Virtual Event Today: Cyber AI & Automation Summit - Register/Login Now
Connect with us

Hi, what are you looking for?



Constant Vigilance Requires Looking Back as Well as Forward

Security researchers continue to report that many of the primary threats to organizations today come from older attacks and exploits targeting vulnerable systems for which patches are readily available. In fact, older vulnerabilities seem to be preferred. 

Security researchers continue to report that many of the primary threats to organizations today come from older attacks and exploits targeting vulnerable systems for which patches are readily available. In fact, older vulnerabilities seem to be preferred. 

One recent report indicates that exploits targeting vulnerabilities reported in 2007 outnumber those targeting newer vulnerabilities from 2018/2019, with the same being true for every year in between. An example of this is the growing emphasis on targeting publicly-facing edge services with known vulnerabilities for remote execution exploits. Some evidence suggests that this may be a reaction by cybercriminals to organizations aggressively addressing phishing attacks with end-user training and advanced email security tools. As would be expected, cybercriminals are responding by actively expanding their ability to deliver malicious malware using methods beyond just phishing. And like their phishing malware counterparts, these attacks also generally target older vulnerabilities.

Like Older Vulnerabilities, Older Malware Remains a Problem

In addition to older vulnerabilities, aging malware also continues to plague modern networks. Of the top five botnets identified during Q3 of 2019, number four was Mirai, the botnet that caused such widespread devastation in August of 2016. In spite of its notoriety and the assumption that most organizations would at least have hardened their systems to that threat, Mirai still represents a serious threat to organizations around the world. 

Emotet is another example of this phenomenon. It was first discovered in 2014 as a “simple” banking Trojan. And even though it is now more than five years old, the US Department of Homeland Security still identifies Emotet as “among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.”

Part of the reason it is still such a threat is that it has a very active team of developers working on it. In its latest iteration, it has evolved into a botnet with advanced modularity, such as the ability to deliver a variety of malicious payloads using its worm-like capabilities and effectively evade detection through its manipulation of registry files.

Old Problems in New Bottles: Malware and Ransomware as a Service

Emotet is also now making those capabilities available as a Malware-as-a-Service (MaaS) solution on the dark web. Criminals can now pay to access the millions of infected devices to target victims and drop additional malware, bypassing all of the effort required to initiate an initial network breach. In addition to being able to drop malware like Trickbot, Emotet can also deliver ransomware, which continues to be a serious and growing threat to organizations. 

Advertisement. Scroll to continue reading.

Part of the reason for the continued growth of ransomware is that the developers of GandCrab were among the first pioneers to develop Ransomware-as-a-Service (RaaS). This is part of the reason why authorities estimate that its developers were able to reap as much as $2 billion in just over a year before announcing their retirement last May. With such advanced malware now available to thousands of online criminals for the price of merely splitting any subsequent profits, its spread was a foregone conclusion. Other ransomware developers have not overlooked the success of this sort of criminal enterprise, as two more RaaS solutions were introduced in Q3 of 2019 – Sodinokibi and Nemty. Organizations should begin preparing now for a spike in ransomware attacks over the next few years.

If it Ain’t Broke…

While some efforts continue to be made by cybercriminals to develop new malware or zero-day attacks, that development process is expensive. And like other enterprises, ROI is a driving financial consideration for many criminal organizations. As a result, their efforts tend to focus on five things:

1. Refining existing malware to evade detection and deliver increasingly sophisticated and malicious payloads, such as seen with the ongoing evolution of the Emotet malware. This strategy is far more cost-effective, especially when the number of unprotected older vulnerabilities waiting to be exploited is still so large.

2. Expanding their earning potential by converting their attack tools into a MaaS or RaaS solution. The two latest additions to the growing family of RaaS solutions are just the beginning of what can be expected to be a flood of similar services. For example, Emotet has cleverly adapted this model by selling access to millions of infected devices to deliver a range of malicious payloads.

3. Changing attack vectors to catch organizations off guard. The recent spike in remote access control attacks targeting edge services to deliver malware provides an additional attack vector. Moving to an unexpected or overlooked area of the network enables cybercriminals to persist when their usual avenues of attack are being shut off. 

4. Targeting older, vulnerable systems that have not been adequately secured. Cybercriminals prefer targeting older vulnerabilities not only because they already have exploits available, but also because they are often an indication that other security protocols may be lax as well.

5. Exploiting the expanding attack surface, such as operational technology, which is now being exposed to public networks. These attacks could have devastating effects on things like critical infrastructures. Exploits could allow criminals to commit acts of terrorism, steal valuable intellectual property, and hold high-value targets such as manufacturing floors for ransom. 

Preparing for the Future Requires Clear Hindsight

The message is clear. Organizations cannot afford to over-focus on the latest threat trends or attack vectors. Instead, as shown with the rise in the targeting of publicly facing edge services, organizations must adopt a holistic approach to securing their distributed networked environment that enables them to see and manage their entire distributed network, including all attack vectors, through a single pane of glass. And it requires having a clear understanding of issues from the past and then mending those fences to prepare for the new threats based on them looming just over the horizon.

Written By

John Maddison is EVP of Products and CMO at Fortinet. He has more than 20 years of experience in the telecommunications, IT Infrastructure, and security industries. Previously he held positions as general manager data center division and senior vice president core technology at Trend Micro. Before that John was senior director of product management at Lucent Technologies. He has lived and worked in Europe, Asia, and the United States. John graduated with a bachelor of telecommunications engineering degree from Plymouth University, United Kingdom.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.