NTT Ltd., a world-leading global technology services
provider, today released its GTIC Monthly Threat Report for the month of August
2020. The Global Threat Intelligence Center (GTIC) protects, informs, and
educates NTT Group clients through threat research, vulnerability research,
intelligence fusion and analytics.
With
reduced IT spend being predicted as an outcome of COVID-19, the adage
‘architect twice, implement once’ is going to become even more imperative.
Threat actors are attacking applications and are looking for flaws in the
applications available through their web presence. Vulnerabilities in
off-the-shelf applications, custom-built applications, databases, support
infrastructure, as well as development and management tools, allow cyber
criminals to gain direct and public access to databases to churn sensitive
data.
Key findings:
-In
June 2020, attacks against networking products (i.e., Zyxel, Netis, Netcore,
Netgear, Linksys, D-link and Cisco) and video cameras accounted for about 32%
of all attacks. Many of these were brute force or authentication attacks
-Beyond
actual technologies being attacked, the list of actual vulnerabilities which
are actively exploited tends to be relatively narrow. For instance, the top 10
most attacked vulnerabilities in 2019 accounted for 84% of all attacks observed
and the top 20 most attacked vulnerabilities accounted for nearly 91% of all
attacks.
-Some
versions of Oracle Products, ThinkPHP, Joomla!, vBulletin, Apache Products,
OpenSSL, IIS, and WordPress included vulnerabilities which could allow an
unauthenticated remote attacker to perform remote code execution on the
targeted system
-Organisation
or businesses can adopt a web-application firewall (WAF) that helps to protect
exposed systems from attack; it can block or filter attempted attacks from
potentially hostile sources and can identify exploit attempts
-In
addition, segregation of internal networks from each other using access control
lists, white lists, blacklists, and other filtering techniques can help limit,
or at least minimise, the attacker’s attempts to access other systems and data
from any compromised system
-Organisations must focus on application security and include a vast set of controls and concerns, starting with designing secure applications, considering security as a basic business requirement, and extending good security practices through ongoing testing, maintenance, and monitoring of the supporting operational environment
Considerations:
Consolidating cyber
As
businesses continue to transform within information security, the need for the
security industry to move away from ‘best of breed’ technology towards a
unified strategic approach that prioritizes partnering with vendors who provide
more effective coverage of security controls. People,
processes, and technology; the three key pillars of information security must
be considered across each to maintain an acceptable level of cyber maturity.
The
three reasons to consider a consolidation of vendors for cybersecurity
solutions are:
1. Reduction
in risk for both the vendor and the operating environment
2. Greater
coordination of processes
3. Increased
purchasing power
Secure by design: An application perspective
Many
organizations rely on custom applications for key aspects of their business.
Unfortunately, designing, building and maintaining a secure application is not
an easy task. Attackers are aware of this: our 2020 Global Threat Intelligence
Report identified that nearly 55% of attacks we detected were
application-specific or web-application attacks. A secure design is thus,
critical for public-facing as well as internal applications.