From insiders to endpoints and the cloud, organizations find themselves defending against cybersecurity threats everywhere they look, and new threats are emerging all the time. At eSecurity Planet, we keep you up to date on the state of cybersecurity and emerging threats, and April was another month for a slew of research reports detailing those risks. We summarize findings from eight of those reports — and the key lessons that enterprises must learn to protect themselves.
- Absolute - 2019 Global Endpoint Security Trends Report
- Avanan - Global Phish Report
- Bitglass - 2019 Insider Threat Report
- Domain Tools - Staffing the IT Security Function in the Age of Automation
- Keysight Technologies - Ixia Annual Security Report
- Malwarebytes - Q1 2019 Cybercrime Tactics and Techniques report
- Neustar - Q1 2019 Cyber Threats and Trends Report
- Trustwave -2019 Global Security Report
Absolute released its 2019 Global Endpoint Security Trends Report on April 17, providing insight into the state of endpoint security.
Among the high-level findings in the report is the somewhat surprising statistic that 42 percent of all endpoints at any given time are unprotected. Even among those organizations that have some form of endpoint security, Absolute found that 28 percent are missing proper anti-malware protection, often due to outdated or broken endpoint agents.
Overall, Absolute warned that growing endpoint complexity is driving risk, with an average of 10 security agents per device.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
"Evolving security threats have caused enterprises to layer on more and more endpoint controls, increasing complexity, impacting performance, and in some cases the collision of these controls is leaving the endpoint exposed," said Christy Wyatt, chief executive officer at Absolute. "This complexity of the landscape is making it increasingly difficult for IT and security to have visibility and control."
Key Takeaway: Consider options to minimize endpoint security complexity and consolidate tools.
On April 10, Avanan released its Global Phish Report, based on an analysis of 55.5 million emails sent to organizations using cloud-based email services such as Microsoft Office 365 and Google G Suite.
The analysis found that across the analyzed emails, 1.04 percent of all emails on Office 365 and 0.5 percent on G Suite were phishing emails. Office 365 has its own integrated Exchange Online Protection (EOP) technology that is supposed to weed out phishing but apparently doesn't catch everything. According to Avanan, 25 percent of phishing emails bypass Office 365 security, using malicious links and attachments as the main vectors.
50.7 percent of phishing emails integrated some form of malware, while 40.9 percent were focused on credential harvesting in an attempt to steal user login information.
"Cloud-based email, despite all of its benefits, has unfortunately launched a new era of phishing attacks," said Yoav Nathaniel, lead security analyst at Avanan. "The nature of the cloud provides more vectors for hackers and gives them broader access to critical data when a phishing attack is successful."
Key Takeaway: Don't rely entirely on integrated cloud security capabilities; be sure to also consider third-party technologies to improve results.
Bitglass released its 2019 Insider Threat report on April 3, with a dire warning about the current state of the insider threat landscape.
73 percent of respondents told Bitglass that insider attackers have become more frequent in their organizations over the last year. Over the last 12 months, 59 percent said their organizations experienced at least one insider attack.
Perhaps even more shocking than the large number of insider attackers is the finding that 41 percent of organizations admitted that they don't monitor for abnormal user behavior across their cloud deployments. Additionally, only 12 percent reported that they are able detect insider threats from mobile devices.
"Insider attacks are harder to identify and remediate than those that originate from outside the enterprise," said Rich Campagna, CMO of Bitglass. "This is caused by a number of factors highlighted throughout the report, including insufficient authentication, inadequate user behavior monitoring in the cloud, and a failure to properly secure personal devices."
Key Takeaway: Insiders exist with both internal and external access to the enterprise, so it's important for organizations to make sure there are no gaps. DLP, UEBA and CASB are three technologies that can help.
On April 15, DomainTools released its annual "Staffing the IT Security Function in the Age of Automation" report with the Ponemon Institute.
Among the high-level findings in the report is that 79 percent of organizations are currently making use of automation, or at least plan to within the next three years. Automation is used for a variety of purposes, with 60 percent reporting they will use it for threat hunting. Artificial intelligence (AI) is a key part of automation, with 70 percent of respondents noting that AI is trusted component of security solutions.
While there is interest in using automation to help improve security, there are also challenges, with 54 percent admitting that legacy IT environment reliance has prevented the adoption of automation.
"The uptick in automation adoption indicated by survey responses is promising as it illustrates the adaptability of security teams in a continually evolving security landscape," said Corin Imai, senior security advisor, DomainTools.
Key Takeaways: It's a good idea to use AI and automation tools to help reduce the load on overworked IT security departments.
Ixia, a Keysight Business, released its annual security report on April 15, arguing the humans remain the weakest link in security.
According to Ixia, it detected 662,618 phishing pages in the wild, and all it takes for an organization to be compromised is a user clicking on a link. Additionally, Ixia reported that cyber-hygiene isn't great either, as many organizations haven't patched vulnerabilities that have been known for years. Among the high-risk flaws that still remains unpatched in many organizations is the EternalBlue flaw that was first disclosed in 2017 and helped enable the WannaCry ransomware attack.
"Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018," Steve McGregory, senior director, Ixia Application and Threat Intelligence, Keysight Technologies. "Misconfigured security and access policies were also a major source of data breaches in 2018."
Key Takeaway: Don't be the weak link; make sure that patching is continuous and comprehensive to prevent easy exploitation by attackers.
On April 25, Malwarebytes released its Q1 2019 Cybercrime Tactics and Techniques report, revealing an overall decline in the volume of malware detection.
Malwarebytes reported approximately 62 million malware detections in the first quarter of 2019, a decline from the 71.5 million reported in the first quarter of 2018. Cryptojacking-related malware was also declined steeply during the quarter.
While overall malware detections were down, specific forms of attacks actually increased, including ransomware, which grew by 195 percent in the first quarter from the fourth quarter of 2018. Malware targeting Apple's macOS operation system also grew during the quarter by 60 percent.
"Consumers might breathe a sigh of relief seeing that malware targeting them has dropped by nearly 40 percent, but that would be short-sighted," said Adam Kujawa, director of Malwarebytes Labs. "Consumer data is more easily available in bulk from business targets, who saw a staggering 235 percent increase in detections year-over-year."
Key Takeaway: Though threat volumes can change, ransomware remains a risk that organizations need to be concerned about.
Neustar released its Q1 2019 Cyber Threats and Trends report on April 24, offering insight into the current state of Distributed Denial of Service (DDoS) attacks.
The largest attack in the quarter was 587 Gbps, a 70 percent increase over the largest attack in the first quarter of 2018. Overall, Neustar reported a 200 percent year-over-year increase in the number of DDoS attacks in the first quarter.
Perhaps most surprising was a 967 percent increase in the volume of attacks that were 100 Gbps or higher. While 100 Gbps attacks grew, they still aren't the norm. Rather, Neustar reported that 58 percent of all attacks it mitigated were 5 Gbps or less.
"Today’s artificial intelligence and machine learning technologies enable us to identify anomalous traffic and patterns, correlate data across systems, and perform behavioral analytics on users and entities," said Rodney Joffe, Neustar Senior Vice President, Technologist and Fellow. "But none of these systems function without professionals who know how to deploy them, interpret their data, identify the existence and location of problems, and mitigate them."
Key Takeaways: DDoS is a problem that is here to stay, but AI working together with humans can help to mitigate the risk.
On April 25, Trustwave released its 2019 Global Security Report identifying a number of trends based on breach investigations the company conducted.
It should come as no surprise that Trustwave found that social engineering was the primary method of compromise for breaches. 60 percent of cloud and point-of-sale breaches were attributed to social engineering, while 46 percent of corporate breaches were the result of social engineering.
On a positive note, Trustwave found that organizations have improved their reaction speed, with the median time from threat intrusion to containment dropping to 27 days from 67 days in 2017.
"Our 2018 findings portray a story about adaptiveness, both from a business and cybercriminal perspective," said Arthur Wong, Chief Executive Officer at Trustwave. "We are seeing the global threat landscape continue to evolve as cybercriminals deterred by advanced monitoring and detection systems go to extraordinary lengths to breach organizations by wielding new malware variants, zero-day exploits and social engineering savvy."
Key takeaway: Organizations can improve results and lower risk with better time to detection powered by endpoint detection and response (EDR) tools.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.