Security firm Solutionary, part of NTT Group (NTT), today released its annual Global Threat Intelligence Report (GTIR). The report analyzes trends in cyber attacks on businesses using data pulled from 24 security operations centers, seven R&D centers, 3.5 trillion logs, 6.2 billion attacks and nearly 8,000 security clients across six continents.
We sat down with Jon Heimerl, Senior Security Strategist at Solutionary, to discuss the findings. Read on for the key takeaways.
On average, only 23 percent of organizations are capable of responding effectively to a cyber-incident, and 77 percent have no capability to respond to critical incidents. Don’t wait until disaster strikes to safeguard systems. “Everyone says ‘it won’t happen to me,’” says Heimerl. “But it will happen to you.” Maintaining data security is mostly a matter of being prepared and educating users on the basics of risky behavior. You’ll never be able to make all of your employees and customers security experts, but you can arm them with the ability to recognize where they’re vulnerable and when they’re being attacked.
In addition, companies should have a plan in place in case of ransom demands to prevent a denial of service (DoS) attack, in which a hacker interrupts or suspends a company’s services. DoS attacks are down 39 percent from 2014, but cases of extortion are up. Companies should know how much they’re willing to pay to ensure business continuity, and they should have their resources in place in case a demand comes through. “Go to your ISP,” Heimerl advises. “They can probably help you with a DoS remediation.”
These days, hacking is just as much about behavioral psychology as it is actual technology. The fancy term is “social engineering,” but what we’re really talking about is getting conned. One of the fastest growing trends in cybercrime is spear phishing, in which a hacker sends someone an email that appears to be from a recognized business or individual, but in fact is just an attempt to get sensitive information. Spear phishing attacks accounted for about 17 percent of incident response activities in 2015, with tricking executives and finance personnel into paying fraudulent invoices high on hackers’ list of strategies.
These kinds of scams aren’t small potatoes. Earlier this year, hackers stole $81 million from a Bangladeshi bank through a spear phishing attack. The Federal Bureau of Investigation (FBI) last year coined the term business email compromise (BEC) to specifically describe the type of scam that targets companies that perform regular wire transfers. Heimerl expects that trend to do nothing but grow this year, so businesses should wise up on security basics.
Many people assume the most-hacked industry is finance, but the report found that on a per-client basis, retail clients experienced 2.7 times the number of attacks as finance. Heimerl says there are two main reasons behind this trend. First, retail makes an attractive target because it’s so easy for hackers to sell the personal information they steal on the black market.
Second, retail has a highly complicated network of different systems cobbled together, each with separate points of entry. There are point of sale (POS) systems in the stores, distribution systems in the warehouses and central business systems at company headquarters to keep the whole operation running. In such complex environments, Heimerl says, it’s important for any service provider or reseller to think through security measures at every level of the retail chain.
One of the most unexpected findings, says Heimerl, was that nearly 21 percent of vulnerabilities detected in client networks were more than three years old. Think that’s surprising? The data showed vulnerabilities dating back as far as 1999 – that’s a vulnerability that’s old enough to drive.
Heimerl says in many cases, patches aren’t applied to old vulnerabilities simply because there are always higher priorities. In other cases, installing a patch on an old, legacy system would necessitate an upgrade that would affect other systems and wind up costing the organization a lot more money. Heimerl advises reducing the number of systems in use as much as possible. “If I’m managing 27 different systems and I have to keep them all updated with some kind of patch cycle, that’s a lot,” he says. “If I can make that number five? I can manage five.”
Hackers use command-and-control (C2) servers to maintain communication between their master sites and the compromised systems within a victim’s network. C2 activity is usually the last chance to stop a cyberattack before it causes critical harm.
Interestingly, the GTIR found that companies with a PCI requirement had less than 50 percent less C2 traffic than those that didn’t. The payment card industry data security standard (PCI DSS) outlines the necessary requirements for ensuring the security of credit card information and is required in industries like retail and finance. It isn’t a magic solution that will immediately make your systems safe, says Heimerl, but being PCI compliant helps you at least speak the right language.
Adobe Flash only took one of the top 10 spots in most-exploited vulnerabilities in 2013. What a difference two years can make. In 2015, every single one of the top 10 vulnerabilities targeted by exploit kits was related to Flash. The number of publicized Flash vulnerabilities jumped by almost 312 percent over 2014 levels. Part of understanding how to protect yourself against Adobe vulnerabilities is understanding that hackers aren’t coming to attack your directly. They make you come to them.
“If I’m a hacker,” says Heimerl, “I’m going to figure out how to get you to come to me. I’m going to poison the search results. I’m going to attack your DNS server. I’m going to do anything I can do to get you to come to my site.” Once that happens, the hacker’s exploit kit will run a fully automated attack, install a “rat” on your local machine and then make its way from your machine into your corporate network. If you’re using Flash on your website, he suggests looking into alternatives like HTML6. If you’re an end user, think about just turning Adobe Flash off on your browser. It will probably impact your user experience far less than you might think.
A new study from Solutionary reveals the latest trends in cybersecurity and what resellers and service providers can do to protect themselves and their customers.
March 30: Modern Approaches to Selling in the Digital World Order
For VARtweet sponsor info contact Amy Katz (firstname.lastname@example.org)
Sponsored Introduction Continue on to (or wait seconds) ×