SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Will cyber attacks target your enterprise? Probably.
Thu, 10th Mar 2016
FYI, this story is more than a year old

Enterprises of every size and in every industry continue to face a constant and consistently hostile threat landscape, with more than 32.14 million attempted attacks taking place in the past few months alone, according to Fortinet.

The vendor's research, based on analysis of the Fortinet Cyber Threat Assessment Programme (CATP), shows the top threat types include malware, botnets and application exploits, with 357,420 attempts to compromise networks within the top 10 application vulnerabilities alone, and 71 different malware and botnet variants detected across the networks.

Key verticals analysed include healthcare, financial services, education and technology companies, with banking being targeted by nearly 45% of all malicious activity, followed by education, which experienced 27.4% of all attack events.

"Businesses are constantly under cyber attack. With the attack surface dramatically increased and a mature attackers ecosystem, companies have to be ever more vigilant across all their IT assets,” says John Maddison, Fortinet senior vice president of products and solutions.

Automated attack systems, botnets and malware take centre stage

With 32.14 million attempted attack events in a 4-month span, it's evident that attackers rapidly build automated systems and tools to probe networks for exploitable vulnerabilities, Fortinet says.

Headline-generating malware such as Conficker, Nemucod and ZeroAccess have made significant efforts to rebuild and infect machines, as the financial incentives for these owners are massive. With 5,230 instances of Conficker, followed by 4,220 instances of Nemucod and 3,210 instances of ZeroAccess traversing these networks, it's evident that this threat type will only continue to grow, according to Fortinet.

In just the top 10 incidents analysed, 357,420 attempts were made to exploit application vulnerabilities, as hackers continue to cast a wide net to try and compromise corporate data, the company finds.

Social media, video streaming and advertising drain corporate networks

Social media and multimedia streaming activities account for 25.65% of all network traffic, exposing corporate systems and sensitive data to risks of infection from drive-by downloads, social engineering and malvertising. Facebook is the most dominant social media site representing 47.27% of all social media traffic, with YouTube contributing to 42.29% of streamed content, according to Foritnet.

On top of this, advertising content accounts for 19.1% of network traffic and has been shown to be a potential source of malware as third party advertising networks are subverted or tricked into delivering malicious ads, Fortinet says.

Application control appears to be a continual challenge for administrators. A significant amount of Peer-to-Peer traffic, primarily Bittorrent and gaming activity opens the network to malicious content that piggybacks on top of applications and files downloaded through these popular sites. Enterprises should exercise caution when building application control policies on their networks, says Fortinet.

Financial services, education and healthcare rank most vulnerable industries

Due to the lucrative financial data obtained when these networks are successfully infiltrated, banking and finance organisations are disproportionately targeted with 44.6% of all malicious activity, Fortinet finds. Hackers rely on high-velocity attacks and target financial institutions with sophisticated trojans and land-and-expand attack strategies to infiltrate and persist within the network.

Education organisations represent 27.4% of all attack events in this report and are the second largest at-risk vertical industry. Botnets are the dominant threat for educational institutions, with seven out of top 10 infections, while XcodeGhost, the widely publicised iOS malware breaks into the top 10 vulnerabilities list in education, according to the company.

Healthcare ranked third in overall malicious activity with 10.6% of attack events. The healthcare industry is unique in the appearance of automated exploit kits, notably targeting numerous vulnerabilities in Flash, Silverlight and Internet Explorer to compromise a system via a drive-by-download or infected website, says Fortinet.

Takeaways and actionable insights to protect your network

Attackers are targeting companies of every size in the hopes of gaining access to the valuable assets inside the corporate network. Vertical industries need to know what hackers are after and understand the unique strategies they employ, Fortinet says.

Banking and finance organisations should bolster their networks against land-and-expand strategies and the predominant use of trojans. Deploying security platforms that can combat sophisticated new variants of malware at the network edge, while implementing internal network segmentation can help contain insider threats and minimise risks to the most valuable data, according to the company.

Education security professionals should be mindful of the various devices that can access their network resources, utilising threat intelligence services to detect threats that target student smartphones and tablets as vectors for an attack, the company finds.

Healthcare industry protections closely mirror those of banking organisations. Understanding that hackers may be looking to encrypt their data and hold the information hostage, instead of silently exporting data to sell on the dark web makes it even more imperative for healthcare to consider internal segmentation strategies to contain threats, according to Fortinet.

Technology businesses are varied and hackers respond with diverse strategies and malware to cast the largest net. Security professionals in these organisations need to understand their devices, applications and platforms that connect to the web using analysis tools. Understanding their network utilisation will help businesses tailor a security posture that matches their individual attack surface, Fortinet says.