AlienVault: Exploits Targeting IoT, Info Sharing on the Rise

An IoT exploit, or attack that takes advantage of a vulnerability, has emerged among the most-seen exploits in a new cybersecurity analysis.

The AlienVault Open Threat Exchange (OTX) Trends Report for the first half of 2018 shows adversaries remain relatively unchanged from last year other than a slight uptick in Chinese-based groups. The IoT exploit could signal the start of a trend of more attacks against IoT and smart devices.

The report also shows an increase in information sharing across the information security industry, including an extensive amount of independent research sharing on Twitter.

AlienVault’s Javvad Malik

Javvad Malik, AlienVault security advocate, tells Channel Partners the most surprising finding is the amount of non-Microsoft attacks that made the top exploits list this year. After eight of the top 10 from last year’s report targeted Microsoft, only six of the top 10 do this year, including just two of the top four.

“This can be largely attributed to hackers increasingly favoring server exploits to target cryptocurrencies,” he said.

Companies are being more open with their threat data because it’s evident that threat collaboration is necessary to ensure security, Malik said.

“Just as hackers are continually collaborating on their exploits, attacks and methods, organizations need to be collaborating on threat data to keep their defenses updated,” he said.

Launched in 2012, AlienVault’s OTX is a free threat-intelligence community that allows companies and government agencies to gather and share information about new or ongoing cyberattacks and threats to avoid major breaches or minimize the damage from an attack. Every day, participants from more than 140 countries contribute 19 million pieces of threat data to the community.

OTX has grown to 100,000 global participants, representing 36 percent year-over-year growth.

“OTX now provides even richer threat intelligence data,” Malik said. “By leveraging OTX, channel providers can ensure their customers are updated on new and emerging threats all over the world, enabling them to be better prepared to defend against breaches and better respond to any breaches to minimize the damages. Channel partners have contributed to this growth by making AlienVault’s OTX available to their customers. It’s a mutually-beneficial relationship — the customers benefit from the rich communal threat data, while also making OTX stronger by contributing their own threat data.”

Without threat sharing, malicious actors can easily reuse effective exploits and pivot their attacks from target to target; for example, a campaign affecting the legal industry in the U.K. can be repurposed for bankers in the U.S., while security researchers operating in silos start from scratch each time.

“Attackers rely on isolation; they benefit when defenders don’t talk to each other,” said Russell Spitler, AlienVault’s senior vice president of product. “We can’t be everywhere at once, but they can learn from each other’s experience. With the growth in OTX membership, we all benefit from the diversity of threat intelligence from an even wider variety of participants.”