Organizations face a dizzying array of cybersecurity threats, from their own employees to nation-states and everything in between, according to the latest cybersecurity research. In this monthly roundup, eSecurity Planet summarizes findings from eight different research reports — and the key lessons that enterprises can learn from them to protect themselves against current and emerging risks.
- Bromium - Social Media Platforms and the Cybercrime Economy
- CrowdStrike Annual Threat Report
- Dtex -Insider Threat Intelligence
- Fortinet - Global Threat Landscape
- Kaspersky - DDoS Q4 2018 Intelligence Report
- Keyfactor - Impact of Unsecured Digital Identities
- Oracle - Cloud Threat Report
- Zscaler Cloud Security Insights Report
Bromium released its Social Media Platforms and the Cybercrime Economy report on Feb. 26 detailing the current state of social media platform exploitation. The report estimated that $3.25 billion annually is generated by attackers from social media-enabled cybercrimes.
Social media is an active target for cyber criminals for a number of reasons. Bromium said social media platforms contain up to 20 percent more methods by which malware can be delivered to users. Overall, Bromium's study estimated that within the last five years, over 1.3 billion social media users have had their data compromised.
"Hackers are using social media as a Trojan horse, targeting employees to gain a convenient backdoor to the enterprise’s high value assets," said Bromium CEO Gregory Webb. "Understanding this is the first step to protecting against it, but businesses must resist knee-jerk reactions to ban social media use – which often has a legitimate business function – altogether."https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
Key takeaway: Social media should be treated as another IT asset to be protected.
On Feb. 19, the 2019 CrowdStrike Global Threat Report: Adversary Tradecraft and The Importance of Speed was released, providing data into how nation-state threat actors are exploiting organizations.
The report found that the nation-state threat adversaries backed by Russia are the fastest in the world, with an average system breakout time of just under 19 minutes. Breakout time refers to the amount of time it takes after an initial intrusion to move laterally within a network.
CrowdStrike also found that organized eCrime threat actors are increasingly collaborating with one another to exploit victims.
"The threat landscape is evolving at an unprecedented rate, and with every breach, a company’s survival may be put on the line," said Adam Meyers, vice president of Intelligence at CrowdStrike. "Organizations can't afford a passive approach to securing their assets."
Key takeaway: Actively employ threat hunting technologies to identify attackers before they can break out.
Dtex released its 2019 Insider Threat Intelligence Report, based on data the company analyzed across over 300,000 user accounts. The big finding in the report is that 100 percent of assessed accounts at one point or another transferred sensitive data via unencrypted and encrypted USB drives, personal email accounts, and cloud applications.
Perhaps even more troublesome is that Dtex found that most (95 percent) of assessments found employees attempting to circumvent or bypass security controls via anonymous browsing and VPN technologies.
"Many organizations don’t completely understand how the insider threat impacts their businesses," said Rajan Koo, Dtex VP of customer engineering and head of the insider threat analyst team. "The insider threat stretches across all employees, contractors or other third parties that have been granted or surreptitiously gained access to networks and who have the potential to place data and systems at risk."
Key takeaway: Implement controls like DLP to help protect against insider threats, malicious or otherwise.
Fortinet released its Global Threat Landscape report on Feb. 20, which found that Internet of Things (IoT) devices are being increasingly targeted. Fortinet reported that six of the top 12 global exploits targeted IoT devices, and four of the top 12 were related to IP-enabled cameras.
Botnets are also an issue highlighted by Fortinet as a threat that is growing in complexity, which is taking organizations more time to detect.
"The age of 'Cy-Phy'—the convergence of cybersecurity things and physical spaces—is here. Although the appeal of this convergence to our digital economy is almost sci-fi in terms of imagination, unfortunately the cybersecurity risks are very real.
Key takeaways: Secure all IoT devices and have botnet detection capabilities in place.
The Kaspersky Labs DDoS Q4 2018 Intelligence Report was released on Feb. 7 providing insight into the state of Distributed Denial of Service (DDoS) attacks at the end of 2018. According to the report, there was a 13 percent year-over-year decline in the total number of DDoS attacks in the quarter.
While the total number of attacks declined, Kaspersky Lab found that attack duration more than doubled over the course of the year to an average of 218 minutes per attack in the fourth quarter, up from 95 minutes in the first quarter.
"When cybercriminals do not achieve their goals of earning money by launching simple DDoS attacks, they have two options," said Alexey Kiselev, business development manager on the Kaspersky DDoS Protection team. "They can reconfigure the capacities required for DDoS attacks towards other sources of revenue, such as cryptomining, or malefactors who orchestrate DDoS attacks have to improve their technical skills, as their customers will look for more experienced attackers."
Key takeaway: DDoS attacks are set to evolve, as attackers focus on the techniques that work.
Keyfactor released a benchmark report with the Ponemon Institute on Feb. 14 that looked at the importance of digital certificate management. According to the report, failure to properly handle and secure digital identities could end up costing organizations $67.2 million over the next two years.
Among the key findings of the report is that 71 percent of IT pros indicated that their organization does not know how many keys and certificates it has.
"Digital identity is a critical component of any organization – its currency, really," said Chris Hickman, Chief Security Officer at Keyfactor. "The Keyfactor-Ponemon study shows that organizations are spending an average of $18.2 million on IT security annually and only 14 percent of that is allocated to PKI. Yet the average company is managing upwards of 83,000 digital certificates to encrypt data and authenticate servers and secure data on IoT devices. The burden of PKI should be offset by technology that reduces risk and operational costs, improves efficiencies and automates certificate lifecycle management."
Key takeaway: Don't take identity for granted; be sure to have tools in place to manage and secure digital certificates.
Oracle and KPMG released their joint Cloud Threat Report 2019 on Feb. 20, identifying key trends about how organizations view cloud security.
Among the key highlights of the report is that 72 percent of organizations had the view that public cloud infrastructure is more secure than what they can offer within their own data centers. Though there is a high degree of confidence with the cloud, there are still issues, especially when it comes to shared responsibility and whether the cloud provider or the enterprise is responsible for certain security items. 82 percent of cloud users admitted that their organization had a security incident, due to confusion over the shared responsibility model.
"With cloud services becoming an integral part of business operations, there is an intensified need to improve the security of the cloud and to integrate cloud security into the organization's broader strategic risk mitigation plans," said Tony Buffomante, U.S. Leader of KPMG LLP's Cyber Security Services.
Key takeaway: Be sure to understand what your organization's responsibilities are for application and data protection in the cloud.
Attackers are increasingly using encryption to hide their malicious activities, according to Zscaler's 2019 Cloud Security Insights Threat Report released Feb. 27.
The report is based on an analysis of encrypted traffic across the Zscaler cloud from July through December 2018. During that time period, Zscaler blocked a monthly average of 283 million threats, hidden in SSL/TLS encrypted traffic, a 400 percent increase over 2017.
"With the ever-increasing concerns over data privacy, there has been a massive trend toward Internet properties having encryption by default," said Amit Sinha, Executive Vice President of Engineering and Cloud Operations, Chief Technology Officer, Zscaler. "This is a great thing for privacy, but it presents a challenge to IT security."
Key takeaway: Have technology and services in place that can help identify and block potential threats in SSL/TLS encrypted traffic.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.