Report: Targeted Attacks Are Leading Cybersecurity Incidents

A hooded hacker stands against a background of the world with binary code. Targeted attacks from hackers like this are leading cybersecurity incidents.

Written by: Jay H.

According to a report released by security vendor Positive Technologies, cybercrime is on the rise, and targeted attacks are the leading cybersecurity incidents.

Using data collected last year, the organization found that targeted attacks made up 60 percent of incidents, a 5 percent rise from 2018. The top sectors targeted were government, industry, healthcare, science, education, and finance, encompassing 54 percent of all incidents.

Attackers Specializing In Advanced Persistent Threats

“The increase in targeted attacks is due to several reasons,” Alexey Novikov, Director of PT Expert Security Center, stated. “Every year, we see new groups of attackers specializing in advanced persistent threats. During 2019, the Positive Technologies Expert Security Center (PT ESC) tracked APT attacks by 27 groups, ranging from well-known groups, such as Cobalt, Silence, and APT28, to relatively unknown newcomers.”

“Companies are paying closer attention to cybersecurity, implementing, and using special security tools (such as anti-APT solutions) to detect and prevent complex attacks. This makes it easier to detect malicious activity more accurately and significantly reduces dwell time. Because of this, information on individual incidents and particular tactics and tools used by different APT groups becomes public knowledge and can be used as intelligence to bolster countermeasures.”

The vendor suggests that “companies should shift their attention from the prevention of attacks in the perimeter to timely detection and response inside the network, regularly checking any previous attacks.”

Companies Need To Adopt Security Measures

The report lists the following security measures companies need to take:

Use proven security solutions

  • Centrally manage software updates and patches. Prioritize updates with the most pressing security threats.
  • Install antivirus software with a sandbox for dynamically scanning files and the ability to detect and block threats such as malicious email attachments before employees open them.
  • Use SIEM solutions for timely detection and effective response to information security incidents.
  • Use automated tools for analyzing security and identifying software vulnerabilities.
  • Deploy web application firewalls as a preventive measure.
  • Detect sophisticated targeted attacks in real-time and in saved traffic with in-depth traffic analysis.
  • Employ specialized anti-DDoS services.

Protect your data

  • Encrypt all sensitive information.  Also, do not store sensitive information where it can be publicly accessed.
  • Perform regular backups and keep them on dedicated servers isolated from the network segments used for day-to-day operations.
  • Minimize the privileges of users and services as much as possible. Use a different username and password for each site or service. Also, use two-factor authentication where possible, especially for privileged accounts.

Monitor the security situation

  • Keep software up to date. This means do not delay installing patches.
  • Test and educate employees regarding information security.
  • Make sure insecure resources do not appear on the network perimeter. Also, regularly take an inventory of Internet-accessible resources, check their security, and remediate vulnerabilities found.
  • Filter traffic to minimize the number of network service interfaces accessible to an external attacker.
  • Regularly perform penetration testing to identify new vectors for attacking internal infrastructure and evaluate current measures’ effectiveness.
  • Regularly audit the security of web applications, including source-code analysis. Identify and eliminate vulnerabilities that put application systems and clients at risk of attack.
  • Keep an eye on the number of requests per second received by resources. Also, configure servers and network devices to withstand typical attack scenarios (such as TCP/ UDP flooding or high numbers of database requests).

With targeted attacks leading cybersecurity incidents, companies must be prepared. In conjunction with the above security measures, consider working with security experts to develop a comprehensive security strategy for your business.

Also, check out more cybersecurity topics.

Protected by Copyscape

Comments are closed.