SMB ‘Easy Targets’ for Attackers

Wednesday, May 10, 2017 @ 11:05 AM gHale


Oftentimes small to medium sized manufacturers will eschew security saying no one would attack us because we are too small. They couldn’t be more wrong.

That is because intrusion attacks, information gathering, and policy violations pose the greatest risk to midsized organizations, according to a new report from security provider eSentire.

RELATED STORIES
SharePoint for Vital Data, But is it Safe?
DDoS Attack Costs on Rise
Mobile Apps Tracking Users’ Moves
Workers Move Data onto Personal Devices

“In 2016, the eSentire SOC detected almost 5 million attacks across hundreds of primarily small to medium organizations, spanning multiple industries,” said Viktors Engelbrehts, director of threat intelligence at eSentire. “Cybercriminals are attracted to easy targets because they are low risk, high reward, and require little effort to execute. However, available evidence suggests that the majority of opportunistic cyber-attacks against mid-sized businesses can be prevented by applying basic best practice security principles.”

It appears attackers are moving away from sophisticated malicious code assaults, with the majority of hackers preferring inexpensive and automated methods of intrusions, exploiting “low hanging fruit,” which represented almost 30 percent of all observed events, the report said.

Other key findings include:
• March to April and September to October were the most intense periods of threat events throughout the year, with March being the most active month, and June to July being the least active.
• The most often observed threat categories were intrusion attempts, information fathering, and policy violations, representing 63 percent of all observed attacks.
• Intrusion attempts (primarily web attacks) was the top-ranking threat category, representing almost 30 percent of all observed events.
• The top attack methods in the intrusion attempts category involve exploiting a Shellshock vulnerability (CVE-2014-6271), representing 60 percent of all intrusion attempts.
• OpenVAS remains the most prominent tool used for information gathering purposes, with 62 percent of all events attributed to this category. Attacks against the SSH protocol remain the second highest threat in this category, with 21 percent of all events attributed to attempts to guess or brute force passwords.
• Web-based attacks and network scanning continue to increase as widely adapted automated tools allow a hands-off approach by threat actors.

In short, every organization is a target – with easier access than ever before to simple and automated tools, cybercriminals can stage attacks against any business. Attacks, such as ransomware, can reap financial gains without the painstaking effort required to identify and extract high value information from an organization’s network.

Detecting and disrupting the common methods and tools used will make attacks less effective, directly impacting cybercriminal rationale when choosing attack targets. This includes steps to minimize the attack surface and tailoring of security controls.



Leave a Reply

You must be logged in to post a comment.