In the first half 2018 security has remained a top concern for enterprises. And for good reason, says Check Point’s Cyber Attack Trends mid-year report. The report found that the rise of cloud infrastructure, mobile devices and applications, and other new technologies led to new trends in the types of attacks made by threat actors.
The Check Point report is based on threat intelligence data drawn from its Threat Map between January and June 2018. The Threat Map uses Check Point’s global footprint of sensors to track and identify cyber attacks (exploits, malware, phishing attempts, etc.) as they’re happening. The sensors act as gateways that the company’s customers can use to anonymously share logs of their security products to Check Point. About half choose to share this information, according to the company.
The report found that cryptomining took over as the leading attack vector — knocking ransomware from the top 10 families of malware that the company compiled. Cryptominers affected 42 percent of organizations worldwide. At the end of 2017, they only affected 20.5 percent. The other malware families topping the list were an IRC-based worm, a modular bot, a banking trojan, mining software, and more.
According to Check Point, this year cryptominers became more destructive and sophisticated, exploiting high-profile vulnerabilities and evading sandboxes and security products to expand their infection rates. Check Point found that cryptominers attacked a variety of technologies including SQL databases, nuclear plants, and industrial systems.
Cryptominers are also targeting cloud infrastructure. The report noted that in the beginning of this year that these hackers targeted cloud components Docker and Kubernetes systems — even exploiting Tesla’s internal cloud servers.
One of the reasons that cloud applications and components are under attack is that cloud APIs are accessible via the internet, which has left open a window for threat actors to enter through. This easy access to all of the data, applications, and workloads that enterprises store and manage in the cloud makes it an attractive environment to attack.
The report also pointed to mobile devices as a growing vulnerability. While this isn’t a new trend in itself, the way that threat actors are targeting these devices is new. Check Point saw a rise in preinstalled malware, including banking trojans and adware, has led to more exploits.
Interestingly, in a webinar discussing the report findings, Maya Horowitz, threat intelligence group manager at Check Point, said that 10 percent of the attack techniques that were used were published this year, where a vast majority of attack strategies are older, coming from five years ago. Horowitz said this comments on the laziness of most attackers: If the old techniques still work, why would they change what they’re doing?
As threat actors adapt to new technologies and both develop more sophisticated approaches and use old-trusted methods, enterprises must think hard about security technologies. Check Point noted that layered, consolidated approaches to security work best. The company suggested using tools that can segment enterprises’ data and workloads and manage it through a single pane of glass, enabling protection in clouds, across infrastructures, endpoints, mobile applications, and more.