Obrela Security Industries recently launched their H1 2022 Digital Universe Study, which provides detailed insight into this year’s security and threat landscape. The results provide a ‘funnel’ view of real-time visibility data, and allow organisations to gain a better understanding of how threats are security are developing, and how they can better protect themselves.
To put together this report, Obrela collected and analysed 1 PBs of logs as well as 100,000 devices. In this time, they detected 7,369 cyber incidents with an average response time of 7 seconds.
Using this, Obrela’s security team was able to find out what attack vectors were most prominent and what type of methods threat actors tended to execute when attempting to gain unauthorised access. Some of the more significant shifts within the threat landscape included:
- A 16% increase in data breaches, as well as attacks that targeted end users as opposed to corporations.
- A 6% upswing in zero-day attacks, particularly exploiting vulnerabilities.
- A 12% surge in attacks related to internal threats, such as policy violations, privileged user activity and inadvertent actions.
Looking at particular attack methods, Obrela found that those most utilised were typically malware infection, reconnaissance, data exfiltration and phishing attacks, along with the exploitation of malicious insiders.
The study also looks into which sectors are most vulnerable to cyber criminals, with banking & financial services, and government/corporate being at the top of the list. This is mostly down to the monetary value that threat actors can extract from exploiting weaknesses in security, as well as the personal and confidential data they store on their servers. In addition, banking, finance, government and corporate sectors play an important role in global economic activity, making them an incredibly attractive target for a criminal looking to exfiltrate information and extort.
What can companies do to protect themselves?
To decrease risk and make sure their security posture is up to scratch, organisations must remember to do the ‘basics’. This means, following best practices such as implementing security training, user authentication and access, and protecting their endpoints and brand. In order to boost security and improve security, organisations should extend their best practices to also include network management, as well as network segmentation and Zero trust. These should be deployed across the whole company and its network. Another option is for organisations to partner with an MSSP, who can monitor their IT and cloud infrastructure, removing the pressure from their own IT teams and allowing them to focus on internal issues and tasks; this could make the difference between a secure corporate nature and becoming another breach statistic.
Emerging use cases
After analysing the data and devices, Obrela found new incident cases, including:
Domain impersonation: this is often associated with phishing campaigns, where employees of an organisation or end-users are targeted by cyber criminals pretending to be from their bank. Victims are taken to an impersonation site, via a phishing link, which will prompt them to enter personal information, including bank details or passwords. By the time the victim notices it is often too late, and malicious actors will already have access to their accounts or network.
Internal Directory Busting: This vector is similar to a brute force web attack, which targets public facing websites. In using this method, threat actors can then exfiltrate personal and confidential data to use for malicious purposes.
Unfortunately, cyber criminals are becoming increasingly sophisticated and are adaptable to the evolving threat landscape. Organisations must ensure they have the basic cybersecurity infrastructure, but they should also implement an extra layer of protection around their end users and networks. A network or system breach can not only impair their business operation, but it can also significantly affect their reputation, damaging their brand image and often leading to loss of customer trust.
In partnering with an MSSP who understands the fluid nature of the security market, organisations can better secure their environments and keep their employees and customers protected from numerous cyber threats.
The Digital Universe study can help organisations understand what these types of threats are and how to protect against them.
You can find the full report here: https://www.obrela.com/digital-universe-report-h1-2022/