eSentire: Education Vertical Spirals in Cybersecurity Threat Rankings

Written by Lynn Haber
December 19, 2018

The new eSentire annual threat report defines the new normal.

The 2018 Annual Threat Report released Wednesday by eSentire, the managed detection and response provider, demonstrates the ongoing cybersecurity arms race.

The report highlights a 500 percent increase in the use of botnets compared to 2017, an exponential increase in coinmining, and the growing threat of Maldocs.

The report points out the five most targeted industries — education, accounting, construction, real estate and biotechnology. While entries on the top 10 affected industries in 2018 remain the same as in 2017, there were a few shifts in the rankings. The most significant change was the ranking of the education industry from No. 10, all the way up to No. 1.

eSentire threat intelligence used data gathered from over 2,000 proprietary network and host-based detection sensors distributed globally across multiple industries, in midsize organizations. The company has been reporting on this data annually for the past several years.

eSentire’s Kerry Bailey

“The exponential growth of cybersecurity threats each year represents a new normal that organizations must be prepared to deal with as automation makes it easier and more profitable for threat actors to execute attacks,” said Kerry Bailey, CEO, eSentire. “Staying ahead of rapidly growing threats like botnets and coinmining malware presents significant financial, operational and personnel challenges for organizations, and underscores how crucial adopting emerging technologies such as managed detection and response (MDR), and artificial intelligence (AI) are to protecting assets.”

In the emerging threats section of the eSentire report, the surge in botnet activity is tied to compromised servers, an observation that is consistent with recent trends in multi-stage attacks.

“Threat actors often compromise low-hanging, low-value devices for which there is no direct opportunity for monetary gain,” according to the report.

However, the initial compromise, or foot in the door, is often part of a later, larger-scale attack that ultimately seeks a financial benefit.

During 2018, coinmining emerged in two forms: malware on compromised assets (CoinMiner) and in-browser monitoring that persists only through the browsing session (such as Coinhive). The report points out that the financially motivated threat actors prefer coinmining over alternative methods such as ransomware.

In 2018, Maldocs, such as Marap, emerged as the popular new downloader, and acts in a similar manner to Emotet. Marap enters organizations embedded within Office and PDF documents delivered through email. Ursnig, another Maldoc, continued to evolve in 2018. The good news is that there are numerous strategies for addressing Maldocs.

eSentire notes that the education vertical in its customer base is primarily administration rather than networks that contain endpoint devices used by students.

“Still, [the education industry] belongs to the set of industries that hasn’t put cybersecurity at the front, while at the same time their technology front has increased,” Keegan Keplinger, data visualization lead and lead report researcher at eSentire, told Channel Futures.

The financial-services industry dropped from the seventh-place ranking in 2017 to the 10^th place ranking in 2018. Keplinger attributes that to …