Low risk, high reward: Threat actors leave sophisticated attacks behind

News by Danielle Correa

According to new research by eSentire, cyber-criminals are moving away from sophisticated attacks in favour of inexpensive and automated methods of intrusions.

The greatest risk to mid-sized organisations is rudimentary attacks, such as intrusion attempts, information gathering and policy violations.

A recent cyber-threat report from eSentire provides an overview of the cyber-threats investigated by the company's Security Operations Centre (SOC) in 2016. The research provides threat perspective for business leaders in small and midsize organisations as well as takeaways to help strategically reduce the risk of cyber-threats.

The research consisted of data gathered from more than 1500 proprietary network and host-based detection sensors globally across various industries.

March to April and September to October were the most intense periods of threat events throughout 2016. June and July were the least active months.

Intrusion attempts, information gathering and policy violations were the most often observed threat categories, which represented 63 percent of all observed attacks.

Intrusion attempt (primarily web attacks) was the top-ranking threat category, which represented 30 percent of all observed events.

Top attack methods in this category involve exploiting a Shellshock vulnerability, representing about 60 percent of all intrusion attempts.

The most prominent tool used for information gathering of all events attributed to this category remains Open VAS (62 percent). Attacks against the Secure Shell (SSH) protocol are the second highest threat in this category (21 percent).

Web-based attacks and network scanning continue to grow as widely adapted automated tools allow a hands-off approach by threat actors.

With most attackers having a preference for inexpensive and automated methods of intrusions, cyber-criminals are moving away from sophisticated malicious code attacks. As long as these techniques are successful, this trend is expected to continue.

With easier access than ever before to simple and automated tools, cyber-criminals can quickly and easily stage attacks against every business. For example, ransomware can reap financial gains without putting in the painstaking effort needed to identify and remove information from an organisation's network.

Detecting and disrupting the common methods and tools used will make attacks less effective, which impacts cyber-criminal rationale when picking attack targets.

Organisations can use seasonal threat trends to align security efforts to their advantage. Security awareness training is most effective when applied during the months of December to March, prior to the busiest threat activity time, during March and April.

“In 2016, the eSentire SOC detected almost five million attacks across hundreds of primarily small to medium organisations, spanning multiple industries. Cyber-criminals are attracted to easy targets because they are low risk, high reward, and require little effort to execute. However, available evidence suggests that the majority of opportunistic cyber-attacks against mid-sized businesses can be prevented by applying basic best practice security principles,” said Viktors Engelbrehts, director of threat intelligence at eSentire in a news release.

“Defending against evolving threats has never been more important for mid-sized organisations working to guard against financial and reputation-based risk. By addressing the recommendations, business leaders will be equipped to disrupt threat opportunities, as opposed to remediating financial damage caused by attacks,” said Mark McArdle, CTO at eSentire in a statement. 

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews