Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

eSentire Quarterly Midmarket Threat Summary Report

June 2017 by eSentire

Cyber security company eSentire released its Q1 Midmarket Threat Summary
Report, which provides a quarterly snapshot of threat events investigated by the eSentire
Security Operations Center (SOC).

© noregt

Addressing three key topics – threat types, threat volume and attack types – the
quarterly assessment includes visual data analysis, written analytical evaluations,
practical recommendations, and key analytical assumptions, providing threat
perspective for business leaders in the midmarket, and actionable takeaways to help
leaders strategically reduce their threat surface.

Key Findings:

· Between January 1 and March 31, the eSentire SOC detected nearly 4 million
attacks across multiple industries, with Finance, Technology, Legal, Mining, and
Retail seeing the most activity.
· Q1 2017 has seen an upward trend in attacks with the threat landscape increasing
dramatically in the third week of February and through March. Scanning and intrusion
attempts dominated the data trends. Together, they represent 75% of signals for Q1,
with Malicious Code trailing at 11%. Compared to 2016, scanning events have seen a
large increase in 2017, particularly in the month of March, in which detection of
scanning events nearly doubled. As exploitation becomes more costly for attackers,
analysts are observing a gradual transition to tactics that rely on social
engineering. This includes phishing, spam, and webpages that manipulate users into
installing malware on their computer or divulging confidential information.
· Together, Intrusion Attempts and Information Gathering accounted for about three
quarters of observed attacks. March, in particular, saw the largest increase, as
indicated by month-to-month analysis. March also saw an increase in the use of
Malicious Code, while denial-of-service attacks (Availability) saw a slight
decline.
· Analysis of weekday threat activity suggests that some threat activity is
comprised of business models that respect the traditional work week, indicating an
organization or structured threat actor.

Tips for Reducing the Threat Surface

· Administrators can reduce their threat surface by reducing the number of
externally facing endpoints within the organization, such as printers or web pages
that are only used internally. Implementing a VPN, which requires a password for
users to access the network, can further reduce positive results from scanning
campaigns, effectively hiding endpoints from sweeping, untargeted attacks.
· Programs and devices used in an organization should periodically be checked for
patches and updates that can nullify the vulnerabilities that attackers rely on.
· Disabling PowerShell on Windows machines and using non-standard ports for
protocols (e.g. FTP, SSH, RDP) can also reduce risks for attack.
· Training for employees that helps them to identify, avoid and report phishing
(and other social engineering) attempts will help prepare organizations for the
shifting threat landscape in the years to come.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts