Addressing Customer Endpoint Security Challenges

The recent increase in remote workers has shifted considerable attention on endpoint resilience, especially as vulnerable endpoint devices continue to be added to enterprise networks. And these ongoing work-from-home conditions will be around for the foreseeable future, with some organizations expecting this to become a permanent strategy.

In the first half of 2020, the FortiGuard Labs team observed an increase in malicious activity targeting end users, browsers, email systems and home networks. As might be expected, ransomware was high on the list of these attacks. And, according to the most recent Global Threat Landscape Report from FortiGuard Labs, no industry was spared from this ransomware activity, with the most heavily targeted sectors including telcos, MSSPs, schools, governments and technology organizations.

The rise in ransomware, including hybrid attacks and the growing availability of RaaS (ransomware as a service), suggests that things are likely to worsen before they improve. Remote workers and their home networks represent a new and fertile attack surface that cyber criminals are highly motivated to exploit. And as more devices get added to the network, IT teams will continue to struggle with increased complexity and a lack of visibility and control, all of which can weaken their organizations’ endpoint security posture.

For this reason, IT and security teams must prioritize endpoint security to protect their growing remote workforce and related digital transformation efforts from attackers. And, because this is an area overwhelmed IT teams are struggling to address, it is something for which partners are in a prime position to help.

Ransomware and the Endpoint

During the first six months of the year, FortiGuard Labs saw a widening range of malicious activity involving the use of COVID-19-related attacks, including phishing and business email compromise schemes, along with nation-state backed campaigns and ransomware attacks. Ransomware activity targeted at enterprise organizations, in particular, was particularly severe.

Attackers continue to attempt to leverage endpoints, or devices that remote users employ to connect to the network, to try and gain entrance to enterprise resources. Once they have gained access to a device, they use it as a launching pad into the network, where they not only lock organizational data but steal it, as well, posting it to public servers and then threatening a widescale data breach release as further leverage to extort ransom payments from their targets. One example of this is the use of Cobalt Strike, a penetration tool that cyber criminals have exploited and made available on the black market. By leveraging this tool, malicious threat actors can deploy payloads in the form of ransomware or a keylogger within the compromised network, ultimately resulting in data theft.

Ransomware hidden in COVID-19-themed messages, attachments, and documents, specifically, was a widely noted threat during the first six months of 2020. The FortiGuard Labs team tracked three specific samples during that time: NetWalker, Ransomware-GVZ and CoViper. The last of the three, CoViper, was especially malicious, as it was used to rewrite the targeted systems’ master boot record (MBR) before encrypting data. Ransomware combined with an MBR wiper can completely paralyze target computers, making these attacks much more severe.

Because of the pernicious nature of ransomware attacks, especially in light of the rapid transition to a teleworker business strategy, organizations need to make endpoint resilience a top priority during the coming six months and beyond as they work to secure their increasingly distributed organizations.

The Challenge: Endpoint Devices Are Treated Separately from The Network

One of the biggest challenges with endpoint resilience is that it is often isolated from the rest of the network security framework. Because of this, visibility and control over network security only begin at the point at which an endpoint device joins the network. This is not ideal, especially with a remote workforce and highly mobile end users.

Research shows that 63% of organizations are unable to monitor endpoint devices when they leave the enterprise network. An additional 56% of surveyed IT professionals admit that they are unable to verify compliance for endpoint devices. And an alarming 70% state that they have a “below average” ability to minimize losses related to endpoint failure.

This challenge is compounded by the fact that today’s networks span multiple ecosystems, including multi-cloud infrastructures and numerous cloud-based services, including shadow IT. Applications and workflows now often span multiple ecosystems to accomplish their tasks. At the same time, a growing number of endpoints are connecting to resources distributed across the network, making the point at which each device connects to the network–whether to the WAN edge, LAN edge, data center edge or cloud edge–increasingly difficult to ascertain and defend. In addition, many of these devices combine personal and professional profiles and information, heightening the chances of exploitation. With this in mind, enterprises looking to protect data against ransomware threats can no longer