate and the number of connected devices expands the perimeter, billions of new edges are being created that have to be managed and protected,” the report said. “In addition, organizations are facing increased sophistication of attacks targeting the expanding digital infrastructure, including some being driven by artificial intelligence and machine learning. To effectively secure their distributed networks, organizations have to shift from protecting just security perimeters to protecting the data spread across their new network edges, users, systems, devices, and critical applications.”
Security professionals also would be wise to adopt some of the same tactics that cybercriminals use for their attacks, according to Derek Manky, chief of security insights & global threat alliances for FortiGuard Labs.
“In the cyber arms race, the criminal community has often had a distinct advantage due to the growing cyber skills gap, the expanding digital attack surface, and by leveraging the element of surprise with tactics such as social engineering to take advantage of unsuspecting individuals,” Manky said in a press release.
“To get out ahead of the cycle of increasingly sophisticated and automated threats, organizations need to use the same sorts of technologies and strategies to defend their networks that criminals are using to attack them. That means adopting integrated platforms that leverage the power and resources of AI-driven threat intelligence and playbooks to enable protection and visibility across the digital infrastructure.”