The Fortinet 361° Security conference landed in Kuala Lumpur yesterday, marking the eighth year of Fortinet’s flagship annual cybersecurity event held across multiple cities in Southeast Asia and Hong Kong.
The morning’s keynote session was set in motion by Alex Loh, Country Director of Fortinet Malaysia, who shared that the global digital transformation movement is expected to unlock an estimated US$10 trillion value for business and wider society in the next decade.
Nevertheless, while the world is in the midst of this major transformation, the threats are also rapidly evolving in our hyperconnected, always-online world. As such, Alex added that this year’s World Economic Forum had highlighted cybersecurity as a key element in unlocking that value, naming it the guardian of the 4th Industrial Revolution.
In line with that idea, throughout the conference, Fortinet executives, industry experts and customers shared their insights on how to securely unlock the potential of the digital economy in order to enable organisations to confidently focus on the business, technology and infrastructure drivers shaping their future. The keynote and panel discussions peppered throughout the day covered a range of topics, including today’s changing threat landscape (as presented by CyberSecurity Malaysia’s Senior Vice President of Strategic Research, Lt Col Ts Sazali Bin Sukardi), the growing challenge of dealing with increasingly interconnected devices, the widening distributed network and how security strategies need to adapt to meet the new demands of today and tomorrow.
Dealing with today’s challenges requires modern networks to enforce consistent security while preserving the functionality of the network so that essential workflows are well protected along their entire data paths as data travels through multiple environments, be it multi-cloud, IoT and mobile devices. Hence, this year’s regional Fortinet 361° Security conference is focused on the “Security-Driven Networking” approach, where networking and security are integrated and combined.
As organisations develop a meshed and hyperconnected networking infrastructure that spans ecosystems, businesses, societies and personal lives, security needs to do the same. Therefore, other than Fortinet’s own offering, an important highlight of the event was the importance of having a Security Fabric that can protect the entire end-to-end infrastructure through a unified approach. And this means working closely with Fortinet’s own partners.
Alex Loh stressed on the need to integrate with a lot more solutions because no one provider is able to provide all the necessary security that covers all the bases for a single organisation. “So we have our open API that we integrate with our ecosystem partners as well,” he said, adding that at the end of the day, what matters is protecting the data that is at the heart of the organisation.
In order to protect organisations in the 4th Industrial Revolution, he explained that Fortinet is focusing on several main pillars: embedded security, network infrastructure, cloud security and cybersecurity.
Cyber Adversaries Up the Ante on Evasion and Anti-Analysis to Avoid Detection
During the event, Fortinet also shared with CSA some of the key findings of its latest quarterly Global Threat Landscape Report. According to Fortinet’s FortiGuard Labs, cybercriminals are now leveraging evasion and anti-analysis techniques as they become more sophisticated in their attempts to look for new digital attack opportunities.
The report is a quarterly view that represents the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of global sensors during Q2 2019. Research Data covers global and regional perspectives.
“The ever-widening breadth and sophistication of cyber adversaries’ attack methods is an important reminder of how they are attempting to leverage speed and connectivity to their advantage. Therefore, it is important for defenders to do the same and to relentlessly priorities these important cybersecurity fundamentals to better manage and mitigate cyber risks,” said Gavin Chow, Fortinet’s Network and Security Strategist.
Here are the key findings from the report:
Upping the Ante on Evasion Tactics
Many modern malware tools already incorporate features for evading antivirus or other threat detection measures, but cyber adversaries are becoming more sophisticated in their obfuscation and anti-analysis practices to avoid detection. The growing use of anti-analysis and broader evasion tactics is a reminder of the need for multi-layered defences and behaviour-based threat detection.
Under the Radar Attacks Aim for the Long-haul
The Zegost infostealer malware is the cornerstone of a spear phishing campaign and contains intriguing techniques. Like other infostealers, the main objective of the Zegost is to gather information about the victim’s device and exfiltrate it. Yet, when compared to other infostealers, Zegost is uniquely configured to stay under the radar.
Ransomware Continues to Trend as Targeted Attacks Escalate
Ransomware attacks on multiple cities, local governments, and education systems continue to pose a serious threat for many organisations. These attacks have moved away from mass-volume, opportunistic attacks to more targeted attacks on organisations, which are perceived as having either the ability or the incentive to pay ransoms. In some instances, cybercriminals have conducted considerable reconnaissance before deploying their ransomware on carefully selected systems to maximise opportunity.
New Opportunities in the Digital Attack Surface
Between the home printer and critical infrastructure is a growing line of control systems for residential and small business use. Cybercriminals continue to search for new opportunities to commandeer control devices in homes and businesses. Therefore, the security of smart residential and smart business systems deserves elevated attention.
“Threat intelligence that is dynamic, proactive, and available in real-time can help identify trends showing the evolution of attack methods targeting the digital attack surface and to pinpoint cyber hygiene priorities. Only a security fabric that is broad, integrated and automated can provide protection for the entire networked environment, from IoT to the edge, network core and to multi-clouds at speed and scale,” concluded Chow.