Financial Threat Landscape
“Life in the SOC” is a Blog Series that shares experiences of the BlueVoyant SOC defending against the current and prevalent attacks encountered by our clients. The blogs discuss successful detection, response and mitigation actions that can improve your defensive capabilities.Large corporate breaches make the headlines, but SMBs remain a prime target. A common misconception is that SMBs are not big enough or well-known enough to be targets of cyberattacks. However, Ponemon’s 2018 State of Cybersecurity in Small to Medium Businesses, reports that 61% of SMBs experienced a cyber attack in the last year. There are several factors involved, but most often it’s simply because it’s easier. SMBs are often less prepared and have smaller security budgets. Security through Obscurity? Some organizations try to thwart threat actors and reduce security costs by using more obscure operating systems. But attackers continually expand their attack vectors and exploit new vulnerabilities. For years, macOS users have had a false sense of security through obscurity. While it is true that Windows is victimized far more often, attackers are targeting macOS, along with Linux/Unix platforms more frequently. Since macOS has grown in corporate use, attackers are developing and targeting malware at these systems. SecureList tracked threats to the macOS over the last four years. In 2015, their researchers reported a total of just over 850k attacks. In the first half of 2019, the number of documented macOS attacks increased to around 6 million. Also, they noted 1.6 million phishing attacks/fraudulent schemes against macOS and iOS devices in the first half of 2019. By the Numbers WatchGuard released their Q2 2019 internet security report with some pretty interesting findings:
- Zero-day malware accounted for 38% of all malware detections.
- Malware trended down about 5% compared to Q1 2019; however, malware is still up 64% compared to Q2 2018.
- Network attacks are up over 50% compared to Q1 2019.
- Malware and Phishing attacks are abusing legitimate domains.
- Several domains hosting malware are subdomains of legitimate Content Delivery Networks (CDN).
- Kali Linux makes the top 10 list with two modules of Kali Linux appearing on WatchGuard’s list of most common malware.
- Significant year over year increase in overall malware volume.
- Widespread phishing and Office exploit malware increased.
- SQL Injection tops in network attacks.
- Europe and APAC increasingly targeted.