<
>

Fortinet Sheds Light on the Top Three Threat Categories in Malaysia and the Resourcefulness of Cybercriminals

Viruses are one of the top three categories that Fortinet regards as having a serious impact on Malaysia's security landscape, said Jonas Walker, Security Strategist, Fortinet, at a recent Fortinet Malaysia's Media Briefing Session.

Walker went on to say that viruses can be used as a means for cybercriminals to carry out a number of different purposes, such as stealing usernames and passwords, or as part of a remote access Trojan attack that monitors what you do, what sort of connections you have, who you interact with, who you send emails to, and other similar information.

As frightening as it sounds, according to Walker, the Trojan was indeed among the top 10 viruses in Malaysia during the fourth quarter of 2021. "Most of the viruses we find in Malaysia are malware on people's computers that are spying on them and used to achieve whatever the threat actors are trying to do," Walker explained.

In terms of the type of Trojan, based on the statistics acquired by the research team at Fortinet, JavaScript Trojans ranked first in the Trojan category. These are particularly popular as they are able to be executed in a browser – for example the JS/Cryxos, a malicious JavaScript that downloads and executes malware.

Apart from Trojans, in Malaysia, Fortinet also discovered a significant rate of botnet activity:

  • 53% from Mirai.Botnet.

  • 52.66% from Bladabindi.Botnet.

  • 52.1% from Gh0st.Rat.Botnet.

  • 11.36% from Andromeda.Botnet.

  • 10.97% from Zeroaccess.Botnet.

Botnets are a network of computer devices that cybercriminals have hijacked, which they can use to carry out various forms of cyber attacks (often without the owners of the devices even realising it). Threat actors often use botnets to execute large-scale attacks, coordinating even hundreds of thousands of internet-connected machines to do their bidding.

At the briefing, Walker specifically highlighted the two botnets variants – Andromeda.Botnet and the Zeroaccess.Botnet. Even though these botnets are supposed to be “offline” after law enforcement had shut down their command-and-control servers (meaning, there’s no way to send commands to the infected systems), they still appear on the list of “active botnets.” – Why is that?

He explained that in many cases, these botnets are not completely ‘taken down’ due to their intricacy. Because they aren't being cleaned up correctly, the infected machines are still trying to contact their counterparts or “call home”. The Zeroaccess malware can even disable security features on infected systems, making them vulnerable to secondary infections.

"A lot of these environments aren't cleaned up properly, and a lot of people on the defensive side don't have the visibility to understand that they have malware in these environments," he added. "If they did, they'd clean it up, remove it from their networks, and we'd see this number go down to zero."

The last category that Walker talked about was exploits. This is the type of vulnerability that threat actors are exploiting in particular types of software. He pointed out how quickly threat actors would jump at the chance to cause mayhem whenever a new exploit is discovered.

Walker used the Apache Log4j exploit as an example. It was discovered in the last few days in December and immediately took the top rank as it grew in popularity among threat actors that wanted to take advantage of it. Although they are aware that many organisations will try to patch such a high-profile vulnerability as soon as possible, many will not, and the vulnerability will remain exploitable for quite some time.

Walker stated that these findings demonstrate how quickly threat actors adapt to changes in cyberspace and that once they detect something dangerous, they instantly attack it.

You might also like
Most comment
share us your thought

0 Comment Log in or register to post comments