The Latest Fortinet News
Product and Solution Information, Press Releases, Announcements

How Attackers are Targeting SMBs During COVID-19
Posted: Thu May 28, 2020 11:40:08 AM

With 71% of ransomware attacks targeting small-to-medium sized businesses (SMBs), it continues to be the prevailing form of malware used by attackers to disrupt organizations. The rapid adoption of new digital innovations often introduces new security gaps and makes it easier for attacks to spread across the flat and open internal network. For many, the loss of critical business cycles and revenues from systems that have ground to a halt far outweighs the price of the ransom itself. The Fortinet Security Fabric provides comprehensive network security and advanced threat-intelligence sharing to help SMBs detect and protect against ransomware attacks. Advanced Threats Continue to Adapt Even advanced threats still rely heavily on social engineering Coronavirus disease (COVID-19) Important Communication. “Due to the high volume of misinformation being spread… we put together a comprehensive document that contains guidelines & WHO recommendations.” CovidLock Claimed real time outbreak tracking Screen lock attack Delivered on Android SMB Ransomware Trends How Ransomware Gets In The pressing need for speed and agility across business’s of all sizes has led to the rapid adoption of innovations (e.g., cloud-based tools, Software-as-a-Service [Saas], smart devices) that bring convenience along with complexity—quickly creating vulnerabilities and making it easier for even basic threats to get past outdated defenses at various points of entry. Ransomware-as-a-Service (RaaS) that enables attackers to merely invest in an attack carried out by others and the natural IT knowledge of younger generations have made it easier for low-level hackers to easily blast a wide target base and expose one of those holes and is one reason that has led to such high rates of SMBs being hit with ransomware. Email Vulnerabilities Email is the primary way that ransomware gets inside a business’s network. Many users still unintentionally open a malicious attachment or URL that slips by consumer-grade email filters. More often these days, attackers rely on social engineering and business email compromise (BEC) scams where users unknowingly give attackers the information they seek to set off a series of events—like getting the victim’s phone number and replicating known sites to obtain user credentials. For SMBs that often rely on consumer-based email solutions that lack advanced email security checks, recognizing threats and avoiding social engineering schemes rely on a user’s individual judgment to identify the threat and avoid infection. Was It Only Ransomware? If ransomware was introduced into the network, then attackers gained access. While ransomware may have been the primary motive, other nefarious tools—such as monitoring software, command-and-control (C&C) code, or assimilation into botnets—may have also been introduced to launch additional attacks or siphon data at a later date. Therefore, any ransomware-compromised business must do further investigation into logs and systems for full and effective remediation. How Does Ransomware Typically Work? SMBs By the Numbers Why the Numbers? We Rely on Backup and Recovery Single point of failure ok? When is the last time you tested your system? How long does it take to recover your databases? What happens if you get hit with something like SamSam or Ryuk that target backups? A Successful Approach to SMB Security Must Be... How Ransomware Avoids Traditional SMB Security How Fortinet Can Help… The Fortinet Security Fabric enables organizations to stop known and unknown ransomware across their environment through automated sharing of actionable intelligence. Most Common Ways Ransomware Enters How Malicious Emails Circumvent Security Malicious Attachments Inadequate analysis of attachment Attackers use technology to create thousands of variants in seconds No sandbox, only checks against limited signature list of known threats stored on email device No ability to decrypt and analyze Policy either automatically allows through or Automatically blocks resulting in business disruption Designed to evade ShurL0ckr NoRelationship Cerber Designed to specifically evade O365 Email Vulnerabilities Email is the primary way that ransomware gets inside a business’s network. Many users still unintentionally open a malicious attachment or URL that slips by consumer-grade email filters. More often these days, attackers rely on social engineering and business email compromise (BEC) scams where users unknowingly give attackers the information they seek to set off a series of events—like getting the victim’s phone number and replicating known sites to obtain user credentials. For SMBs that often rely on consumer-based email solutions that lack advanced email security checks, recognizing threats and avoiding social engineering schemes rely on a user’s individual judgment to identify the threat and avoid infection. How Malicious Emails Circumvent Security Malicious URLs Embedded in Email Inadequate analysis on target website Only checks against limited list of known malicious sites Infrequent updates and only included with premium version Can't analyze embedded links Attachment text scanning isn't included If attachment is encrypted, can't decrypt and analyze Fortinet Email Security The FortiMail family of appliances is a proven, powerful messaging security platform for any size organization, from small businesses to carriers, service providers, and large enterprises. Purpose-built for the most demanding messaging systems, the FortiMail appliances utilize Fortinet's years of experience in protecting networks against spam, malware, and other message-borne threats. Fortinet Security Fabric Broad visibility of the entire digital attack surface to better manage risk Integrated solution that reduces the complexity of supporting multiple point products Automated workflows to increase speed of operations and response FortiGuard Labs AI-Driven Intelligence Billions of events analyzed every day How Fortinet Secures Email Malicious Attachments Advanced analysis of known and unknowns Identifies zero day and previously unknown malware through a combination of AI & ML Distributes threat intelligence across platform, updating “Known” malware lists for your environment and all customers Decrypts and analyzes Text scanning for password to open and analyze Content Disarm and Reconstruct Strips all active content from email and delivers text friendly, safew email with the ability to retrieve analyzed content How Fortinet Secures Email Malicious URLs Embedded in Email Advanced threat analysis on target website Checks against known list of good and bad sides Click Protect: Real time website rescan before user travels Web filtering enables additional grouping of 87 categories to enhance basic policy controls Analysis of embedded links Applies same check as if in body of email If encrypted, text scanning for password to open and analyze How Fortinet Secures Email Phishing Common Network Security Limitations How Malicious Sites Circumvent Security Drive by Downloads Limited policy controls to control browsing Only able to black and white list specific sites and key words Site has been weaponized since last scan deemed it safe Inadequate analysis on incoming traffic Attackers use technology to create thousands of variants in seconds Only checks against limited signature list of known threats Data is encrypted and firewall can’t decrypt No firewall in place or VPN unused As users travel to malicious sites, malware is downloaded How Attackers Circumvent Network Security Avoiding the Firewall No threat analysis on traffic from wireless or wired devices Not connected to firewall with limited if any security Inadequate analysis on attached devices No sandbox, only checks against limited signature list of known threats stored on endpoint agent No multi-factor authentication to block stolen credentials Applications presume the stolen credentials are valid without an additional check to ensure it’s the true user Fortinet Security Driven Networking FortiGate with FortiGuard Security Bundle FortiAP FortiSwitch FortiToken Fortinet AI Driven Security FortiClient w/cloud sandbox How Malicious Sites Circumvent Security Drive by Downloads Enhanced policy controls to control browsing Checks against known list of good and bad sides Web filtering enables additional grouping of 87 categories to enhance basic policy controls Advanced analysis of unknowns Identifies zero day and previously unknown malware through a combination of AI & ML Distributes threat intelligence across platform, updating “Known” malware lists for your environment and all customers Ability to decrypt incoming traffic without significant impact to throughput Fortinet Superior SSL Performance NSS Labs NGFW 2019 New SSL Performance Test Gartner’s 2019 Magic Quadrant for Network Firewalls Fortinet Recognized as a Leader in this Magic Quadrant Marks 10th time in a row that Fortinet is in the Magic Quadrant for Network Firewalls Gartner Magic Quadrant for Network Firewall, Rajpreet Kaur , Adam Hills,, Jeremy D’Hoinne , John Watts, 17, September 2019. This report was previously titled the Magic Quadrant for Enterprise Networks Firewalls. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Fortinet Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose How the Fortinet Security Fabric Protects You Avoiding the Firewall Security extended to wireless and wired devices Proprietary technology built into OS enables FortiAP and FortiSwitch to become extensions of the FortiGate NGFW Advanced analysis of unknowns on endpoint Identifies zero day and previously unknown malware through a combination of AI & ML Distributes threat intelligence across platform, updating “Known” malware lists for your environment and all customers Two Factor Authentication (2FA) FortiToken enables two factor authentication on mobile devices of physical token Fortinet Protects Across Your Environment NSS Labs 3rd Party Certifications Most recent test results