Network security company Palo Alto Networks released on 3rd June its 2014 Application Usage and Threat Report (AUTR), which aims to provide insights on how business leaders and security practitioners need to reassess and strengthen their security posture.
Based on analysis of traffic data collected from 5,500 network assessments and billions of threat logs over a 12-month duration, the report revealed how attackers exploit commonly used business applications to bypass security controls.
Key findings of the AUTR include the following:
- Common sharing applications such as e-mail, social media, and video remain favoured vehicles for delivering attacks but are often the start of multi-phased attacks rather than the focus of threat activity.
- 99 percent of all malware logs were generated by a single threat using UDP; attackers also use applications like FTP, RDP, SSL, and NetBIOS to mask their activities.
- 34 percent of applications observed can use SSL encryption; many network administrators are unaware of what applications on their networks use unpatched versions of OpenSSL, which can leave them exposed to vulnerabilities such as Heartbleed.
We spoke to Sharat Sinha, Vice President for Asia Pacific of Palo Alto Networks, to learn in detail some of the report’s findings. Aside from discussing issues surrounding enterprise applications and data breach, Sharat also shared some security tips for enterprises to stay protected.
The report analyses applications that penetrate enterprise networks. Which apps are found to be the most susceptible to breaches?
The report findings showed that common sharing apps like e-mail, instant messaging and social media delivered roughly 30 percent of the threats observed, but the activity itself was strangely low.
Despite accounting for a high percentage of exploits, common sharing applications accounted for only five percent of threat activity. It was found that while common sharing apps were favoured vehicles for delivering attacks, they were the start of multi-phased attacks rather than the focus of threat activity.
In fact, social media delivers far less than anyone would imagine. User Datagram Protocol (UDP), Domain Name System (DNS) and Server Message Block (SMB) are consistently represented as commonly targeted by or used by threats. Secure Sockets Layer (SSL) use remains far higher than we think.
In light of the above, it is now evident that attackers are hiding in plain sight. This may sound like old news, but the data shows several examples where cyber threats are using applications as their infiltration vectors, exhibit application-like evasion tactics and either act as, or use, common network applications for lateral communications and exfiltration of data.
It is more profitable for hackers to target companies this way as they expose company secrets and confidential strategies — ultimately creating huge losses for the overall business.
Sign up for Computerworld eNewsletters.