New cyber attack tactics subvert traditional security measures: Alert Logic report
- Published: Wednesday, 26 September 2018 09:18
Alert Logic has released its latest cyber security analysis, ‘Critical Watch Report: The State of Threat Detection 2018,’ which shows that cyber attackers are gaining vastly greater scale through new techniques such as killchain compression and attack automation - expanding the range of organizations under constant attack regardless of industry or size.
To prepare the cyber security report, Alert Logic Security Operations and Threat Intelligence team members analysed data from more than 1.2 billion anomalies, 7.2 million security events, and 250,000 verified security incidents across the Alert Logic customer base of more than 4,100 organizations over a 14-month period between 2017 and 2018.
Among the notable findings in the report is the end of the traditional killchain, with 88 percent of killchain attacks now gaining efficiency and speed by combining what was formerly the first five phases (recon, weaponisation, delivery, exploitation and installation) into a single action. In the traditional killchain model, organizations focused on stopping cyber threats at the earlier phases; however, the new killchain creates near-instantaneous cyber attacks that make many established security practices ineffective.
The report also exposes evidence that attackers have greatly expanded their use of automation to launch random and recursive attacks that are changing the way organizations have to assess risk. These automated attacks roll through a set of IP addresses at massive scale, seeking vulnerabilities, and immediately execute further automation to exploit them. Because these highly automated attacks hit small-, medium- and enterprise-sized organizations indiscriminately and at a similar rate, industry and size are no longer reliable predictors of threat risk.
Another key finding is that cryptojacking is now rampant, with many attacks featuring this as their primary motivation. In the data analysed, for example, it was observed that 88 percent of recent WebLogic attacks were cryptojacking attempts. The report also found that web application attacks remain the most frequent and dominant type of attack, with SQL injection attempts comprising 43 percent of all attacks observed.
“It’s no secret that attackers push the envelope and innovate attacks to abuse weaknesses anywhere they find them—in cloud and hybrid deployments, containerised environments, and on-premises systems,” said Rohit Dhamankar, Vice President of Threat Intelligence Products at Alert Logic. “What is troublesome is the use of force-multipliers like automation to scale attacks for increased financial gain. This report demonstrates that attackers are gaining increasing sophistication in their ability to weaponise trusted techniques to exploit common vulnerabilities and misconfigurations for purposes such as cryptomining.”More details.