Ransomware now more sophisticated, used in more targeted attacks: Fortinet report

Cybercriminals are evolving and using increasingly sophisticated ransomware and diverse attack methods, cybersecurity services provider Fortinet has said.

According to the company's global threat landscape report, cybercriminals are using tailored ransomware and custom coding for some attacks to living-off-the-land (LoTL) or by sharing infrastructure to maximize their opportunities.

The report said cybercriminals are using pre-installed tools to move laterally and stealthily across a network before instigating an attack. It added that though ransomware rates have gone down, attacks using them are becoming more targeted.

It further said that attacks are being customised for high-value targets and to give the attacker privileged access to the network. LockerGoga is an example of targeted ransomware conducted in a multi-stage attack.

The report also said some threats leverage community-use infrastructure to a greater degree than unique or dedicated infrastructure. Nearly 60% of threats shared at least one domain, indicating the majority of botnets leverage established infrastructure, it said. IcedID is an example of this “why buy or build when you can borrow” behaviour.

Also, adversaries tend to move from one opportunity to the next in clusters, targeting successfully exploited vulnerabilities and technologies that are on the upswing, to quickly maximize opportunity.

The report suggests some basic ways to stay safe from the threats. These include practising good cyber hygiene and keeping an intentional ransomware defence, to be wary of pre-installed tools and emphasize threat intelligence.

Last week, Moscow-based anti-virus software company Kaspersky Lab had said that cybercriminals attacked 31% of Indian web users from January to March.

In March, a Quick Heal Technologies report said that cryptojacking had emerged as the top threat in July-December 2018.

India faced a total of 50 million cyber threats between July and December last year, translating to 186 detections per minute, a report from Seqrite, the enterprise arm of Indian cybersecurity firm Quick Heal, showed.