Dissecting Our Q2 Threat Landscape Report – Fortinet Blog

This article is from the Fortinet blog.

We have released our Q2 Global Threat Landscape report for 2017. The data in our quarterly threat analysis is drawn from over 3 million network devices and sensors deployed within live production environments around the world.

Q2 of 2017 was unique for a number of reasons. The first is that the number of exploits detected increased nearly 30% over Q1, which shows that the cybercrime community continues to be alive and healthy. The second is that attacks are becoming increasingly sophisticated, leveraging things like machine learning and AI-like attacks to more effectively accomplish their tasks without detection. And third, breaking into networks in order to deliver these malicious payloads is easier than ever.

Attack Volume on the Rise
Exploits: The volume of exploits we are seeing continues to grow rapidly. FortiGuard Labs detected 184 billion total exploits in Q2, compared to 129 billion detections in Q1 – an increase of 30%. This represents an average daily volume of 1.8 billion attacks, compared to 1.4 billion in Q1. These aren’t the resut of just a handful of attacks. We detected 6,298 unique exploits, up from 5,542 in the first quarter of 2017. And these exploits are effective. 69% of organizations experienced high or critical exploits in Q2 of 2017.

Malware: We also recorded 62 million malware detections, for an average daily volume of 677,000. Like the growth in unique exploits, malware development is also very active. Out of the millions of malware detections we recorded, we saw 16,582 variants derived from 2,534 malware families. 1 in 5 organizations also reported malware targeting mobile devices The most common functionality among top malware families is downloading/uploading files, followed by dropping other malware onto the infected system. This technique helps slip innocuous files into devices now in order to deliver malicious payloads later.

Botnets: Botnet attacks, whether used as denial of service attacks or as part of new botnet-based ransomworms like Hajime and Devil’s Ivy, are also reaching unprecedented levels. This is in large part due to the proliferation of highly vulnerable IoT devices. Q2 saw 2.9 billion botnet detections, representing an average of 993 daily detections per organization. We also detected 243 unique botnets during the quarter. 45% of firms detected at least one active botnet in their environment during the quarter, and about 3% reported being simultaneously infested with 10 or more unique active botnets………go to the Fortinet blog here to read the rest of the article