Our threat research team’s been burning the candle at both ends this year, what with the sheer number of nasties out there at any given time. But with so many to choose from, how did we populate a list with just seven cybersecurity threats, and why? For one, it’ll take the rest of the year to catalog the number of threats we’ve seen in just the first six months, and secondly… well, we’ll do another one of these in time.
So, we went ahead and picked the brains of a handful of our researchers and came up with a ‘cybersecurity’s most wanted’ list, to give you an overview of what’s been driving security teams up the wall. While this list is by no means exhaustive, it should give you some insight into the current application and data risks out there and what you should keep an eye on. Let’s crack on.
First off, we look at misconfiguration and incorrect deployment, which can leave resources unguarded and sensitive data up for grabs.
- March 2018’s PostGreSQL Monero vulnerability report is a great example of how database serves were left wide open and vulnerable to attack.
- Another one for the list is a recent report showing how open Redis servers were exposed to hackers, the culprit here again being the fact that the servers were left open.
A second and equally devastating threat emerges when security teams aren’t able to patch systems fast enough to counter the increasing pace of new threats popping up.
- One of the year’s biggest ‘patch-fails’ was when unpatched Drupal apps were being hit by Drupalgeddon; leaving scores of sites vulnerable.
- RedisWannaMine — which took aim at unpatched Windows machines — also made a splash earlier this year.
Thankfully, however, there are ways to defend against these kinds of threats. Adopting a layered security approach can be a strong defense against patching vulnerabilities, as well as putting in place a good patching management system.
Not to be left off a threat list, 2018 saw an increase in both the scale and severity of DDoS attacks.
- DDoS amplification attacks via Memcached servers deserve a special mention
- And let’s not forget DDoS attacks piggybacking on UPnP protocols, as mentioned in an earlier post.
Finally, as cryptocurrencies show no signs of slowing in terms of popularity, cryptomining – sometimes referred to as cryptojacking – attacks follow the same trajectory.
- A favorite method for hackers is remote code execution – driving almost 90% of all cryptomining attacks globally.
The cybersecurity landscape is one of increasing complexity, and security teams have to equip themselves with tools that are scalable, accurate and make it easy to hone in and take action on action real threats. Pair this with financial constraints and a lack of skilled personnel in the industry as a whole and you begin to understand the mammoth challenge so many face in securing their applications and data.