A Forcepoint report reveals the latest trends in data threat, a warning to all Internet businesses
Global cybersecurity tech company Forcepoint released its ‘2016 Global Threat Report‘ that details some of the latest evolving digital perils, with the goal to demystify threats and enable businesses with tools, recommendations, and knowledge.
Gathered from more than three billion data points per day in 155 countries around the world, the report was based on interviews and investigations by Forcepoint’s team of researchers and engineers in Europe, the Middle East, Asia and North America. The teams examined attack activity and its impact.
“The rapid evolution of the cyber threat environment has consequences that are much broader than just technical, operational, and financial — they can impact every piece of a business,” said Forcepoint Chief Scientist Dr. Richard Ford in an official statement.
A six-month investigation by Forcepoint’s Special Investigations (SI) team uncovered a brand new botnet campaign that the team later named “JAKU.”
According to description in the report, JAKU leads to data leakage of machine information, end-user profiling and as a launch point for larger attack data sets.
Of the five top countries that have fallen victim to JAKU attacks, four of them are Asian – South Korea, Japan, China, and Taiwan. A total of 19,000 unique victims had fallen in 134 countries, with 93 days of ‘mean dwell time’ (the time an intruder spends inside a network).
The report also mentions that payloads are delivered via exposure to compromised bittorrent sites, use of unlicensed softwares, and downloading of Warez softwares.
Countries such as Malaysia, Thailand, and Singapore have been mentioned as notable locations of command and control servers.
“What is somewhat of a step-change is the execution of a number of concurrent operations within a campaign, using almost identical TTP to herd thousands of victims while at the same time executing a targeted operation,” explained Dr. Ford on how JAKU works.
e27 compiled key findings from the report.
The web and email remain primary attack vectors for cyber criminals and is widely acknowledged as the initial entry point into an organisation for targeted attacks. The threats usually come in the form of malware or malicious web links inside an email.
The report stated that malicious content in email increased 250 per cent compared to 2014. Dridex27 (a strain of banking malware) and various ransomware28 campaigns were largely responsible for the rise.
However, the percentage of spam email decreased from 88.5 per cent in 2014 to 68.4 per cent.
The top five malicious file types as email attachments are:
1. Zip archive
2. SDOS/Windows programmes
3. Text-file based
4. Microsoft Word 97
5. MHT format
Of the top 10 countries that have been found to host malicious content, Indonesia is the only Southeast Asian country on the list. Meanwhile, Hong Kong is one of the top eight countries that have been found hosting phishing websites.
To handle this issue, there are three points that Forcepoint recommends in its report:
- Explore security solutions fed by attack analysis from both Web and email attack vectors, achieving greater efficacy for each product
- Implement a user education/training programme that periodically reminds users of the typical ways to identify a malicious email
- Consider activating URL sandboxing and file attachment sandboxing technology to prevent users from making bad decisions, or not recognising a malicious email
Though more businesses are embracing cloud-based technologies, it does not dispel the cyber security concern that comes with the technology.
In fact, for organisations that decided to defer the adoption of cloud technology, 60 per cent cited security concerns as their main reason.
The Forcepoint report highlighted shadow IT – cloud-based services used by employees for their personal productivity and convenient that are not provided or authorised by the company – as the main point-of-entry for a malicious businesses attack. More than 80 per cent of IT decision-makers feel that it poses a risk to IT security, with a third considering it an extremely significant risk and 16 per cent considering it the most significant risk.
The report recommends the following as solution:
1. Data Loss Prevention (DLP) solutions and Next Generation Firewalls (NGFW) can help organisations realise the scope of their shadow IT.
2. Once the services and IT entities users are connecting to are known, organisations can either enforce data and usage guidelines, train users, or disable the IT based on their policies.
3. Consider working with staff to help them be more productive rather than blocking their attempts to innovate outright.
Cybersecurity is a constantly evolving industry, as hackers spend vast resources to stay ahead of the security companies trying to prevent attacks. The Forcepoint report offers a nice update for the current state of cybersecurity today.
Image Credit: Simon Wijers on Unsplash
The post JAKU, emails, and shadow IT: Just some of latest global cybersecurity threats facing your business appeared first on e27.
from e27 http://ift.tt/1TatYwz