loader image

Fortinet: Cyber Attack Patterns Uncover Defensive Strategies

Fortinet Improving Cloud Security Again with New Updates

In Fortinet’s Q1 2019 Threat Landscape Report, threat analysts at FortiGuard Labs selected to poke into data from the company’s web filtering service. Here is what they found.

Weekdays vs. Weekends

When researchers checked out the web-filtering volume from two Cyber Kill Chain phases, comparing weekdays and weekends, they found that pre-compromise activity is roughly 3 times more likely to occur throughout the workweek.

This is primarily because of the very fact that almost all phishing attacks require somebody to click on an email link or perform another action, whereas post-compromise activities that use command-control services will occur anytime.

Every bit of insight that can be gained on how attackers work is often converted into enhancements in security practices. During this case, it may make sense to think about differentiating weekday and weekend filtering practices.

Shared Infrastructure

Another fascinating insight is that the degree to which different threats share infrastructure (namely, URLs). Nearly hour of all analyzed threats shared public infrastructure. For example, IcedID, the ninth-ranked threat by volume, shared nearly two-thirds of the domains it contacted with different threats.

Even more intriguing: once threats share infrastructure, they additionally tend to do so within an equivalent stage in the Kill Chain. Similarly, while many alternative threats might share an equivalent domain during, say, the exploitation part of an attack, it’d be uncommon for that threat to also leverage that domain for its C2 traffic.

Security tactics

It’s clear that cybercriminals share more than source code and sell technology on Dark web commerce sites. They conjointly share methods and techniques. Once that data is known and incorporated into a security strategy, pattern and behavior marching will improve the power to notice live threats. Attack vectors, like those, simply mentioned, underscore the need for organizations to rethink their strategy to better future-proof and manage cyber risks.

This should start with organizations taking a stratified approach to security across individuals, processes, and technology:

People – The overwhelming majority of attacks still happen because somebody clicks on a malicious link. Workers ought to be frequently educated on making robust passwords, how to determine malicious URLs and email sources, and to not open or click on unknown or unexpected email messages, links, or attachments. this could then be augmented with access management policies, as well as a zero-trust policy, and intent-based segmentation thus, within the event of an incident, an attack is restricted to a particular segment of the network.

Processes – Incident response plans need to embrace regular backups that are stored off-network, regular testing of these backups, and system restoration drills to make sure everybody is aware of their role thus systems can be restored as quickly as possible.

IT groups must always know what assets are online, where those assets are, then be able to prioritize their access to and consumption of resources based on which are most business-critical.

Technology – Security tools need to be chosen based on their ability to be integrated along and cross-automated so that they will gather, share, correlate, and consume threat intelligence across the entire distributed network in real-time.

“Deception technology is another tactic IT groups should make use of. Effective deception strategies make it more durable for an adversary to determine what assets are fake and that are real, while tripwires embedded in these false signals increase the power to detect an intruder. Finally, segmenting company networks limits the exposure of critical information if there’s a breach.”

–Derek Manky, ThreatPost, June 14, 2019

Adapt Your Security ways

Last quarter’s threat research from FortiGuard Labs offered necessary insights into how attackers are evolving and the way you’ll be able to leverage behavior patterns to ascertain and circumvent threats. As an example, initial attacks stages tend to occur throughout work hours, and those attacks also tend to share infrastructure. In response, IT security groups should be on the lookout for these and similar activity identifiers by adjusting their detection and filtering practices accordingly.

Download Free Fortinet Resource

Get access to authentic content from one of the leading cybersecurity solutions experts in the world from the Philippines’ premiere technology provider.

Articles you might like

Ruckus Cloud-Managed Systems

Ruckus Cloud-Managed Systems

Fast. Reliable. Secure Easily provision, manage, optimize, and troubleshoot a high-performance enterprise wired and wireless network via a single web dashboard or native mobile application. CommScope RUCKUS® Cloud is a converged network management-as-a-service...

read more
Axis Network Audio Active Deterrence

Axis Network Audio Active Deterrence

SEE something, SAY something, DO somethingSEE Axis IP cameras are the "eyes" of the system and the first step to 'see' activity.SAY Axis network audio is a second step to deter an activity by 'saying' an announcement or delivering an alert.DO Combine video and audio...

read more
Comway C10 Fiber Endface Melter and High-end Splicer

Comway C10 Fiber Endface Melter and High-end Splicer

Core-To-Core Alignment System Fiber Identification, Auto Splicing Mode Super Heater Comway C10 is a powerful tool for splicing any fiber optic cable. Comway C10 can be used in various working conditions for field fiber splicing. Due to the long battery life, the...

read more
Share This