Cyber criminals are building “an army of things” that has the potential to impact the future of the digital economy, according to a report by US cybersecurity software provider Fortinet.
The group says that its research reveals constantly changing and sophisticated avenues of attack, targeting evolving technology infrastructure enabled by a fast-growing underground cybercrime economy.
Among its findings is that the finance and insurance sectors have been hit particularly hard by the rising threat of ransomware, with 43% of organisations that participated in its research reporting malicious activity due to ransomware.
“The cybersecurity challenges facing organisations today are complex with a threat landscape that is rapidly evolving,” commented Phil Quade, chief information security officer (CISO) at Fortinet. “Threats are intelligent, autonomous, and increasingly difficult to detect, with new ones emerging and old ones returning with enhanced capabilities.
“In addition, the accessibility of threat creation tools and services combined with the reward potential is driving the growth of the global cybercrime market into tens of billions of US dollars. To protect themselves, CISOs need to ensure that the data and security elements across all of their environments and devices are integrated, automated, and able to share intelligence, across an organization, from Internet of Things (IoT) to the cloud.”
Among other findings in the just-published Global Threat Landscape Report:
- IoT devices are sought-after commodities for cybercriminals around the world. Adversaries are building their own “armies of things” and the ability to cheaply replicate attacks at incredible speed and scale is a core pillar of the modern cybercrime ecosystem.
- Ransomware warrants attention regardless of industry and this high-value attack method will likely continue with the growth of ransomware-as-a-service (RaaS), where potential criminals with no training or skills can simply download tools and point them at a victim.
- The correlation between exploit volume and prevalence implies growing attack automation and lowering costs for malware and distribution tools available on the dark web. This is making it cheaper and easier than ever for cyber criminals to initiate attacks.
- In the fourth quarter of 2016, the industry was reeling from the revelation of the Yahoo! data breach (which occured three years earlier, when one billion accounts were compromised) and the October 2016 distributed denial-of-services (DDoS) attacks on domian name system (DNS) provider Dyn. Before the quarter was halfway done, the records set by both events were not only broken, but doubled.