Multiple research reports released the week of March 26-30, reveal prevailing trends in the cyber-security attack landscape.
In the aggregate, the reports provide a snapshot of some to the top concerns facing enterprise IT today, including cryptocurrency mining, ransomware and IoT threats.
Among the reports, the Shared Assessments Program and the Ponemon Institute released a study on third party risk, that reveals a significant level of concern about IoT devices. Recorded Future's study looked at top vulnerabilities, finding that Microsoft software products are a top target, outpacing Adobe Flash. SentinelOne released a report on the current state of ransomware and Vectra's report looks at crypto-currency mining operations.
On March 26, the Shared Assessments Program and the Ponemon Institute released their second annual IoT third party risk survey, The Internet of Things (IoT): A New Era of Third Party Risk.
Among the top-level findings in the study is that organizations have a high degree of concern about IoT risks. 97 percent of respondents indicated that the likelihood of a security incident related to unsecured IoT devices could be catastrophic for their organization.
Also of note, 81 percent reported that they expect a data breach to be caused by an unsecured IoT device in the next 24 months. Ransomware related to IoT device insecurity is another key concern, with 60 percent of organizations worried that the IoT ecosystem is vulnerable to ransomware attacks.
While there is plenty of concern about IoT device risks, few organizations are apparently doing much to mitigate the risk. Less than half (46 percent) indicated they have a policy in place to disable risky IoT devices and only 28 percent said that IoT-related risk is included as part of third party due diligence.
On March 27, Recorded Future released its top vulnerabilities of 2017 report, revealing that Microsoft application vulnerabilities became more popular with cyber-criminals than in past years.
According to Recorded Future, in 2016 Adobe Flash accounted for six of the top 10 vulnerabilities. In 2017, however, seven of the top 10 vulnerabilities used in phishing attacks and exploit kits made use of Microsoft product vulnerabilities.
The most common vulnerability used by cyber-criminals in 2017 according to Recorded Future was CVE-2017-0199, which was patched by Microsoft in April 2017. CVE-2017-0199 is a remote code execution vulnerability that has broad impact across Microsoft Office products.
SentinelOne releases its Global Ransomware Report 2018 on March 27, providing insight into the state of ransomware attacks. According to SentineOne, a primary cause of ransomware attacks as identified by 56 percent of organizations, is employee carelessness. Respondents also identified legacy antivirus (AV) technologies as another key cause for ransomware attacks impacting their organizations.
Ransomware attackers encrypt critical business data and then demand that their victims to pay a ransom, usually in some form of crypto-currency, to restore access to their data. Paying the ransom is something that 45 percent of victimized U.S. organizations did in 2017, according to SentinelOne. Unfortunately even after paying the ransom, the cyber-criminals restored access to the data in only 26 percent of the reported attacks.
Adding insult to injury, SentinelOne reported that ransomware attackers were likely to go after U.S. organizations that had previously paid the ransoms. Looking at what amounts were paid by victim organizations, SentinelOne found the global average ransom paid to be $49,060, while the the average value of ransoms paid by U.S. companies was higher at $57,088.
On an optimistic note, 96 percent of SentinelOne's survey respondents that had previously been a victim of a ransomware attack, were confident that their organization's could block future attacks.
On March 29, Vectra released its Attacker Behavior Industry Report, highlighting the trends in crypto-currency mining operations. The growth of crypto-currency mining has been highlighted by multiple reports in 2018, including one released March 22 by Symantec.
According to Vectra, 60 percent of all the crypto-currency mining detections, occurred in higher education. In contrast, the entertainment and leisure industry vertical only accounted for 6 percent, while financial services came in at 3 percent of detections.