Latin America. Technological innovation has enabled the expansion of the attack surface, new IoT devices, regulatory pressures, and a global cybersecurity talent deficit continue to drive cyber threats.
All these elements combined with global political developments add more complexity to the situation, and complexity is the enemy of security. A deployment of comprehensive security solutions is not enough. Organizations should adopt a Security Fabric model that allows direct communication between different solutions to provide a unified and rapid response to these advanced threats.
The volume of malicious and phishing elements (domain names and URLs) in Brazil is increasing. In June, in three of the four categories of cyberattacks included in Fortinet's report, Brazil's percentage increase was higher compared to the global increase. The highest growth was recorded in the category of malicious URLs, with 83% versus 16% for the rest of the world.
With the start of the games approaching, the increase in these attacks will undoubtedly continue and FortiGuard Labs is already seeing indicators of repeated techniques such as malicious websites, copying the appearance of domains for payment fraud, attacks targeting URL addresses related to the event and official government sites.
Cyberattacks during an Olympic Games are not new. Research by Fortinet FortiGuard Labs has found an uptick in attacks focused on the Games, which began in 2004, at Greece's summer Olympic event.
Possible threats: return of the old and the volume remains high
The Fortinet FortiGuard Labs study is looking at the return of old threats and attack vectors and the persistence of classic attacks such as Conficker and ransomware, with updated variants. Fortinet's telemetry and research data indicate that the two most common methods are phishing via email and malicious websites.
Advanced threat technique - "Behavior Blending": in the last three months a sophisticated method is growing to help attackers stay inside the systems they have breached. Behavior blending is a technique used by criminals that allows them to blend into a compromised network. For example, in a corporate network, the attacker can maintain an employee's behavior to avoid detection. Considering that the evasion element of this technique frustrates its detection, Fortinet experts expect to see its use increase as it is perfected and new tools are developed to better mimic the behavior of an accredited target.
Phishing: The volume of global phishing activity remains high with a 76% increase from April to June, according to threat data from URLs and phishing domains from FortiGuard Labs. The percentage growth from May to June was 11%. Additional phishing contributions via email include an increase in Tokelau's activity, with the top four countries with code domains in the second quarter of 2016 being Brazil, Colombia, Russia and India. In addition, the appearance of domains is still very active (e.g. nefflix vs netflix). Finally, FortiGuard has also detected a number of names of large financial institutions included as part of phishing domains and URLs.
Exploit Kits: An uptick in the use of JavaScript-based Exploit Kits with malicious URLs to spread ransomware is observed primarily in the first phase of downloading payloads. A change from Angler to Fiesta and Neutrino is observed. Both consistently appear on FortiGuard's global list of the top 10 exploit kits.
Advanced malware: The JS/Nemucod family has been the dominant malware worldwide for the past three months. This family is currently the most active ransomware downloader with a significant increase in ransomware attacks.
Data Leak – Botnet Indicators: FortiGuard's threat telemetry shows an increase in botnet activity. The names that appear in the top 10 ransomware botnet activity are Locky and Cryptowall.
