Friday, Aug 28, 2020
BY: Team Nuspire
A recent IDC survey revealed that 58% of organizations had more than seven breaches during the past 12-24 months. Many attackers have been exploiting the pandemic, but now they’re shifting from COVID-19 to other themes like the U.S. presidential election and Black Lives Matter. Nuspire’s Q2 Threat Landscape Report summarizes the quarter’s most active malware, botnets and exploits and provides tips for combating them.
Now that most companies have stabilized the work-from-home situation, security teams are seeing new attack vectors such as VPNs, home networks and personal devices used for business purposes. These vectors are outside the corporate network, which means no monitoring and no threat intelligence – a worrisome gap in cybersecurity.
This is concerning because phishing attempts cause 22% of breaches and ransomware attacks are linked to 27% of malware incidents. In Q2, Nuspire analysts were able to see and analyze the signature of a phishing threat – MSOffice/Sneaky.L!tr – that infected Microsoft Office files. These types of attacks are especially worrisome because they are created to bypass anti-virus signatures. Additionally, attackers now are zipping up and encrypting these files in further attempts to bypass signatures. Workers who interact with these files off the corporate network and corporate VPN can kick off a chain of events that could take time to detect and remediate.
In addition, phishing is often a way for botnets to spread. Infections peaked just after the middle of the quarter, ultimately increasing 29% compared to Q1. Without threat intelligence, it’s difficult to pinpoint devices that are engaging in C2 communications or to hunt for C2 servers.
More than 350 unique exploits were detected in Q2. Unpatched systems are the low-hanging fruit, of course, and penetration testing tool suites lower the bar of technical expertise needed to gain access to exploits like ShellShock. Just because an exploit is old doesn’t mean it isn’t being actively abused. If exploits get past your firewall and intrusion prevention system, the next lines of defense are endpoint protection and threat intelligence.
With many endpoints now outside the corporate network, how can you close the threat intelligence gap? Enforce a policy that states all remote work activity must be done over the corporate VPN. Then traffic can be routed through corporate firewalls and monitored. Administrators also can gather a list of employee home routers and assist with vulnerability monitoring for their remote workers.
Also, educate your employees so they are as safe online as possible. Include suppliers and partners if they access your network. Here’s why security awareness training is critical. Thirty percent of data breaches are caused by internal actors, whether they are malicious or negligent. The Q2 report describe two focus areas for training, along with other simple actions you can take to improve cybersecurity.
Many organizations go further to improve cybersecurity. A recent IDC survey found that nearly 40% of respondents noted the need to engage security services providers to reduce mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR) KPIs. To choose the right provider, compare capabilities such as data collection techniques, custom runbooks, premises/cloud protection services and security incident response teams.
For more information on the current threat landscape, download the Q2 Threat Landscape Report.