There have been notable changes in attack types, vectors and industry targets in the third quarter, including ramped-up efforts to compromise new verticals.
According to eSentire’s 2017 Q3 Quarterly Threat Report, providing a snapshot of threat events investigated by its Security Operations Center (SOC) from July thru September of this year, the quarter saw a rise in attacks against accounting, biopharma, retail, biotech and pharmaceuticals. That’s a change from trends spotted earlier in the year, when the momentum went against finance, legal and healthcare.
These attacks were mostly scanning and exploitation based, the firm said—which demonstrates that these industries are being targeted for their lucrative data and broad attack surface.
Information-gathering especially had a high representation in the biopharma, biotech and pharmaceuticals industries, where there is likely an interest in intellectual property and a propensity for non-standard internet devices to be connected to the network. In all, information gathering leads overall traffic volume.
“These industries also have more device-based infrastructure to support lab-based research and development,” the report detailed. “Consequently, these devices can increase exposure to networks they’re connected to. They often rely on outdated operating systems, which can increase vulnerability and make them an attractive target for opportunistic attacks that rely on established tools and dated vulnerabilities.”
That’s not to say other verticals don’t remain in the cross-hairs. Phishing attacks occurred most frequently in the healthcare industry. eSentire postulated that this could be due to the high volume of patients that staff in the healthcare industry must interact with, obscuring malicious transactions. It could also pertain to weak policies around phishing and a lack of awareness and training among healthcare employees.
On the general trend front, the analysis also uncovered a rise in availability attacks, usually in the form of DDoS attacks. These types of attacks are often used by political activists in an attempt to silence or disrupt political opponents, but they can also be used as incentive to pay a ransom.
Finally, the third quarter also was marked by a surge in OpenSSL detections, according to the report. The most- targeted vulnerability existed in OpenSSL (CVE-2014- 0160); runners up included an ASUS Router exploit (CVE-2014- 9583), an Apache Struts exploit (CVE-2017-5638), an exploit of the Invision Board (CVE-2002-1149), Microsoft IIS (CVE-2000-0778, CVE-2000-0071 and CVE-1999-1538), Trivial FTP (CVE-1999-0183), and Microsoft Exchange (CVE-2015-1631).
“With the exception of Apache Struts, all of these vulnerabilities are at least three years old,” the report noted. “And in most cases, they’ve been patched across the commercial sector. However, many vulnerabilities haven’t been patched due to conflicting software dependencies and isolation practices. When an endpoint that has not been connected to the network is eventually connected, all of its vulnerabilities become exposed in the time it takes to update the system. Opportunistic attacks that are constantly scanning and attempting exploits on these systems must be yielding successful results as attempts on them remain a large portion of malicious traffic.”