New Cyber Threat Report - Changes in Attack Types, Vectors, Industry Targets
November 2017 by eSentire
Cyber security company eSentire released its 2017 Q3 Quarterly Threat Report, providing a snapshot of threat events investigated by its Security Operations Center (SOC) from July thru September of this year.
Key findings include:
• Rise in attacks against accounting, biopharma, retail, biotech and pharmaceuticals which were mostly scanning and exploitation based – an interesting observation against some industry trends earlier in the year that saw rises in attacks against finance, legal, and healthcare. Overall this trend demonstrates that these industries are being targeted for lucrative data and its broad attack surface.
• Rise in availability attacks that usually take the form of DoS attacks. These types of attacks are often used by political activists in an attempt to silence or disrupt political opponents, but they can also be used as incentive to pay a ransom.
• Intrusion attempts (not information gathering), dominated network events. While Information Gathering may lead overall traffic volume, much of this traffic originates from a single scanning event.
• Information gathering had a high representation in the biopharma, biotech, and pharmaceuticals industries, where there is likely an interest in intellectual property and a propensity for non-standard internet devices to be connected to the network.
• Phishing attacks occurred most frequently in the healthcare industry. This could be due to the high volume of patients that staff in the Healthcare industry must interact with, obscuring malicious transactions. It could also pertain to weak policies around phishing and a lack of awareness and training among Healthcare employees.
• A surge in OpenSSL detections. From July 1st to September 30th, the most targeted vulnerability existed in OpenSSL (CVE-2014- 0160). Runners up included an ASUS Router exploit (CVE-2014- 9583), an Apache Struts exploit (CVE-2017-5638), an exploit of the Invision Board (CVE-2002-1149) Microsoft IIS (CVE-2000-0778, CVE-2000-0071, and CVE-1999-1538), Trivial FTP (CVE-1999-0183), and Microsoft Exchange (CVE-2015-1631).
Access the complete report here: https://www.esentire.com/resources/knowledge/2017-q3-quarterly-threat-report/