eSentire: Education Vertical Spirals in Cybersecurity Threat Rankings
The new eSentire annual threat report defines the new normal.
December 19, 2018
The 2018 Annual Threat Report released Wednesday by eSentire, the managed detection and response provider, demonstrates the ongoing cybersecurity arms race.
The report highlights a 500 percent increase in the use of botnets compared to 2017, an exponential increase in coinmining, and the growing threat of Maldocs.
The report points out the five most targeted industries — education, accounting, construction, real estate and biotechnology. While entries on the top 10 affected industries in 2018 remain the same as in 2017, there were a few shifts in the rankings. The most significant change was the ranking of the education industry from No. 10, all the way up to No. 1.
eSentire threat intelligence used data gathered from over 2,000 proprietary network and host-based detection sensors distributed globally across multiple industries, in midsize organizations. The company has been reporting on this data annually for the past several years.
eSentire’s Kerry Bailey
“The exponential growth of cybersecurity threats each year represents a new normal that organizations must be prepared to deal with as automation makes it easier and more profitable for threat actors to execute attacks,” said Kerry Bailey, CEO, eSentire. “Staying ahead of rapidly growing threats like botnets and coinmining malware presents significant financial, operational and personnel challenges for organizations, and underscores how crucial adopting emerging technologies such as managed detection and response (MDR), and artificial intelligence (AI) are to protecting assets.”
In the emerging threats section of the eSentire report, the surge in botnet activity is tied to compromised servers, an observation that is consistent with recent trends in multi-stage attacks.
“Threat actors often compromise low-hanging, low-value devices for which there is no direct opportunity for monetary gain,” according to the report.
However, the initial compromise, or foot in the door, is often part of a later, larger-scale attack that ultimately seeks a financial benefit.
During 2018, coinmining emerged in two forms: malware on compromised assets (CoinMiner) and in-browser monitoring that persists only through the browsing session (such as Coinhive). The report points out that the financially motivated threat actors prefer coinmining over alternative methods such as ransomware.
In 2018, Maldocs, such as Marap, emerged as the popular new downloader, and acts in a similar manner to Emotet. Marap enters organizations embedded within Office and PDF documents delivered through email. Ursnig, another Maldoc, continued to evolve in 2018. The good news is that there are numerous strategies for addressing Maldocs.
eSentire notes that the education vertical in its customer base is primarily administration rather than networks that contain endpoint devices used by students.
“Still, [the education industry] belongs to the set of industries that hasn’t put cybersecurity at the front, while at the same time their technology front has increased,” Keegan Keplinger, data visualization lead and lead report researcher at eSentire, told Channel Futures.
The financial-services industry dropped from the seventh-place ranking in 2017 to the 10th place ranking in 2018. Keplinger attributes that to …
… years of making big investments in security, having security requirements put in place, and implementing better controls.
“The financial industry is still highly targeted, but they’ve done a lot over the years to increase their security posture,” he said.
Phishing attacks continued in 2018, with DocuSign dominating phishing lures in the corporate environment, followed by Office 365 and OneDrive. Malware, which typically enters organizations through an email link or malicious attachment, was most prevalent in the mining industry, which saw the largest volume and diversity of malware. Mining was followed by education, health care, construction and real estate.
As a note of interest, Tuesday proves to be the most popular day of the week for phishing attempts.
Both phishing attacks and malware are preventable with the implementation of more technical controls and employee awareness, the report notes.
The latest eSentire threat report also took a look at attacks on IoT devices, bruteforce attacks, and exploitation campaigns. For example, new exploits for multiple IoT devices include door controllers, security cameras and digital video recorders.
“This issue will only continue to grow as IoT forms the foundation of connected devices and smart-city grids,” the report states.
Read more about:
MSPsAbout the Author
You May Also Like