Securing hybrid networks against faster, more destructive threats

Sean Campbell, Director Canadian Channels, Fortinet

The latest semiannual FortiGuard Labs Global Threat Landscape Report reveals that cyberattacks are increasing in speed, sophistication, and potential for damage. At particular risk are hybrid networks, as threat actors take advantage of expanding attack surfaces to infiltrate and launch exploits, including using advanced persistent cybercrime strategies.

While valued for their flexibility, hybrid networks can prove a challenge for security teams. Their distributed, complex environments make centralized management and visibility harder to achieve. The proliferation of various products and management consoles – or vendor sprawl – can make persistent cross-platform visibility and control practically impossible without an integrated security solution. Gaps in visibility and control on the premise and the cloud can leave devices open to vulnerabilities and defenders in the dark about suspicious activities.

Channel partners that can understand the risks organizations face and can provide a pathway forward will find a receptive audience based on the findings of FortiGuard’s report and the growth in new and evolving attack techniques. We detail a few of the critical threats and associated learnings here.

“Remote Everything” emboldens malware attacks.

As organizations shift to remote and hybrid work models, cybercriminals are taking advantage by maximizing the remote work and learning attack vectors. Browser-based malware attacks were the most prevalent, using phishing lures or scripts to inject code or redirect users to malicious sites.

It is clear that the hybrid work and learn models will continue to persist and evolve. Channel partners can help organizations adopt a “work-from-anywhere” approach to follow, enable, and protect users regardless of their location. A sound strategy sees organizations securing the endpoint (EDR) and implementing zero-trust access solutions along with Secure SD-WAN to protect WAN connectivity for the extended network.

Ransomware is not going away. 

Data from FortiGuard Labs shows continued growth in ransomware attacks along with an increase in sophistication, aggressiveness, and impact. New strains are emerging every day, and old ones are being updated and sold as ransomware-as-as-service (RaaS) on the Dark Web, making ransomware attacks a reality for all organizations and networks.

Defences for security teams involve a more proactive approach that provides real-time visibility, analysis, protection, and remediation along with zero trust access solutions, segmentation, and regular data backups. For hybrid networks, achieving this visibility will require a cybersecurity mesh architecture solution that allows for tighter integration, increased automation, and coordinated, timely, and effective response to threats across the extended network.

Botnet evolving more sophisticated attack methods.

Threat trends demonstrate that botnets are evolving beyond DDoS attacks into multi-purpose attack vehicles capable of delivering malware. Already botnets have been detected with integrated exploits for the Log4j vulnerability, have targeted Linux systems with a new variant of the RedXOR malware, and were detected carrying a variant of RedLine Stealer malware.

Protecting networks and applications on-premises or in the cloud requires the ability to limit access. Channel partners can help organizations implement zero-trust access solutions, secure IoT endpoints and devices, and provide automated detection and response capabilities to monitor unusual behaviour.

Log4J demonstrates the speed of exploits. 

In December 2021, the Log4j vulnerabilities that emerged showed just how quickly cybercriminals could exploit a vulnerability. In less than a month, exploitation activity escalated to the point Log4j became the most prevalent intrusion prevention systems (IPS) detection of the entire second half of 2021.

Such speeds make it very difficult for any organization to react or patch before damage is done. For hybrid networks, the challenge is even more significant as their complexity can slow patch management. Helping organizations adopt artificial intelligence (AI) and machine learning (ML)-powered IPS and access threat intelligence can help them to reduce overall risk.

New vectors across the attack surface: 

Hybrid networks that include operational technologies will need to watch for lesser or low-lying threats that can cause issues down the line. A newly-crafted malware designed to exploit Linux systems poses a significant threat, as Linux provides the back-end systems of many networks and container-based solutions for IoT devices and mission-critical applications.

The growth in variants and volume suggests that Linux malware is on the rise. Organizations need to know how to secure, monitor, and manage Linux systems as they would any other endpoint in the network – using advanced and automated endpoint protection, detection, and response.

Being the Trusted Advisor for Securing Hybrid Networks

Channel partners assisting organizations with hybrid networks will need to work together to select solutions that eliminate vendor sprawl and ensure persistent cross-platform visibility and control. Understanding the threats facing organizations will help prioritize the approach, including a cybersecurity mesh architecture that allows for tighter integration and increased automation for timely and effective responses to threats across LAN, WAN, data centres, and cloud edges.

Next-Generation Firewall (NGFW) solutions can also help secure beyond the edge by reducing the attack surface through network segmentation. Modern NGFWs can dynamically adjust levels of trust by monitoring behavior.

Finally, adopting a zero-trust security model will help organizations control access to network resources by per-application risk assessment and segmentation. These solutions can help manage the proliferation of headless devices, like Internet of Things (IoT) or Industrial Internet of Things (IIoT), by seamlessly integrating with a network access control (NAC) solution. Combined with Zero Trust Network Access (ZTNA) this approach can help ensure every device, application, and transaction is secure.

By keeping in mind the real and emerging threats facing organizations today, channel partners can help them choose the best solutions to secure their hybrid networks. Making informed decisions can help eliminate vendor sprawl and deliver more integrated security solutions that offer greater visibility, broader protection, and automated tools that evaluate risk and apply mitigation actions at the same speed cybercriminals now employ.

Sean Campbell is Director of Canadian Channels at Fortinet