Fortinet launches cyber threat assessment program to uncover critical security risks

PASIG CITY, Philippines–Fortinet (Nasdaq: FTNT), the global leader in high-performance cyber security solutions, today, March 16, unveiled its new Cyber Threat Assessment Program (CTAP) designed to provide organizations a detailed look into the type and amount of cyber threats posing risks to their networks, yet are going undetected by their existing security solutions.

This new offering is part of a broader effort by Fortinet and its FortiGuard Labs threat research team to integrate risk and advisory capabilities with its end-to-end security platform to provide customers greater insight into dynamically changing cyber risks that threaten their businesses.

In today’s digital landscape, no country is  immune to security risks and attacks.  Computer networks around the world are now at risk with sophisticated markets being no exception.

Malware attacks in the Philippines in Q1 2015 alone mostly leveraged the use of JS and PHP based malware. Fortinet’s threat intelligence data also showed some traditional W32 and a relatively small set of Android malicious apps. However, 2016 has ushered in a new era, where the top 10 malware is now dominated with MS Windows Word Macros (WM) and Android malware.

There’s an overall increase of almost 400% from Q1 last year when compared with this years top 10 and Q1 isn’t over yet. The key contributors to this growth are the WM and Android malware, both of which have since exploded by as much as 4 digit percentage points. The current top malware is WM/TrojanDownloader.9BB7!tr and serves as a downloader for malicious exe- cutables using enabled Word macros. The Philippines is not alone in the high WM malware activity.

The US, Japan and Germany represent the top 3 Countries for this particular variant.  This Word macros technique was also employed by the recent Locky ransomware and without recent updated backups, victims have little or no options for recovery. The solution is to block it before it encrypts data and Fortinet blocks Locky’s C2 communication and stops it from wreaking havoc.

In the realm of mobile malware, Triada is currently the top mobile malware in the country. This is a sophisticated and modular Android malware that seeks to redirect the money used in in-app purchases to the threat actors. The modularity provides a mecha- nismm for malware authors to change the actions of Triada based on C2 commands. The Triada trojan gains root privileges, modifies process and becomes integrated into every app launched. Aside from the Philippines, top 3 target Countries for Triada are Saudi Arabia, Hong Kong and the United States.

Botnet chatter in the Philippines is also on the increase with
Andromeda being the top botnet in the country. 2016 has
seen a decline in the popular botnet Zeroaccess but also a
rise in the H-worm and Crypto botnet traffic. This decline and
accompanying rise of these three botnets is consistent with
the overall global threat profile as well as with the malware
threat activity observed by FortiGuard Labs. As expected, a
majority of malware now utilize C2 beaconing mechanisms
as part of their overall arsenal. For perspective, the charts
below show the top countries where CryptoWall and An-
dromeda activity are most prominent. The Philippines does
not make the top 10 countries as indicated and this is good
news for the Philippines as it provides businesses in the
country with some time to elevate their security posture us-
ing the global threat profile being observed in other countries and all over the world.

Program uncovers unknown risks, provides immediate migration straregies

Fortinet, in collaboration with a number of key partners, is offering its threat assessment program to organizations free-of-charge. Through the assessment process, the FortiGate high-performance next generation firewall will be installed within the customer network, where it monitors the application traffic traversing the network for intrusions, malware and malicious applications that could collectively cause massive risk to the network, giving attackers access to a company’s most sensitive files and database information.

At the end of the data collection period, a detailed risk assessment report will be generated, using FortiAnalyzer, that provides an analysis of the application traffic, user productivity, network utilization, the overall security risk, and the related business risk, as well as detailed, actionable mitigation recommendations.

“In the past, it was much easier for firewalls to detect significant threats to the network, because traffic could be classified based on specific protocols, and hackers’ approaches were not as sophisticated,” said John Maddison, Senior Vice President of Products & Solutions for Fortinet. “A growing number of network threats today are designed to avoid detection by bypassing traditional firewalls with ease. Our new CTAP program is specifically designed to quickly detect the threats other solutions are not intercepting to help customers significantly increase protection, while decreasing business risks.”

Fortinet’s CTAP provides an important opportunity for organizations to ensure that they are not relying on legacy systems that aren’t effective against today’s dynamic cyber attacks that occur across multiple vectors and stages. By offering a deeper analysis of existing or possible threats, customers are given a clear assessment of the risks to their environments, while Fortinet and its partners help prioritize actions to mitigate those risks, providing customers the peace of mind knowing their critical assets are protected.

Social media and application control are weak points; financial services institutions most highly targeted

Hundreds of Fortinet enterprise customers and prospects in the US have tried out CTAP in the last four months and key findings from an analysis report unveiled today reveal that:

Enterprises of every size and vertical continue to face a constant and consistently hostile threat landscape, with more than 32.14 million attempted attacks on these networks. Headline-generating malware such as Conficker, Nemucod and ZeroAccess have made significant efforts to rebuild and infect machines − 5,230 instances of Conficker, followed by 4,220 instances of Nemucod and 3,210 instances of ZeroAccess were found.

Social media and multimedia streaming activities account for 25.65% of all network traffic, exposing corporate systems and sensitive data to risks of infection from drive-by downloads, social engineering and malvertising. Facebook is the most dominant social media site representing 47.27% of all social media traffic, with YouTube contributing to 42.29% of streamed content.

Application control appears to be a continual challenge for administrators. A significant amount of peer-to-peer traffic, primarily Bittorrent and gaming activity, opens the network to malicious content that piggybacks on top of applications and files downloaded through these popular sites. Enterprises should exercise caution when building application control policies on their networks.

Due to the lucrative financial data obtained when these networks are successfully infiltrated, banking and finance organizations are disproportionately targeted with 44.6% of all malicious activity. Hackers rely on high-velocity attacks and target financial institutions with sophisticated trojans and land-and-expand attack strategies to infiltrate and persist within the network.

“Businesses are constantly under cyber attack. With the attack surface dramatically increased and a mature attackers ecosystem, companies have to be ever more vigilant across all their IT assets,” said Maddison. “Fortinet’s Cyber Threat Assessment Program has been designed to look deep into a company’s network traffic and hunt for indicators of compromise. It provides customer a blueprint on how to reduce risk and at the same time make their network more efficient.”