Privacy & Security Targeted attacks now 60 per cent of incidents: Vendor report Howard Solomon @HowardITWC Published: April 2nd, 2020For years spam has been one of the biggest worries of CISOs. However, targeted attacks through spear-phishing and other techniques are increasingly the leading vector, if data collected by security vendor Positive Technologies is accurate.In a look at 2019 trends released Thursday, the Russian-based company said 60 per cent of attacks it looked at were targeted. That was a five per cent rise over 2018. One of the reasons is an increase in APT attacks, the report said.“The increase in targeted attacks is due to several reasons,” Alexey Novikov, director of Positive Technologies’ Expert Security Center (PT ESC), said in a statement. “Every year we see new groups of attackers specializing in advanced persistent threats. During 2019, the PT ESC tracked APT attacks by 27 groups, ranging from well-known groups, such as Cobalt, Silence, and APT28, to relatively unknown newcomers.“Companies are paying closer attention to cybersecurity, and implementing and using special security tools (such as anti-APT solutions) to detect and prevent complex attacks,” he added. “This makes it easier to detect malicious activity more accurately and significantly reduces dwell time. Because of this, information on individual incidents and particular tactics and tools used by different APT groups becomes public knowledge and can be used as intelligence to bolster countermeasures.”The vendor believes that companies should shift their attention from preventing attacks in the perimeter to timely detection and response inside the network, regularly checking any previous attacks.Amongst other trends:The total number of malware infections in 2019 was 38 per cent higher than in 2018. Malware campaigns were so successful because both the malware itself and the methods for its delivery have evolvedRansomware was responsible for 31 per cent of all malware infections among organizationsSo-called MageCart JavaScript sniffers, which scrape payment card data, were so widespread because of supply chain compromises of developers of website software.The report includes a long list of security measures CISOs need to adopt. Many of them boil down to basic cyber hygiene, including:Centrally manage software updates and patches. To prioritize update plans correctly, the most pressing security threats must be taken into accountInstall antivirus software with a sandbox for dynamically scanning files and the ability to detect and block threats such as malicious email attachments before they are opened by employeesUse SIEM solutions for timely detection and effective response to information security incidentsUse automated tools for analyzing security and identifying software vulnerabilitiesDeploy web application firewalls as a preventive measureEncrypt all sensitive information. Do not store sensitive information where it can be publicly accessedPerform regular backups and keep them on dedicated servers that are isolated from the network segments used for day-to-day operationsMinimize the privileges of users and services as much as possible. Use a different username and password for each site or service. Use two-factor authentication where possible, especially for privileged accounts. Do not allow weak passwordsTest and educate employees regarding information securityRegularly perform penetration testing to identify new vectors for attacking internal infrastructure and evaluate the effectiveness of current measuresRegularly audit the security of web applications, including source-code analysis, to identify and eliminate vulnerabilities that put application systems and clients at risk of attackKeep an eye on the number of requests per second received by resources. Configure servers and network devices to withstand typical attack scenarios (such as TCP/ UDP flooding or high numbers of database requests)Would you recommend this article?00 Thanks for taking the time to let us know what you think of this article! We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →Jim Love, Chief Content Officer, IT World Canada Related Download Sponsor: CanadianCIO Cybersecurity Conversations with your Board – A Survival Guide A SURVIVAL GUIDE BY CLAUDIO SILVESTRI, VICE-PRESIDENT AND CIO, NAV CANADA Download Now Privacy & Security security strategies