New cyber attack tactics are subverting traditional security measures and indiscriminately targeting organisations off all sizes.
This is the message from Alert Logic’s latest threat detection report. And, CTOs, CISOs or those in charge of security, should take note.
>Read more on Cyber security training
The report was based on the analysis of data from more than 1.2 billion anomalies, 7.2 million security events and 250,000 verified security incidents across the Alert Logic customer base of more than 4,100 organisations (over a 14-month period between 2017 and 2018).
A new battlefield
According to the findings, hackers are gaining vastly greater attack scale through new techniques, such as killchain compression and attack automation. This allows them to target a range of organisations, constantly, regardless of industry or size.
The end of traditional kill chain
With 88% of kill chain attacks now gaining efficiency and speed by combining what was formerly the first five phases — “recon”, “weaponisation”, “delivery”, “exploitation” and “installation” —into a single action, the end of traditional kill chain is here.
In the traditional kill chain model, organisations focused on stopping cyber threats at the earlier phases. However, the new kill chain creates near-instantaneous cyber attacks that make many established security practices ineffective.
Expanded use of automation
The report has produced evidence that attackers are increasingly using automation; in order to launch random and recursive attacks that are changing the way organisations have to assess risk.
These automated “spray and pray” attacks roll through a set of IP addresses at massive scale, seeking vulnerabilities and immediately execute further automation to exploit them. These automated attacks hit the spectrum of businesses indiscriminately and at a similar rate. Industry and size are no longer reliable predictors of threat risk, according to Alert Logic.
The rise of cryptojacking
Cryptojacking is now rampant, with many attacks featuring this as their primary motivation. In the data analysed, for example, it was observed that 88% of recent WebLogic attacks were cryptojacking attempts.
The report also found that web application attacks remain the most frequent and dominant type of attack, with SQL injection attempts comprising 43% of all attacks observed.
“It’s no secret that attackers push the envelope and innovate attacks to abuse weaknesses anywhere they find them — in cloud and hybrid deployments, containerised environments and on-premises systems,” said Rohit Dhamankar, Vice President of Threat Intelligence Products at Alert Logic.
“What is troublesome is the use of force-multipliers like automation to scale attacks for increased financial gain. This report demonstrates that attackers are gaining increasing sophistication in their ability to weaponise trusted techniques to exploit common vulnerabilities and misconfigurations for purposes such as cryptomining.”
“While attackers continue to innovate with improved agility, speed and covertness, defenders also have opportunities to evolve the way they approach their security processes, procedures, and technologies.”