One place for hosting & domains

      Cybersecurity

      Evolving Cyberattacks: Exploring the Changing Cybersecurity Landscape in 2020


      Cyberattacks have been plaguing the top headlines for years and security continues to be a top priority for enterprises across the globe. In fact, when IT pros were asked their top challenges for 2020, protecting their organizations from cyberattacks came in second only to migrating applications to the cloud.

      Many of these pros also noted that cybersecurity would have been a good area to focus on had they known when they entered the field how important security would become. And this is not without reason. Criminals perpetrating cyberattacks keep shifting their strategies to expose new vulnerabilities, and cybersecurity experts are essential to stop these attackers in their tracks.

      As the cybersecurity landscape continues to evolve, it’s crucial to maintain awareness and adjust security strategies accordingly. Let’s explore what’s changing and which attacks are on the rise.

      Targeted Ransomware Attacks

      Public reports from various vendors such as Check Point, Verisign and others all seem to agree that mass ransomware attacks peaked in 2017 and ran through 2018, with 30 percent of businesses and home users affected, according to Checkpoint’s 2020 Cyber Security Report. But a peak doesn’t mean that ransomware attacks are going away, rather, they shifted to more targeted ransomware attacks in 2019.

      Alert Logic notes in their Critical Watch Report that ransomware continues to be a popular cyberattack due to its profitability, simplicity (because it can be conducted from a computer anywhere in the world) and anonymity. Malicious attackers are always adapting to new environments and IT protection strategies. The larger numbers of attacks in 2017 were reported from organizations that received phishing emails containing ransomware software. This technique has a fairly low success rate. With the end goal of a company paying an attacker for encryption keys, there is also low probability that the majority of these organizations would even have the available funds to pay in the first place. A more targeted and sophisticated effort proves to have a much higher success rate.

      Rising Popularity of Cryptojacking

      With ransomware attacks on the decline, cryptojacking—a type of cyberattack in which a hacker secretly uses a target’s computer to mine for cryptocurrency—is seeing a massive rise in popularity. It’s less visible and doesn’t require the same effort as ransomware. One of the many examples of this trend is a cryptojacking attack on a cloud mining service, which took the scripting service offline for weeks and resulted in 65-million-dollars in stolen cryptocurrency. While the company was able to recover most of the currency, cryptojacking attacks continue to deliver potentially business-ending consequences to vulnerable organizations.

      Attackers are evolving to use many of the same exploit measures that spammers and DDoS attackers have been using for years. Gaining control of a machine through known vulnerabilities and using those compromised machines idles computing cycles to join a mining pool.

      There were 52.7 million cryptojacking hits in the first half of 2019. Cryptojacking is a growing threat as we progress into 2020, and we can expect that more and more idle compute resources will be compromised.

      Evolving DDoS Attacks

      DDoS attacks are still a rising method of cyberattack, and just like ransomware attacks morphing into cryptojacking, DDoS attacks are also evolving.

      Neustar’s Q2 and Q3 2019 reports suggest that the attack intensity, measured in Mpps (million packets per second), as well as attack size, measured in Gbps (gigabits per second), is dropping. The average intensity of attacks in 2018 measured at 4.5 Mpps, while the average was 1.3 Mpps. The largest DDoS attack, recorded in 2018, registered at 1.7 Tbps. The average attack size in 2019 was around 7.5 Gbps. This suggests that DDoS attacks are currently undergoing the same process of refinement as ransomware attacks.

      Increasingly sophisticated DDoS attacks are being used not to take a whole service offline with a volumetric attack, but to strategically target specific ports, gateways, services or applications. These attacks require much less traffic to take a service offline, and many times the attack is focused on network degradation as opposed to a downed site event.

      Other Types of Cyberattacks

      While some of these more popular attacks types peaked from 2017 and 2018, a few new forms of attacks are on the rise. Some are using classic tactics, with malicious attackers going back to more simplistic attack styles to exploit areas that may be lightly secured by more corporations. Attacks using web-form hijacking techniques are on the rise, and while it seems as though most companies have adequate controls, JavaScript-based attacks served 16 percent of all global attacks for the first half of 2019.

      JavaScript based attacks are reported only third to EXE and DOC based attacks. While many organizations have defense software or hardware to protect their services on an application level, there may still be gaps in security that allow for vulnerabilities. A failed policy to delete an administrator account after an employee departure, a patch that was never applied to an application or crucial upgrades to software that can’t be implemented due to how the application is developed all can result in an attack.

      Preventing Vulnerabilities

      In 2020, it’s more crucial than ever to update both business and technical security policies. Finding a partner you can trust is an important first step to effectively getting ahead of these evolving attacks, and to navigating and managing the complex tools that will keep your organization safe.

      At INAP, we offer managed security services for all cloud products that extend your team and safeguard critical infrastructure. Do your homework to ensure whichever partner you choose can adequately safeguard your infrastructure solutions, as well as adequately address the evolving cyberattack landscape.

      Explore INAP Managed Security.

      LEARN MORE

      Paul Just


      READ MORE



      Source link

      19 Cybersecurity Stats to Kickoff National Cybersecurity Awareness Month 2019


      “Own IT. Secure IT. Protect IT.” That’s the Department of Homeland Security’s rallying cry for this year’s National Cybersecurity Awareness Month (NSCAM). Held every October, NSCAM brings to the masses what IT professionals and tech executives know all too well: Cyberattacks pose an ever-changing, ever-growing threat to national and economic security, and no household or business is immune.

      To kick off National Cybersecurity Awareness Month, we compiled 19 cybersecurity stats that paint a staggering picture of the challenges ahead for businesses and IT professionals.

      There are two major undercurrents running through these numbers. First, sophisticated cyberattacks are increasing in frequency and come at a high cost for organizations who are taken offline or lose data. Secondly, although IT pros are well aware of the threat landscape, acquiring the tools, skillsets and resources needed to protect their businesses are significant hurdles. Take a look for yourself below:

      1. The number of cybersecurity attacks reported to the Pentagon every day: 10 Million (1)
      2. The ratio of attempted cyberattacks on web applications to successful attacks: 100,000 to 1 (2)
      3. The percentage of devices at small or medium-sized businesses that run operating systems that are expired or are about to expire: 66% (3)
      4. The ratio of safe URLs to malicious URLs in 2018: 9:1 (down from 15:1 in 2018) (4)
      5. The percentage of data breaches involving compromised privileged credentials, such as passwords: 80% (5)
      6. The number of records stolen or leaked from public cloud storage in 2018 due to poor configuration: 70 million (4)
      7. The percentage of IT professionals who say protecting their organization from cyberattacks is their top challenge in 2019: 36% (the no. 1 challenge reported) (6)
      8. The number of unfilled cybersecurity jobs in the United States: 313k (1)
      9. The estimated number of unfilled cybersecurity jobs worldwide by 2022: 8 million (1)
      10. The percentage of IT professionals who say the time it takes their teams to address critical patches and updates leaves their organizations exposed to security: 52% (6)
      11. The average number of days it takes an organization to patch critical CVEs (common vulnerabilities and exposures): 34 (2)
      12. The estimated percentage of servers not fully up to date on patches, according to IT professionals: 26% (6)
      13. The number of IT professionals who say they’re very confident their organization has adequate resources, tools and staff to secure its servers, applications and data: 1 in 4 (6)
      14. The average cost of a successful phishing attack on a single small or medium-sized business: $1.6 Million (1)
      15. The average annual cost of infrastructure downtime to the average enterprise: $20 million (7)
      16. The estimated global cost of cybercrime by the end of 2019: $2 trillion (1)
      17. Estimated annual spending on cloud security tools by 2023: $12.6 billion (8)
      18. The number of IT professionals who say improving data center security is a primary reason for moving away from on-premise data centers to a remote cloud or colocation facility: 4 in 10 (5)
      19. The percentage of organizations planning to invest more in IT resilience capabilities such as backup, replication and DR over the next two years: 90% (9)

      Resources for Cybersecurity & Business Continuity Protection

      While these statistics provide a sobering look at the challenges faced by IT and information security professionals around the globe, the good news is no one has to go it alone. At INAP, we partner with our customers to safeguard their critical infrastructure (and their brand’s reputation) with comprehensive data center and cloud solutions, including managed security services and cloud backup and disaster recovery services.

      Sources & Further Reading:

      1. Department of Homeland Security. “National Cybersecurity Awareness Month 2019.”gov.
      2. “It Takes an Average of 38 Days to Patch a Vulnerability.”
      3. Alert Logic. “Critical Watch Report: 2019 SMB Threatscape.”
      4. “Internet Security Threat Report.” February 2019.
      5. Forrester Research via CloudTech. “Three reasons why killing passwords will improve your cloud security.”
      6. “The State of IT Infrastructure Management 2018.” December 2018.
      7. “Cloud Data Management Infographic.” June 2019.
      8. “Cloud Security Spend Set to Reach $12.6B by 2023.” April 2019
      9. IDC & Zerto. “The State of IT Reslience Report 2019.”
      Ryan Hunt
      • Director of Content & Communications


      Ryan Hunt is the Director of Content & Communications. READ MORE



      Source link