News
Reports
Vendors

New Fortinet research finds cyber adversaries are exploiting the global pandemic

August 13, 2020
cyber adversaries are exploiting the global pandemic

Automated cybersecurity solutions provider Fortinet® recently released the findings of the latest semiannual FortiGuard Labs Global Threat Landscape Report. According to the report, cyber adversaries are exploiting the global pandemic to compromise systems.

“The first six months of 2020 witnessed an unprecedented cyber threat landscape,” Derek Manky, Chief, Security Insights & Global Threat Alliances, FortiGuard Labs, said in a press release. “The dramatic scale and rapid evolution of attack methods demonstrate the nimbleness of adversaries to quickly shift their strategies to maximize the current events centered around the COVID-19 pandemic across the globe. There has never been a clearer picture than now, of why organizations need to adjust their defense strategies going forward to fully take into account the network perimeter extending into the home. It is critical for organizations to take measures to protect their remote workers and help them secure their devices and home networks for the long term. It is also wise to consider adopting the same strategy for cyber viruses that we are adopting in the real world. Cyber social distancing is all about recognizing risks and keeping our distance.”

In addition to the trends impacting cybersecurity across the board, Fortinet researchers also identified threats cyber adversaries are using to target industrial environments. For example, ransomware and attacks targeting Internet-of-Things devices as well as operational technology have continued to increase and are evolving to become more targeted and more sophisticated.

“June marked the 10th anniversary of Stuxnet, which was instrumental in the evolution of threats to, and security of, operational technology. Now, many years later, OT networks remain a target for cyber adversaries,” Fortinet said in the release. “The EKANS ransomware from earlier this year shows how adversaries continue to broaden the focus of ransomware attacks to include OT environments. Also, the Ramsay espionage framework, designed for the collection and exfiltration of sensitive files within air-gapped or highly restricted networks, is an example of threat actors looking for fresh ways to infiltrate these types of networks. The prevalence of threats targeting supervisory control and data acquisition (SCADA) systems and other types of industrial control systems (ICS) is less in volume than those affecting IT, but that does not diminish the importance of this trend.”

According to the report, in June, a cyber attack on a well-known manufacturer interfered with operations and caused temporary production interruptions at several of the company’s facilities.

“Security researchers identified the malware used in the attack as EKANS (which is sometimes referred to publicly as Snake), a ransomware sample with several features tailored to attack systems in ICS,” the report says. “Our analysis of the malware showed it to be heavily obfuscated, written in the GO programming language, and not very different from other ransomware tools except for its targeting of OT and ICS systems. The attack—and the use of EKANS—was troubling because it suggested that adversaries might be broadening the focus of ransomware attacks to OT environments as well.”

In January, Fortinet saw a surge across it’s IPS sensors in the U.S., Brazil, and Germany, in activity involving Modbus TCP servers and programmable logic controllers that could result in information leakage. Out of all of the IPS detections involving industrial systems in the first half of 2020, Modbus-related detections were the most voluminous.

“Note, however, that all triggers of this signature aren’t necessarily malicious,” the report says. “But it’s worth monitoring because an attacker infiltrating the SCADA network could certainly cause trouble by accessing the Modbus controller.”

In May Fortinet researchers uncovered Ramsay, an espionage framework used by cyber adversaries for the collection and exfiltration of sensitive files within air-gapped or highly restricted networks which include OT environments.

“It’s not quite clear how long Ramsay has been active, but it’s been tied to an older APT group, Darkhotel,” the report says. “As their name suggests, Darkhotel is more known for exploiting hotel Wi-Fi networks than industrial facilities, but we’re more interested in Ramsay’s potential than its progenitors.”

Rebecca Addison
Industrial Cyber Editor. Rebecca Addison is a former newspaper editor with a decade of experience in the media industry. During her career, she has interviewed world leaders and corporate CEOs, and covered topics ranging from blockchain and CBD to healthcare and education.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
Waterfall’s WF-600 unidirectional security gateway brings 'unbreachable protection' to OT/ICS networks
Waterfall, 2TS enter into cybersecurity alliance for African market
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading
CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading
MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
Radiflow helps customers achieve NIS2 compliance, spurring growth in Europe
Radiflow, Exclusive Networks partner to elevate OT cybersecurity
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats