Securing Advanced Threats for Customers: A Learn, Segment, Protect Approach
… remain aware of:
- Evolution of cryptojacking: Cryptojacking, or the process of leaching CPU resources from machines and devices, has long been recognized as a threat to organizations thanks to its ability to drastically slow system efficiency and leach processing power. And now, with new platforms available to advanced attackers, as well as “as-a-service” cryptojacking malware available for purchase on the dark web, the ability to launch large-scale, complex attacks is no longer limited to skilled cybercriminals. What’s more, these new crypto attacks have the potential to disable existing security solutions as well as open additional communications ports on existing firewalls. This means that not only is cryptojacking a serious problem on its own, but it can serve as a gateway through which bad actors are able to install new malware. Considering that the frequency of cryptojacking attacks jumped 38 percent in 2018, underestimating the impact of this cyberthreat can prove especially detrimental to organizations.
- Mobile Malware: Mobile devices are posing a significantly larger threat to network security than ever before. Mobile malware variants attacked more than 25 percent of organizations in Q3 as a result of BYOD policies and unsegmented guest networks. What’s even more surprising, however, is that mobile made up 14 percent of all malware attacks this quarter. Considering the speed at which a mobile device can enter and connect to a network, organizations that cannot properly identify and control these devices are at a substantially high risk.
- IoT Botnets: During Q3 IoT botnet infections rose a steady but anemic 2 percent. However, the period of time these bots were able to stay connected to the network increased by a staggering 34 percent from Q2, averaging 10.2 infection days per firm in Q3. This indicates that the sophistication of botnets is on the rise, that cyber hygiene within organizations is on the decline, or both In either case, if left unchecked these devices have the potential to spread malware laterally across networks and between devices, becoming a threat vector that can be leveraged to gain access to networks. What’s more, the ability for these devices to lie dormant, only returning when business operations resume, means that to effectively mitigate IoT botnets the source device needs to be found and removed.
- Shift Toward Swarm-as-a-Service: A notable shift in the evolution of cyberthreats is that of swarm-based intelligence technology. With emerging capabilities like the AutoSploit toolkit, which provides cybercriminals with the means to automate remote host exploitation, the threat landscape is shifting that much closer toward the possibility of swarm-based botnets. With à la carte IoT botnets like Hajime and Reaper already making headlines for their intelligent, automated attack capabilities, the market for as-a-service attack options using advanced attack capabilities is growing. We’re seeing the attack needle shift toward collaborative, intelligent botnets that cybercriminals can “set and forget.”
A Learn, Segment, Protect Approach to Advanced Threats
As the attack capabilities of cybercriminals continue to evolve, customers need to rearchitect their network infrastructures into a fabric-based strategy that can unify and integrate threat analysis and security processes. From there, customers must then adopt a learn, segment and protect approach to their security efforts that identify and …