Fortinet Threat Landscape Report Highlights Cybercriminals Bypassing Popular Phishing Tactics to Inject or Execute Code Onto a Range of Publicly Facing Services.
Fortinet has revealed the findings of its latest quarterly Global Threat Landscape Report. According to the report cybercriminals continue to look for new attack opportunities throughout the digital attack surface. At the same time, they are shifting attack vectors such as targeting publicly available edge services to counter training and education efforts by organizations that address popular tactics such as phishing.
The Threat Landscape Index remained relatively consistent during the quarter. There were fluctuations but no significant swings. Regardless, organizations should not let their guard down, instead the index demonstrates consistent and sustained cybercriminal activity.
The majority of malware is delivered via email, therefore many organizations have been aggressively addressing phishing attacks with end user training and advanced email security tools. As a result, cybercriminals are expanding their ability to deliver malicious malware through other means. These include targeting publicly facing edge services such as web infrastructure, network communications protocols, as well as bypassing ad blocker tools to open attack vectors that don’t rely on traditional phishing tactics.
For example, this quarter FortiGuard Labs saw attacks against vulnerabilities that would allow the execution of code remotely targeting edge services, at the top in terms of prevalence amongst all regions. Although this tactic is not new, changing tactics where defenders may not be as closely watching can be a successful way to catch organizations off guard and increase chances for success. This can be especially problematic ahead of a busy online shopping season when online services will experience increased activity.