sb-nz logo
Story image

OT attacks and cryptominers on the rise – Skybox

30 Jan 2019

Cybersecurity management company Skybox Security has announced the release of its latest Vulnerability and Threat Trends Report which analyses the vulnerabilities, exploits and threats in play over the previous year.

The report, compiled by the team of security analysts at the Skybox Research Lab, aims to help organisations align their security strategy with the reality of the current threat landscape.

What stands out first from the data is the sheer volume of new vulnerabilities published in 2018.

The National Vulnerability Database (NVD) assigned 16,412 new CVEs, a 12% increase over the previous year.

That may seem like a small climb, but the 2017 figure was already an all-time high, and Skybox threat intelligence director Marina Kidron believes these record-breaking figures are the new normal.

“It would come as no surprise if 2019 breaks the CVE record again,” says Kidron.

“While more resources in vulnerability research are what’s driving these high numbers, that’s cold comfort to CISOs trying to keep their organisation safe.

“The challenge of answering, ‘What do I fix today?’ is only getting harder — unless you have the right information to contextualise this of data.”

Skybox CTO and R&D vice president Ron Davidson says, “If you’re hanging your vulnerability management strategy on fixing CVSS critical- or high-severity vulnerabilities, 2018 added about 9,000 vulnerabilities to that list; it’s simply no longer practical to ‘focus’ attention on this large group.

“Exploitability — what’s being used in the wild, what sample code is available — is a more important indicator of what should get attention first.

“It’s something many vulnerability management programs lack, so their resources are going in the wrong place and they’re not moving the needle on risk.”

Other findings of the report include risks to the growing attack surface, including operational technology (OT) networks. 

Attacks on OT continue to climb with a 10% increase between 2017 and 2018.

While these attacks range in motive and impact, the WannaCry outbreak in Taiwan Semiconductor Manufacturing Company was a prime example of how a cybercriminal tool like ransomware, nation-state threats and internal exposure can create the perfect storm to wreak havoc on a network, as well as a company’s bottom line.

The report also warns of a false sense of security in cloud networks.

While the security of clouds is relatively strong, misconfiguration issues within them can still abound and security issues can arise within the applications used to manage such networks.

A number of examples can be given of attacks on cloud networks, but a notable one from 2018 targeted Tesla’s Amazon Web Services network.

While attackers could have accessed a variety of information, they instead used the opportunity to launch a malicious cryptominer, pointing to a larger trend in the threat landscape of stealing computational power rather than data.

In 2017, ransomware reigned supreme accounting for 28% of malware attacks, while cryptominers only made up 9%.

Those figures essentially flipped in 2018, with ransomware dropping to 13% of malware attacks and cryptominers soaring to 27%.

“While cryptomining may seem like a relatively innocuous, low-priority threat, it’s important to remember that these attacks slow down system processes and may overwhelm system capacity,” says Skybox senior security analyst Sivan Nir. 

“More than that, it’s impossible to predict what the attacker’s end goal may be. The cryptominer may be only part of a larger attack structure. By letting them set up home in your network, you’re inviting them to try to gain access to other parts of your environment.”

Whether protecting against cryptominers, threats to the OT network or simply trying to keep up with what vulnerability to fix next, incorporating threat intelligence in vulnerability management programs will give organisations the edge they need to counter a dynamic threat landscape.

Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Download image
Equinix study: Firms turn to NFV to support distributed networks
Decision-makers looking for a solution that virtualises a wide range of network functions should evaluate NFV, study finds.More
Story image
Trend Micro receives AWS Outposts Ready designation
rend Micro solutions are now fully and demonstrably capable of integrating with Outposts deployments.More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More