Targeted attacks now 60 per cent of incidents: Vendor report

For years spam has been one of the biggest worries of CISOs. However, targeted attacks through spear-phishing and other techniques are increasingly the leading vector, if data collected by security vendor Positive Technologies is accurate.

In a look at 2019 trends released Thursday, the Russian-based company said 60 per cent of attacks it looked at were targeted. That was a five per cent rise over 2018. One of the reasons is an increase in APT attacks, the report said.

“The increase in targeted attacks is due to several reasons,” Alexey Novikov, director of Positive Technologies’ Expert Security Center (PT ESC), said in a statement. “Every year we see new groups of attackers specializing in advanced persistent threats. During 2019, the PT ESC tracked APT attacks by 27 groups, ranging from well-known groups, such as Cobalt, Silence, and APT28, to relatively unknown newcomers.

“Companies are paying closer attention to cybersecurity, and implementing and using special security tools (such as anti-APT solutions) to detect and prevent complex attacks,” he added. “This makes it easier to detect malicious activity more accurately and significantly reduces dwell time. Because of this, information on individual incidents and particular tactics and tools used by different APT groups becomes public knowledge and can be used as intelligence to bolster countermeasures.”

The vendor believes that companies should shift their attention from preventing attacks in the perimeter to timely detection and response inside the network, regularly checking any previous attacks.

Amongst other trends:

• The total number of malware infections in 2019 was 38 per cent higher than in 2018. Malware campaigns were so successful because both the malware itself and the methods for its delivery have evolved
• Ransomware was responsible for 31 per cent of all malware infections among organizations
• So-called MageCart JavaScript sniffers, which scrape payment card data, were so widespread because of supply chain compromises of developers of website software.

The report includes a long list of security measures CISOs need to adopt. Many of them boil down to basic cyber hygiene, including:

• Centrally manage software updates and patches. To prioritize update plans correctly, the most pressing security threats must be taken into account
• Install antivirus software with a sandbox for dynamically scanning files and the ability to detect and block threats such as malicious email attachments before they are opened by employees
• Use SIEM solutions for timely detection and effective response to information security incidents
• Use automated tools for analyzing security and identifying software vulnerabilities
• Deploy web application firewalls as a preventive measure
• Encrypt all sensitive information. Do not store sensitive information where it can be publicly accessed
• Perform regular backups and keep them on dedicated servers that are isolated from the network segments used for day-to-day operations
• Minimize the privileges of users and services as much as possible. Use a different username and password for each site or service. Use two-factor authentication where possible, especially for privileged accounts. Do not allow weak passwords
• Test and educate employees regarding information security
• Regularly perform penetration testing to identify new vectors for attacking internal infrastructure and evaluate the effectiveness of current measures
• Regularly audit the security of web applications, including source-code analysis, to identify and eliminate vulnerabilities that put application systems and clients at risk of attack
• Keep an eye on the number of requests per second received by resources. Configure servers and network devices to withstand typical attack scenarios (such as TCP/ UDP flooding or high numbers of database requests)