In the first part of this blog series on the 2016 Cisco Annual Report we take a look at the methods attackers are using to infiltrate organisations and what sectors and geographical locations are being targeted.
The vulnerability of small and medium sized enterprises (SMEs) to sophisticated attacks on their IT structure is growing. These attacks are becoming bolder and coordinated as the Target data breach in 2013 shows. High profile attacks resulted in 40 million customers having their personal and credit card details hacked due to a third party SME supplier not taking proper steps to safeguard their data. This was a US data breach however in 2015 74% of small organisations in the UK admitted that their IT security had been infiltrated.
In the changing landscape SME businesses are increasingly being targeted according to Toni Allen of the British Standards Institute (BSI). In most cases it can take between 100 – 200 days before a company even realises their security has been compromised.
The latest Web Attack Methods
Even though Flash is being phased out and with it goes one of the most common areas of malicious attacks this has only meant that web attacks are being refocused.
Browser infections and targeting social media platforms are two big methods of gaining access to data. In fact, malicious browser extensions that provide a way to leak data were found to impact 85% of the organisations that were studied.
92% of attackers use DNS to target businesses and familiar botnets such as Bedep, Gamarue, and Miuref account for the majority of the command and control activity that affects businesses these days.
Threat Updates in 2015 and Beyond
Flash might be on its way out but Cisco found that malicious individuals or organisations are still most likely to target Flash users. The fact that exploit kits are publically available means it still ranks at the top of the list for vulnerabilities.
Although some browsers sandbox or block Flash completely, attackers still target either older browsers or those not securely updated and it was still an effective method in 2015 and likely to be so in the near future.
Companies using outdated browsers, and add-on software are most at risk. The Cisco report found that 30% were using software that was reaching end of support which further increases their susceptibility.
Geographical and Industry Overview of Attacks
Where are these attackers focusing their efforts?
Government, healthcare, technology companies and professional services topped the list of most targeted industries with SME businesses found to be a weak link. They use less defences and processes to analyse security intrusions. Only 49% of SMBs used web security in 2015 and only 29% were committed to patching software and using configuration tools that keeps their security up to date.
Hong Kong was subject to the most web attacks in 2015 and the number of attacks aimed at organisations in Hong Kong were 9 times the figure of the US.
Encryption, WordPress and Infrastructure
Over the past 12 months the way in which attackers access and steal data has evolved with an emerging focus on social media platforms while established weaknesses such as Flash are still being exploited quite extensively.
Hackers are not only sharing more information with each other but also becoming more flexible in their approach.
In the second part of this blog series we are going to look at the escalating issues in three main areas namely encryption, WordPress and the infrastructure that SMEs use.
Would you like an independent Security Assessment to understand what threats you may be facing. Just click this link and gives us a few details, we can arrange a call back from one of our Security specialist.