Malware threats through social media are growing, causing victims to unknowingly share malicious links with their contacts 

Fortinet, a global leader in comprehensive, integrated, and automated cybersecurity solutions reveals that Latin America and the Caribbean suffered more than seven billion cyberattack attempts in the first quarter of 2021.

According to the threat intelligence lab FortiGuard Labs, which collects and analyses cybersecurity incidents around the world daily, January, February, and March saw an increase in the distribution of web-based malware, an attack where a user’s device becomes infected when downloading or installing malware from a malicious website. During the first quarter of the year, a remarkable increase was reported regarding the use of social media to spread advertising and deceptive websites, where compromised users are sharing messages with malicious content to their contacts from their social media profiles, without being aware. 

“This type of web phishing campaign features an automatic propagation method that uses the contacts of messaging services or social media such as WhatsApp, Facebook, or Instagram of the victim. If users click on one of these ads offering prizes or attractive contests, they are redirected to the exploit kit landing page, where malware that creates “pop-ups” or ads with hidden malicious code to spread is downloaded and exfiltrate information. Then victims are invited to share with their contacts, thus generating the effect of propagation,” adds Emmanuel Oscar, manager, systems engineering at Fortinet for the Caribbean. 

Additionally, as seen throughout 2020, cybercriminals continue to search for remote work breaches to attempt to access corporate networks through employees working from home. During Q1 2021, there were multiple attempts to execute remote code to GPON and D-Link devices, which are mostly used to offer residential connectivity services. This shows how adversaries are looking for ways to compromise remote work users, intercept their communications, and redirecting them to malicious sites.

“When organisations implement remote work at scale, cybercriminals seize the opportunity to exploit arising security vulnerabilities. Security-based networks —a strategy where networking and security converge throughout the environment from the center of the network to the cloud, branch offices, and remote workers— allow companies to have visibility and defend themselves in today’s dynamic environments while maintaining an excellent user experience,” adds Oscar.

FREE ONLINE COURSES

The results of Fortinet’s FortiGuard Labs report show once again that it is not only necessary to have a comprehensive cybersecurity platform, but that it is key to foster greater awareness of digital risks and how to be better prevented from social engineering threats, that is still the main access vector for more advanced threats like ransomware. Therefore, Fortinet keeps offering more than 30 free online courses for general initial training and for those who require more specialised training. Network Security Expert (NSE) programme courses are available here.  

As the digital world continues to grow, the attack surface is expanding exponentially, expanding far beyond the traditional physical network to include everything that can connect and communicate. This includes borders, data, and content, people, devices, and applications, even in the cloud. All of these elements, and more, make up the digital attack surface, which is also constantly growing and changing.

An integrated security platform is essential to have visibility and control of everyone and everything within corporate networks. On the other hand, cybercriminals’ use of increasingly advanced and sophisticated technologies requires organisations to have solutions that integrate artificial intelligence for the automation of processes including prevention, detection, and response to incidents.