Palo Alto Networks®, the next-generation security company, today announced the latest edition of its Application Usage and Threat Report (AUTR) completed by the Palo Alto Networks Unit 42 Threat Intelligence team.
The report, based on data from more than 7,000 enterprises worldwide, showcases real-world trends in enterprise application usage and critical developments in how attackers are attempting to infect organisations. It also offers practical recommendations for preventing cyberattacks.
Findings highlight the explosion in adoption of software as a service (SaaS) based applications, with the potential to introduce new security risks, or allow unauthorised access to sensitive data. Through the report, security organisations also gain insight into how long-standing and common attack vectors, such as email and executable files, continue to present challenges, as well as global application usage trends for high-risk categories, such as remote access applications.
KEY FINDINGS
- SaaS-based applications explode in popularity – The number of SaaS-based applications observed on enterprise networks has grown 46 percent from 2012 to 2015, and now includes more than 316 applications.
- Email attachments continue their toxicity – Over 40 percent of email attachments were found to be malicious.
- Remote access application usage is widespread – There are currently 79 unique remote access applications in use worldwide, which are commonly used by cyberattackers during the course of their operations.
- Tragedies in the news or headline news turned into attack vectors – On average, there was a six-hour gap between a breaking news story and when it was used to deliver a spear phishing or spam or Web attack.
- Prominent adversary profiles exposed – Three threat actors: Carbanak (Russia/Ukraine), Sandworm (Russia), and Shell Crew (China) have been identified as groups that are engaged in cyberespionage and cybercriminal activity targeting government and business organisations throughout Europe and North America.
“At Palo Alto Networks, we believe that the sharing of cyberthreat intelligence benefits society as a whole, and that belief is the motivation behind the publication of our annual Application Usage and Threat Report. The better informed cybersecurity professionals are about how attackers are exploiting applications to compromise networks, the more likely they will be able to identify attacks and take action to stop them before their networks are compromised.” said Ryan Olson, intelligence director, Unit 42 at Palo Alto Networks.
RECOMMENDED ACTIONS
- With the increasing popularity of SaaS applications, security teams are cautioned to familiarise themselves with “shadow IT” – a trend occurring in enterprise networks in which users use SaaS and other applications without IT’s knowledge or approval – and its potential to weaken security policies.
- Pervasiveness of malicious email attachments highlights the need for automated security measures that can automatically stop a disguised executable file mistakenly activated by an end user.
- The speed at which new threats are evolving is getting faster and faster. Automated attack tools help criminals to take advantage of new vulnerabilities in a matter of hours. Stopping these attacks requires automated advanced threat prevention measures that provide broad visibility and protection against known and unknown threats.