1 year ago


editor's focus MASSIVE

editor's focus MASSIVE SURGE IN ZERO-DAY EXPLOITS THIRTY PER CENT OF MALWARE CAN BE CLASSIFIED AS NEW OR ZERO-DAY BECAUSE IT CANNOT BE CAUGHT BY LEGACY ANTIVIRUS SOLUTIONS, IT IS CLAIMED in malicious JavaScript, both in email and over the web Most network attacks were aimed at web services and browsers, with some 73% of the top attacks targeting web browsers in drive-by download attacks All of the top ten exploits were webbased attacks and the top network attack was Remote Code Execution that targets Internet Explorer (IE). But strangely this attack almost entirely affected Germany alone. Breaking it down country by country, it targeted Germany 99% of the time. The latest security report findings are based on anonymised Firebox Feed data from WatchGuard's 24,000 active unified threat management (UTM) appliances worldwide. Says Corey Nachreiner, chief technology officer at WatchGuard Technologies: Are legacy antivirus solutions no longer up to the task, I ask myself? If new research published in WatchGuard's first Quarterly Internet Security Report, then it is a question we should all be posing. The report, explores the latest computer and network security threats affecting SMBs and distributed enterprises, confirms in its Q4 2016 incarnation that cyber criminals' capability to automatically repack or morph their malware has outpaced the AV industry's ability to keep up with new signatures. "This means that, without advanced threat prevention, companies could be missing up to a third of malware," warns WatchGuard. The report also reveals that old threats are reappearing and macro-based malware is still prevalent. Spear-phishing attempts still rely on malicious macros hidden in files, including Microsoft's new document format, while attackers also still use malicious web shells to hijack web servers. It appears that PHP shells are alive and well, as nation-state attackers have been evolving this old attack technique with new obfuscation methods. Other findings contained in the report are no less concerning: JavaScript is a popular malware delivery and obfuscation mechanism with a rise "Our Threat Lab has been monitoring the most prevalent security industry threats and trends for years and now, with the addition of the Firebox Feed-anonymised threat analytics from Fireboxes deployed around the world-we have, first hand, acute insight into the evolution of cyberattacks and how threat actors are behaving. Each quarter, our report will marry new Firebox Feed data with original research and analysis of major information security events to reveal key threat trends and provide defence best practices." Adds Jonathan Whitley, sales director for Northern Europe at WatchGuard: "With ransomware attempts and malicious websites dominating the headlines along with cyberattacks such as the Mirai Botnet, the SWIFT banking attacks and alleged Russian interference in the US presidential election, it was a busy quarter for cybercriminals." 06 computing security July/August 2017 @CSMagAndAwards

editor's focus TIME FOR A UNIFIED FRONT CYBER SECURITY IS RARELY OUT OF THE NEWS THESE DAYS, WITH BUSINESSES AND ORGANISATIONS EVERYWHERE SEEMINGLY UNDER ATTACK. A SHIFT IN ATTITUDE IS NOW AN IMPERATIVE Where once it was the bigger boys who saw themselves as the prime targets for all-out attacks, that threat level is now increasingly moving to medium-sized organisations, who are also seeing their capital, reputation and intellectual property challenged by new and insidious threats. However, according to IT solutions and managed services provider (MSP) EACS, while many IT teams are taking steps to improve their organisations' security posture, their efforts are being hampered by an indifference to the topic within the broader C-suite. A report by the Economist Intelligence Unit reveals a disconnect between the C-suite and IT teams when it comes to prioritising cyber prevention. Although cyber security ranked as the number one priority for IT teams, it languished in ninth place for the C-suite, far behind things like business growth and new customer acquisition. For Kevin Timms, CEO of EACS, cybersecurity can no longer just be seen as an issue for the IT department to sort out - senior management needs to become fluent in the language of security, if they are to improve the way that their companies deal with threats. "Cyber-attacks are rapidly growing in both number and severity and, while that is broadly recognised at all levels of the organisations we speak to, there's still a bit of a disconnect in the C-suite and a lack of responsibility, a gap which seems to be more distinct in medium-sized businesses," Timms comments. "It is, of course, to be expected that the C-suite is focused on the business growth and to an extent it is understandable that there's less focus on cyber-security, because this is a primary area of focus for IT teams. "But the fact is that the success of a business is increasingly contingent on its ability to protect itself from cyber threats and maintain the integrity of its data. The two need to go hand-in-hand and, without sufficient support at the highest levels of a business, strong cyber-security measures will struggle to take hold." It's also important to remember that IT security is not just about building a bigger firewall, but the processes of the company and a shift in attitude, he adds. "Everyone within a business needs to think about what they do on a day-to-day basis to make sure they behave in a way that is beneficial to the company as a whole; from the top down and vice versa." With the C-suite and IT teams working collaboratively to understand the full impact of a cyber-attack on the business and outlining a full programme for prevention, there will be a greater recognition of the potential threats the business faces, Timms argues. "Businesses need to dedicate time and resources to the issue, which can be achieved by enlisting the help of third parties like managed service providers (MSP). By partnering with MSPs with the experience and expertise to deliver a comprehensive cyber-security programme, the C-suite can rest assured that their business has room to grow, while the IT teams can focus on business development, rather than worrying about security." @CSMagAndAwards July/August 2017 computing security 07