Risky applications result in record attacks
Attackers adding sophistication and machine learning to maximise compromises, while business sits back.
A toxic combination of poor cybersecurity hygiene and risky application usage is creating an environment where widespread attacks are considerably more dangerous to businesses, according to a new report.
In fact, the data looks pretty damning - while the number of exploits detected in Q2 2017 increased nearly 30 per cent over Q1, attacks became increasingly sophisticated, leveraging machine learning and AI-like strategies to maximise impact and minimise costs for the hackers.
Although WannaCry and NotPetya hit the headlines and caused big-dollar damage to many large organisations, much of that could have been avoided with better security hygiene, argues Fortinet’s latest Global Threat Landscape Report. However, beyond the headlines the story holds water too - during the period, 90 per cent of organizations recorded exploits against vulnerabilities that were three or more years old. And 60 per cent of firms experienced successful attacks targeting devices for which a patch had been available for ten or more years.
This jars somewhat with rising spend on application security - a separate analyst report predicts that the Global Application Security market is estimated to hit at $2.35 billion in 2016 and is expected to reach $10.26 billion by 2023, growing at a CAGR of 23.4 per cent from 2016 to 2023. But with the basics of patch management still undone, the exploit door is likely to remain open for even old and well-known vulnerabilities.
Ilia Kolochenko, CEO of High-Tech Bridge, agreed that many businesses do not take the basics seriously enough: “Companies often blindly increase their spending on cybersecurity, however, they end up spending on inappropriate or irrelevant solutions. A comprehensive and up2date inventory of all digital assets (i.e. software, hardware, users, data and licenses) is the essential first step to developing a cybersecurity strategy. Once done, a holistic risk assessment can help prioritise tasks and assure that money is only spent on products and solutions appropriate for your particular needs and priorities. Finally, continuous security monitoring is pivotal: even one unpatched vulnerability, or a forgotten machine, can lead to a data breach affecting the entire company.”
The report also found that organizations allowing a large numbers of peer-to-peer (P2P) applications on their network report seven times as many botnets and malware as those that don’t allow P2P applications, and a similar trend for proxies. Organizations allowing proxy applications report almost nine times as many botnets and malware as those that don’t allow proxy applications. Interestingly, there was no evidence that higher usage of cloud-based or social media applications leads to increased numbers of malware and botnet infections. However, nearly one in five organizations reported malware targeting mobile devices. Perhaps inevitably, the researchers found that the majority of exploit attacks - 44 per cent - occurred on either Saturday or Sunday, with the average daily volume on weekends hitting twice the volume of weekdays.
The researchers reported the second straight record high this quarter for encrypted communications on the web, with the percentage of HTTPS traffic increasing over HTTP to 57 per cent. “While good for Internet privacy and security, this trend presents a challenge to many defensive tools that have poor visibility into encrypted communications. Assess whether this is a blind spot in your environment…” said the report.
Separate research from High-Tech Bridge’s free SSL/TLS server test recently pointed to a slowing of HTTPS growth, with 64.4 per cent of all tested web servers receiving an “A” grade and 47.5 per cent having TLS configuration compliant with PCI DSS requirements, but with a six-month growth rate of just 0.2% and 0.1% growth respectively. The top countries hosting web servers with the most secure HTTPS configuration are still the USA, Germany, France, Netherlands and UK.
The Fortinet data was based around 184 billion total exploit detections, 62 million malware detections, and 2.9 billion botnet communications attempts.