According to the latest report from Fortinet, more Android “malware families made the top 10 list by volume or prevalence this quarter.
And Fortinet says regional mobile malware prevalence rose in every region except the Middle East.
The security firm says the rate of growth was statistically significant in all cases rather than simply random variation and compared to some other regional threat comparisons, Android malware appeared to have stronger geographic tendencies.
“This means that adversaries can easily exploit similar attack surfaces across industries more easily, especially with automated tools,” Fortinet says.
In Asia Pacific, the exploit trends show similarities to global and other regions’ trends.
For example, the top exploit detected in all regions are related to the 2014 Shellshock bug and both globally and in APAC, the majority of malware infections are tied to ransomware droppers such as Nemucod, Fortinet says.
“Lastly, the top botnet activity globally is related to Andromeda, and the same is observed in APAC. As highlighted earlier, the Internet is not bound by geographic distances and boundaries, so most threat trends appear more global than regional.”
“In the past year, highly-publicised cyber security incidents have raised public awareness of how our TVs and phones can be manipulated to deny others Internet availability, and have shown that demanding ransom is being used to disrupt vital patient care services,” says Jon McGettigan, senior director, APAC and the Pacific Islands, Fortinet.
“Yet, awareness alone isn’t enough. Unfortunately, as organisations increasingly adopt convenience and cost-savings IT techniques, such as cloud services, or add a variety of smart devices to their network, visibility and control of their security is at risk.
“Meanwhile, attackers are buying or re-using tools of their own. Cyber security strategies need to increasingly adopt trustworthy network segmentation and high degrees of automation to prevent and detect adversaries’ efforts to target the newly-exposed flanks of our businesses and governments.”
According to Fortinet, its research reveals that while more high-profile attacks have dominated the headlines, the reality is that the majority of threats faced by most organisations are opportunistic in nature fuelled by a “pervasive crime-as-a-service infrastructure”.
Fortinet says modern tools and crime-as-a-service infrastructures enable adversaries to operate on a global scale at “light speed”.
As a result, the Internet seems not interested in geographic distances or boundaries because most threat trends appear more global than regional. Adversaries are always on the attack, looking for the element of surprise whenever possible on an international scale.
"Understanding exploit trends or how ransomware works and spreads, the better we can avoid the impact caused by the next WannaCry. The malicious ransomware and its variants achieved great scale with hundreds of organisations affected across the world at once.”
Fortinet also says that just under 10% of organisations detected activity associated with ransomware and, on any given day, an average of 1.2% dealt with ransomware botnets running somewhere in their environment.
“The peak days of activity fell on weekends, with the hope of slipping traffic past weekend security operations staff. As the average traffic volume of various ransomware botnets increased, the average number of firms impacted by them rose as well.”
And Fortinet says 80% of organisations reported high or critical-severity exploits against their systems.
“The majority of these targeted vulnerabilities were released in the last five years, but no shortage of attempts was made against premillennial CVEs. Exploit distribution was pretty consistent across geographical regions, likely because a huge proportion of exploit activity is fully automated via tools that methodically scan wide swathes of the Internet probing for opportunistic openings.”