Digital Universe Report H1, 2022
Security Attack Landscape
OBRELA Security Industries have launched the H1 Digital Universe Study, exploring the security landscape (in Q1-Q2, 2022) of the industries and domain we work with. This provides a better understanding of the wider threat landscape, globally.
Below are some key takeaways from the report, which provides a ‘funnel’ view of real-time visibility data.
The Digital Universe Report is produced by Obrela’ s collation of:
- 1 PBs of logs collected and analyzed
- 100,000 Devices served
- 7,369 cyber incidents detected
- 11’ response time
The Attack Landscape: Shifts, methods, industries, and best practices
By analyzing the associated data, the Obrela team were able to disclose the most significant attack vectors and activity. One of the most significant shifts we noted include:
- 16% upswing in data breaches, and a noted increase in attacks which target end users.
- A 6% increase in attacks relating to Zero Day vulnerabilities exploitation
- A 12% increase in attacks related to internal risk (policy violations, privileged user activity, inadvertent actions)
However, the most significant change, of over 40%, related to end users. This could show a trend of threat actors pivoting towards things that target users outside of the corporate network, capitalizing on the new normal of remote work and using phishing tactics and even placing social media accounts in the firing line.
Specific attack methods outlined included:
- Inadvertent actors and malicious insiders
- Malware infection/Malware delivery
- System/Perimeter breaches (Data Exfiltration)
- Email attacks (Fraud/Phishing)
Of the sectors we see that were at the greatest risk from these attacks, we found the two most vulnerable sectors to be Banking & financial services, government /corporate. These targets are so vulnerable – to malicious insiders, in particular – simply , because of the monetary gains available. These areas are hugely important areas in terms of global economic activity (particularly in the case of financial services) and the associated gains for a threat actor are self-evident.
The most effective means by which organizations can offset the associated risks of their positioning are to ensure they are doing the basics right; best practices are followed on security training, user authentication and access (following a program of Identity and Access Management), protection of their endpoints and their brand. These best practices can also be extended to network management, including network segmentation and Zero Trust, where applicable. These need to be considered across the company, and across the network, and can be undertaken by partnering with an MSSP who can monitor their IT and cloud infrastructure on their behalf. While these things could be seen as basic, they could be the difference between a secure corporate network, and a breach statistic.
For Construction and other industrial sectors, there will be a lot more OT and IoT running in their environment. These systems present an even greater number of potential ‘open goals’ than in other sectors, which need to be appropriately managed across both the internal network of our customers, and the third-party suppliers who have designed and implemented the IoT/OT.
Emerging use cases
Some of the new incident cases we have seen in our network, and the associated implications include:
Domain impersonation has to do with phishing campaigns, on a massive scale. Either employees of an organization, or their end users, can be targeted by these phishing campaigns which will work to masquerade a phishing site, pertaining to be from an organization (say a financial institution, or a bank) and will work to have this phishing site included near the top of search engines. This then makes it easier to convince a user to click on this malicious site, instead of the official site. This is particularly difficult to detect from a mobile app, where users may not see the URL, and may not notice until they have attempted to log in. By which case, the malicious actor has access to the legitimate site, as a foothold for further malicious activity.
Internal Directory Busting
This technique is a kind of brute force web attack, targeting the public facing website of an organization. This can then be manipulated towards a programme of data exfiltration.
Conclusions: A threat landscape as complex and adaptable as ever made easy to monitor with Obrela support
Cybercriminals are as adaptable as any criminal enterprise, and they have transitioned extremely smoothly over the chaotic period of the last two years. Not only do organizations need to ensure they are doing the basics right, but they need to form a protective ring for example around their end-users, and around the reputation of their brands; Domain impersonation can drag your reputation amongst customers down with it and is an attack on the rise. The best thing organizations can do is to partner with an MSSP who understand the ever-fluid nature of the security market and can work with them to ensure that their unique environment is well protected.
Download the report by filling-in the form provided.