Cyber Threats Hiding in Plain Sight: How to Protect Your Business

[Audrey McNeil <audrey () riskbasedsecurity com>]

https://uk.news.yahoo.com/cyber-threats-hiding-plain-sight-protect-business-153824040.html#vZ0B39A

Over the last few months we have witnessed an abundance of cyber-attacks.
Heartbleed, CryptoLocker's two week count down and now the new variants of
file-encrypting ransomware called Cryptowall and Cryptodefensybe are
evidence enough to show that cyber criminals have no plans of slowing down.

Even high profile companies such as PayPal and LinkedIn have been subject
to breaches in recent months, so it is important businesses understand what
is out there and what they can do to prevent such attacks.

Our Application Usages Threat Report a study of analysis of traffic data
collected from 5,500 network assessments paints a similar picture. We have
found that attackers are also exploiting commonly-used business
applications to bypass traditional security controls and the enterprise
needs to get smarter by preparing for not just the attacks of today, but
also for the attacks of tomorrow.

While we know that 100% prevention and detection is just not possible right
now, the industry wants to get closer to that goal by working faster at
preventative measures.

Unsurprisingly, common sharing applications (CSM) such as IM, email, social
media and video account for nearly one-third of all applications on the
network. Interestingly, this makes up only 5% of all threat activity which
means CSM is merely being used as the entry point and the first step within
a multi-phased assault.

Unprecedented levels of trust

Consumers are also putting an unprecedented levels of trust in social media
apps, which makes it easier for attackers to get in the network and get to
work. In other words, too many doors are being left open for attackers to
walk right in undetected and steal data right in front of us, so they're
operating in plain sight.

Another problem on the rise for the security industry is SSL (Secure
Sockets Layer). It's undeniable that SSL is a great underlying cornerstone
for business privacy, however it's also ideal for masking hackers.

To put it simply, hackers are now able to exploit the network by exhibiting
application-like evasion tactics and either acting as or using common
network applications for lateral communications and data sifting.

Growing problem

The problem doesn't just stop with SSL. Criminals are also using FTP (File
Transfer Protocol), RDP (Remote Desktop Protocol) and netbios to mask their
activities as they work to exploit the system. This is alarming because the
use of SSL is more widespread than ever. With 34% of all applications
running on the networks communicated over SSL, businesses have no way of
being certain that the traffic within the encrypted channels is free of
malicious activity.

SSL use is a much bigger problem than it was even a year ago. If an
administrator doesn't know how many applications running on the network use
SSL, they also don't know how many of those applications use OpenSSL. This
means they may directly or indirectly expose the organisation to the next
Heartbleed.

The key for businesses to ensure they remain protected and increase their
security is by focussing on preventing cyber-attacks before they enter the
network, instead of fixing them after they've breached. In fact, there are
simple steps you can take to protect your business right away. First, it is
crucial to determine and selectively decrypt applications that use SSL.
Selective decryption can help you uncover and eliminate potential hiding
places for cyber threats to stop the criminals at entry point.

Every employee is a potential security risk

Secondly, be aware that unknown traffic will always occur in the network.
We've found that while this will only average at around 10% of the
bandwidth, it can still be high in risk. By effectively controlling unknown
UDP/TCP you will quickly eliminate a significant volume of potential
malware.

However, overall we found the key takeaway from the Application Usage
Threat Report is that, while they play a fundamental role, securing the
network is not the sole responsibility of the CSO or CIO.

The entry point for the majority of breaches we saw were via everyday
interactions on laptops and mobile devices, so every employee is a gateway
to a potential security risk.

Educating the workforce about the dangers of cyber threats and making them
more aware that the applications and public networks they use could cause
threats is vital. So you should obviously keep your security solution
updated to stay ahead of the new techniques cyber criminals are using, but
also update your company policy regularly and keep your staff vigilant
about the apps and public networks they use.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!