With more than 100,000 vulnerabilities published on the CVE list, organizations are struggling to keep pace with patching, leaving almost all firms vulnerable to attack, according to the new Threat Landscape Report released by Fortinet.
In today’s blog post, Fortinet researchers wrote that despite the vast number of known vulnerabilities, only 5.7% of those on the CVE list are being exploited in the wild, suggesting that trying to patch every vulnerability might be a fruitless endeavor for organizations.
Still, nearly all firms (96%) have experienced at least one severe exploit, and a quarter of companies were hit with crypto-mining malware. While the research did not find any new developments related to Apache Struts and Heartbleed during Q2, the report found that Microsoft was the number-one exploit target.
Of additional note was the finding that criminals are now using crypto-jacking on internet of things (IoT) home devices. Cyber-criminals have added IoT devices to their repertoires, often targeting home media devices because of their computational horsepower. The devices are always on and connected, so criminals target them and load continuously mining malware.
“Cyber-adversaries are relentless. Increasingly, they are automating their tool sets and creating variations of known exploits. Of late, they are also more precise in their targeting, relying less on blanket attempts to find exploitable victims,” said Phil Quade, CISO, Fortinet in a press release.
Analysis of data on botnet trends revealed how cyber-criminals maximized impact, as was the case with Wicked, a new Mirai botnet variant, which added at least three exploits to its arsenal to target unpatched IoT devices.
In addition to the threats on critical infrastructure attacks using VPNFilter, Q2 also saw a new Anubis variant from the Bankbot family, capable of performing ransomware, keylogger, RAT functions, SMS interception, lock screen and call forwarding.
Malware authors have moved beyond polymorphism as a means of evading detection, and the report found that they have developed more agile practices that make it easier for them to bypass anti-malware products.
“Organizations should leverage automated and integrated defenses to address the problems of speed and scale, utilize high-performance behavior-based detection, and rely on AI-informed threat intelligence insights to focus their efforts on patching vulnerabilities that matter,” Quade said.