BY Richard Summerfield
While cyber security threats are gaining in exposure and media coverage, many companies remain unprepared for a breach — a fact which is particularly worrying when one considers that cyber attackers are gaining vastly greater scale through new techniques, such as killchain compression and attack automation, according to Alert Logic’s ‘Critical Watch Report: The State of Threat Detection 2018’.
The report, which was completed following the analysis of more than 1 billion security anomalies, 7 million events and over 250,000 verified incidents, found that the traditional killchain has evolved. Today, 88 percent of killchain attacks are gaining efficiency and speed by combining what was formerly identified as the first five phases of such an attack — recon, weaponisation, delivery, exploitation and installation — into a single action. As a result, the new killchain is capable of creating near-instantaneous attacks that bypass many established security practices.
Automation has also emerged as an important and effective tool for cyber criminals who are able to launch random and recursive attacks which force organisations to alter the ways they asses risk. Cryptojacking has also become a major concern for organisations. Eighty-eight percent of recent WebLogic attacks were cryptojacking attempts. Worryingly, as cryptojacking attacks are highly automated and hit small, medium and enterprise-sized organisations indiscriminately and at similar rates, industry and size may no longer be reliable predictors of threat risk.
The report also found that web application attacks remain the most frequent and dominant type, with SQL injection attempts comprising 43 percent of all attacks observed.
“It’s no secret that attackers push the envelope and innovate attacks to abuse weaknesses anywhere they find them—in cloud and hybrid deployments, containerised environments, and on-premises systems,” said Rohit Dhamankar, vice president of Threat Intelligence Products at Alert Logic. “What is troublesome is the use of force-multipliers like automation to scale attacks for increased financial gain. This report demonstrates that attackers are gaining increasing sophistication in their ability to weaponise trusted techniques to exploit common vulnerabilities and misconfigurations for purposes such as cryptomining.”