Q&A with Derek Manky, Fortinet’s FortiGuard Labs
We’re now in the busiest part of the 2020 online shopping season – what are you seeing in terms of cybercriminal activity?
In previous years we’d expect to see a surge in attacks as cybercriminals, knowing full well the popularity of Black Friday and Cyber Monday, attempting to take full advantage of the potential rewards. This year has been very different.
The online surge started in March as the pandemic set in, and cyber attacker activity has steadily grown with it. It never subsided. In fact, since the beginning of September, FortiGuard Labs research has shown a very steady, consistent wave of e-commerce attack type attempts.
In October, we saw over a billion different attempts which is almost a 140% increase compared to the previous month. So we’re seeing unprecedented levels of e-commerce traffic and criminal activity all at the same time.
When it comes to targeting consumers, attackers are primarily using tried and true methods like phishing emails to obtain personal data from shoppers. They’re also taking advantage of older, more traditional approaches, like targeting vulnerable routers or employing “man in the middle” attacks, where criminals insert themselves into a familiar process, such as sending legitimate-looking PDF resumes embedded with malicious code to HR departments.
What about e-commerce sites? Are you seeing the same level of activity directed there?
Yes, we’re also seeing more criminal activity targeting retailers. We know most large e-commerce sites, to some degree, rely on public cloud solution providers. We see many attackers targeting known vulnerabilities in this area, taking advantage of basic misconfiguration or other setup errors.
The same applies to website and storage vulnerabilities as well. Criminals don’t necessarily need sophisticated tools, they can simply look for places where basic updates or patches were never applied and leverage them to their advantage. The good news is that most of these attacks can be stopped by up-to-date firewalls and implementing multi-factor authentication technology. And of course, making sure you’re staying up to date on vulnerabilities.
Based on these trends, what is your advice for organizations as we look ahead to 2021?
This is an unprecedented time, and I can’t stress enough how important the next few months are with respect to cybersecurity. It starts by knowing exactly what you’re up against. Now is the time to look seriously at threat intelligence. It’s impossible to protect yourself against threats you don’t know about, and most attacks rely on stealth and persistence in looking for hidden or overlooked vulnerabilities.
Look to your current solution provider and see what they offer in this area. Our FortiGuard Labs, which has a significant hub in Canada, for example, analyzes 100 billion security events each day, and works with 200 partners and collaborators, sharing our findings with companies on a daily basis. Next, is putting in place the right model for securing, segmenting and monitoring business critical applications. It’s absolutely critical to have a structured, scalable security plan.
Do you have any other predictions?
I believe we will see more discussion around operational technology (OT) as we move into more IT/OT integrations. The wide adoption of solutions meant to make this kind of integration possible will lead to a collision between old, sometimes vulnerable technology with new technology. The entire ecosystem of OT is becoming a larger attack space that is often challenged with threat visibility, and this needs to be top of mind for affected organizations. It’s one of the reasons why just this month we unveiled the industry’s first secure SD-WAN appliance for OT environments.