Recently, Fortinet based on the Global 455 enterprise network security managers and decision-makers expanded extortion software survey results, released “2021 Survey Report ransomware” (hereinafter referred to as Report). The report shows that the global threat situation remains severe in the first half of 2021, with 94% of respondents worried about the threat of ransomware attacks. At the same time, the development trend of threats to audiences and new forms of ransomware is also beyond imagination. Ransomware is coming fiercely and threats are everywhere, but many companies are not yet ready. Only a comprehensive and integrated security solution can help companies face new cyber threats.
Ransomware may not be what you think
Extortion attacks are pervasive, and fear and anxiety about ransomware have become a common phenomenon. Although often only the ransomware incidents of some famous companies will attract widespread attention ransomware attacks are not only targeted at large enterprises. Small and medium-sized enterprises are more vulnerable. In 2018 alone, more than 71% of ransomware attacks were specifically targeted at small and medium-sized enterprises. The enterprise comes. The report shows that 94% of respondents are anxious about the threat of ransomware attacks. At the same time, 76% of respondents are very or extremely worried, and 85% of respondents believe that the threat of ransomware has surpassed other networks. Attack type.
Whether or not to pay the ransom is also a big question. The report shows that 96% of organizations feel that they are at least prepared to deal with ransomware threats, such as employee training (61%), risk assessment (60%), offline backup (58%), and network security/ransomware Defensive measures such as insurance (57%) are included in the response plan for extortion incidents. However, many companies do not have a reasonable strategy to deal with the issue of ransom payment, although 72% of the respondents claimed that they have developed a ransom strategy. But what is interesting is that 49% of the options turned out to be to pay the ransom directly. It is worth noting that this “ransom strategy” of companies is often ineffective, because the dark web will not arbitrarily set prices but set the ransom amount based on the ability of the victim organization to pay, and there will also be dedicated personnel and those who are unwilling to pay. The organization bargained.
At the same time, many interviewees “take it for granted” on how to effectively prevent ransomware attacks. According to the report, companies are most worried about the weak links that are vulnerable to ransomware attacks or remote workers and their mobile devices. Therefore, traditional methods such as Web security gateways, VPNs, and network access control have been selected as the highest options to deal with ransomware attacks. Smarter and more effective emerging technologies such as Zero Trust Network Access (ZTNA), User and Entity Behavior Analysis (UEBA), sandbox, and SD-WAN, although they can effectively block the lateral movement of ransomware, and more accurately identify intrusions And ransomware variants, they have not received the attention they deserve.
Ransomware is coming fiercely, threats are everywhere
According to research by FortiGuardLabs, 2022 will become an important year for cybercrime: the number of ransomware gradually rises, and the swarms of attackers are racing to find new targets. Cyber attacks will continue to spread to the entire digital world, leaving IT teams tired of coping. In the future, security trends such as the force on the left side of the attack chain, top-down attack mechanisms, and full coverage from the core to the edge will be presented.
Fortinet predicts that cybercriminals will use the attack chain on the left side of the MITREATT&CK framework to spend more time and energy to detect and discover zero-day vulnerabilities, and use new technologies and expand the network environment to launch attacks. At the same time, due to the expansion of the “ransomware as a service” market, we will also see a significant increase in the speed of attacks on the right.
At the same time, next year there may be attacks against satellite network vulnerabilities, and new types of threats against satellite networks can already be seen, such as ICARUS-a proof-of-concept DDoS attack that uses the global accessibility of satellites from multiple locations Launch an attack. On the smaller end, digital theft of encrypted wallets will continue to increase.
In 2022, attacks may continue to spread from the core to the edge to the entire network, especially attacks on industrial control (OT) systems will increase significantly. A new report from the US Cybersecurity and Infrastructure Security Agency (CISA) shows that more and more ransomware attacks are targeting critical infrastructure, posing an increasing threat to industrial assets and control systems. At the same time, more new types of “edge-initiated” attacks continue to emerge. Edge malware will hide from the edge to avoid security detection while monitoring the activities and data of edge devices, and then steal, hijack or even blackmail applications and information of key systems.
Fortinet responds to new threats with comprehensive and integrated security solutions
Defending against new ransomware threats requires a comprehensive and integrated security solution. No matter where they are deployed, single-point security products should be replaced with security devices that can work together to form a unified solution. These devices require a unified strategy for tracking data and transactions throughout the entire process to protect each user, device, and application. Centralized management can also ensure consistent execution strategies, timely delivery of configuration and system updates, and centralized collection and correlation of suspicious events that may occur at any node in the network.
The choice of security tools should be based on their ability to detect malicious payloads before delivery, prevent known/unknown threats, and have real-time response capabilities to active threats. However, most companies still have considerable deficiencies in this aspect. In the survey, the most surprising finding is that very few respondents choose an email security gateway, but more than half of companies report that phishing is the most common method used to invade their organizations. The new mail security gateway is the first line of defense against ransomware. It can detect and disable malicious attachments and links before they reach the user’s inbox. For example, the FortinetFortiMail mail security gateway is such a “critical line of defense.”
FortiGate Next-Generation Firewall (NGFW) also provides powerful threat prevention, detection, and response capabilities, and integrates industry-leading security features such as SSL detection (including the latest TLS1.3), Web filtering, and intrusion prevention system (IPS), Providing comprehensive network protection and visual control.
At the same time, FortiGate NGFW is also the carrier of Fortinet SD-WAN solutions and products, with the built-in ZTNA access proxy function, providing a zero-trust method of never trusting and continuous verification, ensuring the security of users’ remote access. At the same time, it provides comprehensive traffic visualization and compliance audit capabilities for all users, applications, and devices inside and outside the network, helping organizations and institutions implement consistent security strategies on the cloud, edge, and end, and effectively block ransomware attacks and spread.
In addition, FortiGateNGFW is also supported by FortiGuard Labs’ top security intelligence services and integrates specialized advanced threat detection products FortiSandbox and FortiNDR, which can significantly reduce the risk of ransomware attacks spread through the network. Not only that, Fortinet provides complete ransomware detection and protection capabilities for WAF, CASB, and CWPP series of products and solutions for the security defense of web applications, cloud services, and cloud infrastructure.
And all of this has been integrated into the FortinetSecurityFabric security architecture system, supported by a unified FortiOS basic system, SD-WAN, next-generation firewall (NGFW), advanced routing, and zero-trust network access (ZTNA) proxy through a unified interface. The management of functions and products, the implementation of unified configuration and management logic, is the integrated support of FortinetONE WAN Edge (unified WAN edge).
This is also the concept and advantage of Fortinet’s security and network integration, equipment, and system unity. This concept can help users effectively reduce the number of devices, simplify the operation and maintenance management interface, reduce the company’s digital operating costs, improve operating efficiency, improve the quality of user network experience, and prevent the ubiquitous security risks of ransomware.
Comprehensive coverage, deep integration, dynamic collaboration, as well as high performance and super scalability are necessary capabilities to protect the security system of an organization’s business operations. To cope with constantly evolving and evolving cyber threats, organizations should adopt the SecurityFabric platform based on the network security grid architecture. The Fortinet ransomware security protection solution of this platform can not only block ransomware websites, emails, and lateral movement, etc. The infection method can also be the last security protection for offline hosts or terminal devices of remote office workers, providing enterprise users with a full range of security protection.