Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Blogs
    • Security Watch

    SecureWorks Finds Most Cyber-Threats Involve Phishing, Network Scans

    By
    ROBERT LEMOS
    -
    February 4, 2017
    Share
    Facebook
    Twitter
    Linkedin
      SecureWorks Cyber Study 2

      The vast majority of successful attacks on companies are conducted by cyber-criminals using phishing, network scans for exploitable systems, and strategic web site compromises, security-services firm SecureWorks found in an analysis of six months of incident-response engagements.

      The analysis of 163 incidents found that 82 percent could be attributed to cyber-criminals, 11 percent to insiders and 7 percent to nation-state adversaries. The company attributed attacks to financially-motivated cyber-criminals if they included theft of funds, the copying of financial information or personal data, the use of computing power, or ransom of data.

      While advanced attacks and zero-day vulnerabilities garner a lot of attention, phishing, exploitation of known vulnerabilities and using websites to launch attacks were the most common methods of compromise. The vast majority—88 percent—of attacks were opportunistic and not targeted, the report stated.

      “There are a lot of companies focused on the advanced threats, but when we look at the companies, they don’t have the basics down,” Jeffrey Carpenter, director of threat intelligence and incident response consulting at SecureWorks, told eWEEK. “They are failing at some of the basic, basic components of defense.”

      SecureWorks conducts nearly 800 incident-response engagements every year, about half of which were proactive—to check cyber-defenses—and the other half reactive—to help clients clean up after an attack, Carpenter said.

      The study involves data from the 163 reactive incident response engagements SecureWorks did in the first half of 2016. The company emphasized that the focus on the victims means that the study reveals the actual attacks that threaten companies.

      Malware typically entered a corporate network through the compromise of a vulnerable public-facing system, compromised employee credentials, delivered in an email, downloaded from a website or through a third-party contractor.

      Phishing accounted for 38 percent of attacks, while scans for vulnerable systems that were then exploited accounted for 22 percent of attacks. Using a website to host exploits accounted for 21 percent of the attacks.

      In one incident, for example, one large-scale manufacturing firm had numerous malware infections. While the company had deployed antivirus software, it did not prevent the attacks, but only created continuous alerts about the infections, SecureWorks stated in the report. Cyber-criminals quickly monetized the attacks by installing banking trojans, bitcoin mining software and remote access trojans.

      SecureWorks found that the company had too many users with administrative privileges, still had systems running Windows XP and only a limited ability to respond to an attack.

      While phishing is the top attack vector, many companies are not prepared to deal with it, Carpenter said.

      “Training alone is not good enough,” he said. “No matter how much you train, you will always have someone who clicks.”

      SecureWorks identified many areas where companies could improve their preventative measures, but Carpenter highlighted the need for a strategy balanced between prevention, detection and incident response.

      Top preventative strategies included better and more consistent patching, managing user-account privileges and adding web application firewalls or content filters. Companies also have to implement a good endpoint security solution, improve logging and collection capabilities, and help incident responders, he said.

      “No matter how many steps you take, you are always going to have an incident,” Carpenter said. “So you need to focus on response as well.”

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×