In March 2021 the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) observed Advanced Persistent Threat (APT) actors scanning devices on ports 4443, 8443, and 10443 for CVE-2018-13379, and enumerated devices for CVE-2020-12812 and CVE-2019-5591. It is likely that the APT actors are scanning for these vulnerabilities to gain access to multiple government, commercial, and technology services networks. APT actors have historically exploited critical vulnerabilities to conduct distributed denial-of-service (DDoS) attacks, ransomware attacks, structured query language (SQL) injection attacks, spearphishing campaigns, website defacements, and disinformation campaigns.

The FBI and CISA have information indicating APT actors are using multiple CVEs to exploit Fortinet FortiOS vulnerabilities. The FBI and CISA believe the APT actors are likely exploiting these Fortinet FortiOS vulnerabilities—CVE 2018-13379, CVE-2020-12812, and CVE-2019-5591—to gain access to multiple government, commercial, and technology services networks.

The APT actors may be using any or all of these CVEs to gain access to networks across multiple critical infrastructure sectors to gain access to key networks as pre-positioning for follow-on data exfiltration or data encryption attacks. APT actors may use other CVEs or common exploitation techniques—such as spearphishing—to gain access to critical infrastructure networks to pre-position for follow-on attacks.

Click to download

This report aims to demonstrate the state of full stack security based on thousands of security assessments performed globally, as delivered by the Edgescan SaaS during 2020. I am still as passionate as ever in compiling this report and delving into the underlying data, as it
gives unique insight into what’s going on from a trends and statistics perspective and indeed a snapshot of the overall state of cyber security.
The Edgescan report has become a reliable source for truly representing the global state of cyber security vulnerability management. This
is becoming more evident as our unique dataset is now also part of other annual security analysis reports, such as the OWASP Top 10 and Verizon DBIR (we are happy contributors for many years now).

This year we took a deeper look at vulnerability metrics from a known vulnerability (CVE), Malware, Ransomware and visibility standpoint (exposed services), coupling both internal and public Internet-facing systems.

Click to download

While Malwarebytes observed a relative plateau in the overall volume of threat detections in 2019, our telemetry showed a clear trend toward industrialization. Global Windows malware detections on business endpoints increased by 13 percent, and a bifurcation of attack techniques split threat categories neatly between those targeting consumers and those affecting organizations’ networks. The Trojan-turned-botnets Emotet and TrickBot made a return in 2019 to terrorize organizations alongside new ransomware families, such as Ryuk, Sodinokibi, and Phobos.

In addition, a flood of hack tools and registry key disablers made a splashy debut in our top detections, a reflection of the greater sophistication used by today’s business-focused attackers.

Meanwhile, the 2019 mobile threat landscape fared no better. While Malwarebytes launched a massive drive to combat stalkerware—apps that enable users to monitor their partners’ every digital move—which led to an increase in our detections, other nefarious threats lingered on the horizon, with increases in their detections not being helped along by our own research efforts. We observed a rise in pre-installed malware and adware on the devices of our Android customers, with the goal to either steal data or steal attention.

Click to download

Data protection and compliance present daily challenges. Security specialists must be on their toes to assure that controls remain in place and perform consistently. Despite good intentions, more than half of organizations are still struggling to design, implement and maintain a sustainable compliance program.

One challenge is that many security professionals believe they can protect data by following a script, as if doing A, B and C in the correct order will achieve effective and sustainable data protection. In the real world, things are messy. Organizations might be spending a lot of time and money creating their DPCPs, but many are ineffective and fail to advance beyond a program that looks good on paper but
does not withstand the scrutiny of a professional security assessment. The DPCPs lack the design, implementation, review process and revisions to become effective and sustainable.

Additionally, organizations have inadequate or overly complex strategies, which originate from a lack of proficiency in designing, implementing, monitoring and evaluating a DPCP.

Click to download

Data Security Is Essential to Our Future

Like you, cybercriminals are on their own digital transformation journey. Connected Internet of Things (IoT) devices, bring-your-own-device
(BYOD) trends and cloud initiatives have given them new ways to infiltrate your organization by exponentially expanding the attack surface.
Technologies like artificial intelligence and machine learning have given these miscreants new tools with which to distribute malware, vector in on high-end targets, and reach bigger and more diverse audiences. And as these technologies evolve, cybercriminals are becoming
increasingly stealthy, sophisticated and evasive.

These days, cybercriminals are creative, ambitious and intelligent, with no shortage of resources at their disposal. They’re constantly reaching into their arsenal of tools to help them gain a competitive edge — only they’re competing to break into your systems and abscond with your IP address, personally identifiable information (PII) and other critical data before you even notice it’s gone. While their financial motivations have remained the same for decades, their methods have significantly evolved over the years.

Click to download