Hacks More Common on Weekends
August 21, 2017
New research reveals that poor cybersecurity hygiene and risky application usage enables destructive worm-like attacks to take advantage of hot exploits at record speed. Adversaries are spending less time developing ways to break in, and instead are focusing on leveraging automated and intent-based tools to infiltrate with more impact to business continuity.
Phil Quade, chief information security officer with Fortinet said, “The technology innovation that powers our digital economy creates opportunity for good and bad in cybersecurity. Yet, something we don’t talk about often enough is the opportunity everyone has to limit bad consequences by employing consistent and effective cybersecurity hygiene. Cybercriminals aren’t breaking into systems using new zero day attacks, they are primarily exploiting already discovered vulnerabilities. This means they can spend more of their resources on technical innovations making their exploits difficult to detect. Newer worm-like capabilities spread infections at a rapid pace and can scale more easily across platforms or vectors. Intent-based security approaches that leverage the power of automation and integration are critical to combat this new ‘normal’.”
Research highlights are as follows:
•Ransomworms on the Rise: Both WannaCry and NotPetya targeted a
vulnerability that only had a patch available for a couple of
months. Organizations who were spared from these attacks tended
to have one of two things in common. They had either deployed
security tools that had been updated to detect attacks targeting
this vulnerability, and/or they applied the patch when it became
available. Prior to WannaCry and NotPetya, network worms had
taken a hiatus over the last decade.
Speed and efficiency are business critical in the digital economy, which means that there is zero tolerance for any device or system downtime. As usage and configuration of technology such as applications, networks, and devices evolves, so do the exploit, malware, and botnet tactics of cybercriminals. Cybercriminals are ready and able to exploit weakness or opportunities in these new technologies or services. In particular, business-questionable software usage and the vulnerable IoT devices of hyperconnected networks represent potential risk because they are not being consistently managed, updated, or replaced. In addition, while good for Internet privacy and security, encrypted Web traffic also presents a challenge to many defensive tools that have poor visibility into encrypted communications.
Usage: Risky applications create risk vectors, which open the
door for threats. Organizations allowing a large amount of
peer-to-peer (P2P) applications report seven times as many
botnets and malware as those that don’t allow P2P applications.
Similarly, organizations allowing a lot of proxy applications
report almost nine times as many botnets and malware as those
that don’t allow proxy applications. Surprisingly, there was no
evidence that higher usage of cloud-based or social media
applications leads to increased numbers of malware and botnet