Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd Security IT Summit | Forum Events Ltd

Posts Tagged :

research

Barracuda: Growing confidence and emerging gaps in cloud security

960 640 Guest Post

For modern organisations, digital transformation is increasingly the only game in town. CIOs are turning to multiple cloud providers in droves for new app-based models, driving enhanced business agility to meet ever-changing market demands.

Yet security remains a constant challenge. Web applications themselves remain a major target for data theft and DDoS. A Verizon report from earlier this year claimed that a quarter of the breaches it analysed stemmed from web application attacks.

So, what are organisations doing about it? Chris Hill, RVP Public Cloud and Strategic Alliance International at Barracuda Networks reveals some interesting findings from its latest research…

Cloud maturity grows

The survey of over 850 security professionals from around the world reveals a growing confidence in public cloud deployments. Over two-fifths (44 percent) now believe public cloud environments to be as secure as on-premises environments, while 21 percent claim they are even more secure. What’s more, 60 percent say they are “fairly” or “very” confident that their organisation’s use of cloud technology is secure.

This makes sense. After all, cloud providers are capable of running more modern, secure infrastructure than many organisations could in-house. That means customers benefit from the latest technology, accredited to the highest security standards, versus heterogeneous, legacy-heavy in-house environments. As long as they pick the right third-party security partners and understand the concept of shared responsibility in the cloud, cyber risk can be mitigated effectively. The cloud even offers more options for backup and redundancy to further minimise risk.

Yet this isn’t the whole picture. Respondents to the study are still reluctant about hosting highly sensitive data in the cloud, with customer information (53 percent) and internal financial data (55 percent) topping the list. They complain of cybersecurity skills shortages (47 percent) and a lack of visibility (42 percent) as hampering cloud security efforts. And over half (56 percent) aren’t confident that their cloud set-up is compliant.

Could some of these concerns be linked to web application threats?

Websites under attack

The truth is that web apps are a ubiquitous but often poorly understood part of the modern cloud-centric organisation. As a business-critical method of delivering experiences to customers and productivity-enhancing capabilities to employees, web applications are a major target for cyber-criminals looking to steal sensitive data and interrupt key business processes. A Forrester study from 2018 found that the leading cause of successful breaches was external attacks — the most common of which focused on web applications (36 percent).

Fortunately, Barracuda Networks’ survey finds more than half (59 percent) of global firms have web app firewalls (WAFs) in place to mitigate these threats. The most popular option is sourcing a WAF from a third-party provider (32 percent), which makes sense, as long as they can protect customers from the automated bot-driven traffic that dominates the threat landscape. Not all can.

Patching and configuring

However, a greater concern is the fact that many organisations don’t appear to be taking the threat of web application vulnerabilities seriously. The Barracuda study found that 13 percent of respondents claim they haven’t patched their web application frameworks or servers at all over the past 12 months. Of those that did, it takes over a third (38 percent) of them between seven and 30 days to do so. For a fifth (21 percent), it takes over a month.

This is the kind of approach that landed Equifax in a heap of trouble when it failed to promptly patch an Apache Struts 2 flaw, leading to a mega-breach that has so far cost has over $1.4 billion. It’s an extreme example, but it is one that highlights the potential risks for businesses.

Another potential area of risk with web application environments is human error. A massive breach at Capital One earlier this year affected around 100 million customers and applicants, and it was blamed on a misconfiguration of an open source WAF.

Some 39 percent of respondents told Barracuda Networks they don’t have a WAF because they don’t process any sensitive information via their applications. But attacks aren’t just focused on stealing data. They can also impede mission-critical services. WAFs are certainly not a silver bullet. But as part of a layered approach to cybersecurity, they’re an important tool in the ongoing fight against business risk.

Conclusion

Growing cloud confidence is enabling digital transformations across organisations of every shape and size. However, that confidence comes with a cautionary tale. Attackers are also zeroing in on vulnerabilities and weaknesses that may have been ignored in the past, and many organisations are unaware of how these multi-layered attacks can unfold from a single access point. Web application security and cloud security posture are the key weapons customers need to deploy in order to continue their digital transformations safely in the cloud.

To ensure you are secure in the cloud, here are some tips:

• Ensure you have WAFs protecting all your apps. Don’t assume that just because an app doesn’t appear to have outside visitor engagement that it can’t be used as an attack vector. Once any vulnerabilities are discovered, attackers will exploit them, and it may help them gain access to your network and more valuable resources.
• Don’t leave application security in the hands of your development team. They aren’t security experts, nor do you pay them to be — you pay them to build great products.
• Deploy a cloud security posture management solution. Not only will this eliminate many security risks and failures, along with providing your development team with necessary guardrails to “build secure,” it greatly simplifies remediation and speeds investigations when issues do arise.

Global IT security market to hit $151bn in 2023

960 640 Stuart O'Brien

The size of the information security technology market could reach $151.2 billion in 2023, driven by the banking and telecoms sectors.

That’s according to a report from PreciseSecurity.com, which predicts spending in the security technology market will reach $106.6 billion this year. 

The report asserts that information security technology spending continues to move forward with large investments from different companies and organisations around the world, with the whole market growing by 57% 2018 and 2023 from $96.3 billion to $151.2 billion. 

The banking industry is one of the sectors that is expected to invest the largest amount of funds in this market.

“Considering there have been many attempts for hackers to acquire funds from banks, the banking industry is expected to spend the most on security solutions,” say the authors.

The report shows that the industries that will experience the fastest spending growth include government, telecommunications, and resources. They will be growing at a CAGR of 12.5%, 11.9% and 11.0% Compound Annual Growth Rate (CAGR), respectively. 

Although the growth in investment from companies and organizations in the security information technology market is expected to increase, the firms stresses its estimates could be conservative estimations. 

Justinas Baltrusaitis, the editor at PreciseSecurity.com, said: “Increasing investment in security products and services is a natural response to the growing number of various hacks and attacks companies experienced. In my opinion, this projection could be certainly realistic but I am not closed to think this number could be even higher.” 

Unwanted apps high on 2020 cyber threat list

960 640 Stuart O'Brien

So-called ‘fleeceware’ apps and aggressive adware software are among the key cyber threats posed to businesses and the public in 2020.

That’s according to the 2020 Threat Report, produced by SophosLabs to explore changes in the threat landscape over the past 12 months.

The Report focuses on six areas where researchers noted particular developments during this past year – here are the key findings:-

  • Ransomware attackers continue to raise the stakes with automated active attacks that turn organizations’ trusted management tools against them, evade security controls and disable back ups in order to cause maximum impact in the shortest possible time. 
  • Unwanted apps are edging closer to malware. In a year that brought the subscription-abusing Android Fleeceware apps, and ever more stealthy and aggressive adware, the Threat Report highlights how these and other potentially unwanted apps (PUA), like browser plug-ins, are becoming brokers for delivering and executing malware and fileless attacks.  
  • The greatest vulnerability for cloud computing is misconfiguration by operators. As cloud systems become more complex and more flexible, operator error is a growing risk. Combined with a general lack of visibility, this makes cloud computing environments a ready made target for cyberattackers.
  • Machine learning designed to defeat malware finds itself under attack. 2019 was the year when the potential of attacks against machine learning security systems were highlighted. Research showed how machine learning detection models could possibly be tricked, and how machine learning could be applied to offensive activity to generate highly convincing fake content for social engineering. At the same time, defenders are applying machine learning to language as a way to detect malicious emails and URLs. This advanced game of cat and mouse is expected to become more prevalent in the future. 

Other areas covered in the 2020 Threat Report include the danger of failing to spot cybercriminal reconnaissance hidden in the wider noise of internet scanning, the continuing attack surface of the Remote Desktop Protocol (RDP) and the further advancement of automated active attacks (AAA).

“The threat landscape continues to evolve – and the speed and extent of that evolution is both accelerating and unpredictable. The only certainty we have is what is happening right now, so in our 2020 Threat Report we look at how current trends might impact the world over the coming year.  We highlight how adversaries are becoming ever stealthier, better at exploiting mistakes, hiding their activities and evading detection technologies, and more, in the cloud, through mobile apps and inside networks. The 2020 Threat Report is not so much a map as a series of signposts to help defenders better understand what they could face in the months ahead, and how to prepare,” said John Shier, senior security advisor, Sophos.

For additional and detailed information on threat landscape trends and changing cybercriminal behaviours, check out the full SophosLabs 2020 Threat Report at https://www.sophos.com/threatreport

Research highlights cyber threat to schools

960 640 Stuart O'Brien

There have been 301 attacks against UK and US schools so far in 2019, compared to 124 in 2018 and 218 in 2017. 

That’s according to Barracuda analysis of data compiled by the K-12 Cybersecurity Resource Center (K-12 CRC), which has been tracking reported attacks against U.S. schools since 2016.

This only accounts for the reported cases, however, and Barracuda says it’s highly likely that additional cases exist that went either unreported or even undetected, especially as stealthier malware that seeks to steal information, participate in botnets, or mine cryptocurrency is on the rise.

The National Cyber Security Centre (NCSC) recently published a report compiling cybersecurity-related findings from 430 schools across the UK. It found that 83% had experienced at least one cybersecurity incident, even though 98% of the schools had antivirus solutions and 99% had some sort of firewall protection.

Using a single source of open threat intelligence data and a list of all known websites belonging to U.S. and UK schools, Barracuda researchers found 234 unique malware samples that attempted to connect to school domain names.

It also found 123 IPs associated with the same set of schools that had negative reputation, which could point to additional malicious activity, in addition to disrupting activity at the school due to emails and web pages being blocked.

Among the highlighted threats are:-

Cyberattacks Against Schools — The most common threats targeting schools are data breaches (31%), malware (23%), phishing (13%), network or school infrastructure hacks(10%), and denial-of-service attacks (4%), based analysis of the 708 incidents reported to the K-12 Cybersecurity Resource Center since 2016. The remainder of the incidents were made up of accidental disclosure of data (16%) and other incidents (3%). 

Barracuda says many school districts only have one or two IT personnel to service the district, let alone any dedicated cybersecurity staff. Plus, the steady increase in school-issued devices in recent years drastically expands the attack surface along with the number of systems that need to be secured. 

This, it says, makes schools largely a target of opportunity as well as subject to the massive campaigns spreading scams and malware indiscriminately. Lowered security postures due to budget constraints, combined with a large user base of minors who don’t have the critical-thinking skills to properly assess potential attacks, makes both types of attacks more effective, unfortunately.

How schools can protect against the threat

Barracuda says the only way for schools to truly protect against cyberattacks is a complete security portfolio including perimeter security, internal network security, incident response capabilities, and a knowledgeable security staff to configure these solutions and handle incidents:-

1. Perimeter security

Perimeter security generally consists of network firewalls, web filters, email protection, and application firewalls. While affordable and easy-to-configure solutions are available, obtaining the budget for a full security portfolio can prove difficult for many school districts, and without all areas covered, attack vectors will undoubtedly still exist. 

2. Internal network security

While internal security such as intrusion detection, data backup, and anti-malware solutions are important for catching any breaches in perimeter security, the additional risk of insider threats that schools face make these measures even more critical. While Windows Defender offers decent anti-malware protection these days, upgrading existing machines to Windows 10 to take advantage of this feature can be costly and is often overlooked by many organisations. Regardless of the software being used, though, keeping up with security patches is critical because it helps patch exploits that can potentially be leveraged by attackers. 

3. Incident response capabilities

In the event of an incident, intrusion detection and incident response solutions both assist in discovering incidents and helping security staff isolate and remediate them. Data backup as part of internal network security can also assist during an incident if data is corrupted, encrypted, or deleted.

4. Knowledgeable staff

Maintaining a capable IT security staff is challenging for many school districts because IT staffing needs often compete with other much needed positions, such as additional teachers to keep up with enrollment rates. Without this staff, though, it can be difficult to patch systems and respond to potential incidents or even properly configure security solutions to maximise their benefit. 

GUEST BLOG: The Growing DDoS Landscape

960 640 Guest Post

By Anthony Webb, EMEA Vice President at A10 Networks

A new wave of DDoS attacks on South Africa’s internet service provider has highlighted that these attacks continue to grow in frequency, intensity and sophistication.

A10 Networks’ recent report on the Q2 2019: The State of DDoS Weapons has shed more light on the loud, distributed nature of DDoS attacks and the key trends that enterprises can learn from in adopting a successful defence.

IoT: A Hotbed for DDoS Botnets

A10 Networks has previously written that IoT devices and DDoS attacks are a perfect match. With the explosion of the Internet of Things (growing at a rate of 127 connected devices per second and accelerating), attackers target vulnerable connected devices and have even begun to develop a new strain of malware named Silex- a strain just for IoT devices. Silex affected 1650 devices in over an hour and wiped the firmware of IoT devices in attacks reminiscent of the old BrickerBot malware that destroyed millions of devices back in 2017.

The report has highlighted the top-three IoT binary dropped by malware families – two of the three belonged to Mirai – with the Netherlands, UK, USA, Germany and Russia being the top five hosting malware droppers.

The New IoT Threat

A new threat has emerged due to industry-wide adoption of technology with weak security: the UDP implementation of the Constrained Application Protocol (CoAP). This new threat does not have anything to do with Mirai or malware, but its impact has enabled millions of IoT devices to become weaponised as reflected amplification cannons. CoAP is a machine-to-machine (M2M) management protocol, deployed on IoT devices supporting applications such as smart energy and building automation. CoAP is a protocol implemented for both TCP and UDP and does not require authentication to reply with a large response to a small request. A10 identified over 500,000 vulnerable IoT devices with an average response size of 749 bytes. The report also highlights that 98% of CoAP threats originate from China and Russia, with the capability to amplify by 35x.

On the Horizon: 5G

Ericsson recently predicted that the number of IoT devices with cellular connection will reach 4.1 billion by 2024. 5G, with its higher data speeds and lower latency, will be the primary driver behind this rapid expansion. Whilst this is great news in an open dynamic world, the downside is that we will also see an increase in the DDoS weaponry available to attackers.

We have seen mobile carriers hosting DDoS weapons skyrocket over the last six months. Companies such as T-Mobile, Guangdong Mobile and China Mobile have been guilty of amplifying attacks. With 5G, intelligent automation aided by machine learning and AI will become essential to detecting and mitigating threats. IoT devices by Linux are already the target of a new strain of malware which is predominantly dedicated to running DDoS attacks.

Amplified Attack

Amplified reflection attacks exploit the connectionless nature of the UDP protocol with spoofed requests to misconfigured open servers on the internet. Attackers send volumes of small requests with the spoofed victim’s IP address to exposed servers, which are targeted because they’re configured with services that can amplify the attack. These attacks have resulted in record-breaking volumetric attacks, such as the 1.3 Tbps Memcached-based GitHub attack in 2018, and account for many DDoS attacks.

Battling the landscape

Every quarter, the findings of our DDoS attack research point to one thing: the need for increased security. Sophisticated DDoS weapons intelligence, combined with real-time threat detection and automated signature extraction, will allow organisations to defend against even the most massive multi-vector DDoS attacks, no matter where they originate. Actionable DDoS weapons intelligence enables a proactive approach to DDoS defences by creating blacklists based on current and accurate feeds of IP addresses of DDoS botnets and available vulnerable servers commonly used for DDoS attacks. With DDoS attacks not going away, it’s time for organisations to match their attackers’ sophistication with a stronger defence, especially as new technology like IoT and 5G gains momentum.

Humans: The root cause of your cyber security issues

960 640 Stuart O'Brien

More than 99 per cent of cyber threats require human interaction to execute – enabling a macro, opening a file, following a link, or opening a document – signifying the importance of social engineering to enable successful attacks.

That’s according to the latest Human Factor report from Proofpoint, which highlights the ways in which cybercriminals target people, rather than systems and infrastructure, to install malware, initiate fraudulent transactions and steal data.

The report, based on an 18-month analysis of data collected across Proofpoint’s global customer base, also found:-

  • Microsoft lures remain a staple. Nearly 1 in 4 phishing emails sent in 2018 were associated with Microsoft products. 2019 saw a shift towards cloud storage, DocuSign, and Microsoft cloud service phishing in terms of effectiveness. The top phishing lures were focused on credential theft, creating feedback loops that potentially inform future attacks, lateral movement, internal phishing, and more.
  • Threat actors are refining their tools and techniques in search of financial gain and information theft. While one-to-one attacks and one-to-many attacks were more common when impostor attacks first began to emerge, threat actors are finding success in attacks using more than five identities against more than five individuals in targeted organizations.
  • The top malware families over the past 18 months have consistently included banking Trojans, information stealers, RATs, and other non-destructive strains designed to remain resident on infected devices and continuously steal data that can potentially provide future utility to threat actors.

People-centric Threats

  • Attackers target people – and not necessarily traditional VIPs. They often target Very Attacked People (VAPTM) located deep within the organization. These users are more likely to be targets of opportunity or those with easily searched addresses and access to funds and sensitive data.
  • Thirty-six percent of VAP identities could be found online via corporate websites, social media, publications, and more. For the VIPs who are also VAPs, nearly 23 percent of their email identities could be discovered through a Google search.
  • Imposters mimic business routines to evade detection. Impostor message delivery closely mirrors legitimate organizational email traffic patterns, with less than 5 percent of overall messages delivered on weekends and the largest portion – over 30 percent – delivered on Mondays.
  • Malware actors are less likely to follow expected email traffic. Overall malicious message volumes sampled in the second quarter of 2019 were distributed more evenly over the first three days of the week and were also present in significant volumes in campaigns that began on Sundays (more than 10 percent of total volume sampled).
  • Click times have traditionally shown significant regional differences, reflecting differences in work culture and email habits among major global regions. Asia-Pacific and North American employees are far more likely to read and click early in the day, while Middle Eastern and European users are more likely to click mid-day and after lunch.

Email Attacks: Verticals at Risk

  • Education, finance, and advertising/marketing topped the industries with the highest average Attack Index, an aggregated measure of attack severity and risk. The education sector is frequently targeted with attacks of the highest severity and has one of the highest average number of VAPs across industries. The financial services industry has a relatively high average Attack Index but fewer VAPs.
  • 2018 saw impostor attacks at their highest levels in the engineering, automotive, and education industries, averaging more than 75 attacks per organization. This is likely due to supply chain complexities associated with the engineering and automotive industries, and high-value targets and user vulnerabilities, especially among student populations, in the education sector. In the first half of 2019, the most highly targeted industries shifted to financial services, manufacturing, education, healthcare, and retail.
  • The Chalbhai phish kit, the third most popular lure for the first half of 2019, targeted credentials for many top U.S. and international banks and telecommunications companies, among others, using a range of templates attributed to a single group but leveraged by multiple actors.
  • Attackers capitalize on human insecurity. The most effective phishing lures in 2018 were dominated by “Brainfood,” a diet and brain enhancement affiliate scam that harvests credit cards. Brainfood lures had click rates over 1.6 clicks per message, over twice as many clicks as the next most clicked lure.

“Cybercriminals are aggressively targeting people because sending fraudulent emails, stealing credentials, and uploading malicious attachments to cloud applications is easier and far more profitable than creating an expensive, time-consuming exploit that has a high probability of failure,” said Kevin Epstein, vice president of Threat Operations for Proofpoint. “More than 99 percent of cyberattacks rely on human interaction to work—making individual users the last line of defense. To significantly reduce risk, organizations need a holistic people-centric cybersecurity approach that includes effective security awareness training and layered defenses that provide visibility into their most attacked users.”

Image by Jan Vašek from Pixabay

NCSC details key wins in cyber security war

960 640 Stuart O'Brien

A scam to defraud thousands of UK citizens using a fake email address spoofing a UK airport was one of a wide range of cyber attacks successfully prevented by the National Cyber Security Centre (NCSC) in the last 12 months.

Details of the criminal campaign are just one case study of many in Active Cyber Defence – The Second Year, a comprehensive analysis of the NCSC’s programme to protect the UK from cyber attacks.

The thwarting of the airport scam was one example in 2018 of how ACD protects the public.

The incident occurred last August when criminals tried to send in excess of 200,000 emails purporting to be from a UK airport and using a non-existent gov.uk address in a bid to defraud people.

However, the emails never reached the intended recipients’ inboxes because the NCSC’s ACD system automatically detected the suspicious domain name and the recipient’s mail providers never delivered the spoof messages. The real email account used by the criminals to communicate with victims was also taken down.

In addition, a combination of ACD services has helped HMRC’s own efforts in reducing the criminal use of their brand. HMRC was the 16th most phished brand globally in 2016, but by the end of 2018 it was 146th in the world.

Dr Ian Levy, the NCSC’s Technical Director and author of the ACD report, said: “These are just two examples of the value of ACD – they protected thousands of UK citizens and further reduced the criminal utility of UK brands. Concerted effort can dissuade criminals and protect UK citizens.

“While this and other successes are encouraging, we know there is more to do, and we would welcome partnerships with people and organisations who wish to contribute to the ACD ecosystem so that together we can further protect UK citizens.

“This second comprehensive analysis we have undertaken of the programme shows that this bold approach to preventing cyber attacks is continuing to deliver for the British public.”

Introduced by the NCSC in 2016, ACD is an interventionist approach designed to stop cyber attacks from ever happening. It includes the programmes Web Check, DMARC, Public Sector DNS and a takedown service.

The ACD technology, which is free at the point of use, intends to protect the majority of the UK from the majority of the harm from the majority of the attacks the majority of the time.

Other key findings for 2018 from the second ACD report include:

  • In 2018 the NCSC took down 22,133 phishing campaigns hosted in UK delegated IP space, totalling 142,203 individual attacks;
  • 14,124 UK government-related phishing sites were removed;
  • Thanks to ACD the number of phishing campaigns against HMRC continues to fall dramatically – with campaigns spoofing HMRC falling from 2,466 in 2017 to 1,332 in 2018. These figures relate to 16,064 spoof sites in 2017 and 6,752 sites in 2018;
  • The total number of takedowns of fraudulent websites was 192,256, and across 2018, with 64% of them down in 24 hours;
  • The number of individual web checks run has increased almost 100-fold, and we issued a total of 111,853 advisories direct to users in 2018.

Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office David Lidington said: “The UK is safer since the launch of our cyber strategy in 2016. Over the last three years, and backed by a £1.9 billion investment, we have revolutionised the UK’s fight against cyber threats as part of an ambitious programme of action.

“The statistics and examples in this report speak for themselves. They outline the tangible impact that Active Cyber Defence is having, and how it is a key building block in improving cyber security in the UK now, and in the future.”

The new report also looks to the future of ACD, highlighting a number of areas in development. These include:

  • The work between the NCSC and Action Fraud to design and build a new automated system which allows the public to report suspicious emails easily. The NCSC aims to launch this system to the public later in 2019;
  • The development of the NCSC Internet Weather Centre, which will aim to draw on multiple data sources to allow us to really understand the digital landscape of the UK;
  • We’ll explore developing an Infrastructure Check service: a web-based tool to help public sector and critical national infrastructure providers scan their internet-connected infrastructure for vulnerabilities;
  • NCSC researchers have begun exploring additional ways to use the data created as part of the normal operation of the public sector protective DNS service to help our users better understand and protect the technologies in use on their networks.

You can read the full 2019 report here.

Rob Norris, VP Enterprise and Cyber Security, Fujitsu, said: “Cybersecurity challenges aren’t slowing down and this annual report by GCHQ’s National Cyber Security Centre illustrates the magnitude of the problem. Cybercriminals today are creative and equipped with a multitude of tools helping them see their attacks through, making it vital for all organisations to think how they can safeguard their data and business assets.

“Unfortunately one of the simplest methods of stealing sensitive information is through a basic email phishing campaign, as proved by the fact that NCSC stopped 140,000 phishing attacks last year alone. This is partially because organisations still rely heavily on email to communicate both internally and externally, but also because of the human factor. Human behaviour is cited as the biggest challenge in email security, therefore it is imperative that businesses prioritise vigilance and awareness through education and training. 

“I would advise that some of the things we can do to identify suspected email security threats are hovering over the email hyperlinks before clicking to see the web address; blocking executable files and emails with large attachments; being mindful of password reset emails; and using a VPN when working remotely or using public WiFi. In today’s digital world, no one is immune from data theft, and being vigilant, both as an employee and as a consumer, is paramount.”

UK businesses subjected to one cyber attack every minute in 1Q19

960 640 Stuart O'Brien

UK businesses were subjected to 119,659 internet-borne cyber attacks each, on average, in the first quarter of 2019, according to analysis by Beaming.

This rate of attack, which equates to one every minute, was more than double that experienced in the first three months of 2018, when companies were attacked online 53,981 times on average.

Between January and March 2019, Beaming’s cyber security analysts identified 442,091 unique IP addresses that were being used to launch cyber attacks over the internet on UK businesses.

While 51,004 of these could be traced to locations in China and a large amount of attack activity continued to originate in Brazil (32,386) and Russia (31,131), there was also a threefold increase in the number of IP addresses in Egypt (36,282) used to attack UK businesses in the first three months of the year.

Remotely controlled IoT applications and file sharing services were the most likely targets for online cyber criminals, attracting 201 and 114 attacks per day respectively between January and March.

Sonia Blizzard, managing director of Beaming, said: “Cyber attacks continue to be a clear and present danger to UK businesses and the IT infrastructure they rely on. Business leaders should be wary, the rate of attack has been at historically high levels since October last year. Since we started tracking cyber attack activity just over three years ago we’ve come to expect that businesses will be attacked around 20,000 times a month on average. At the moment we are seeing twice that level of malicious activity online.”

“While there is plenty that we can do at a network level to minimise the threat of online attacks, businesses need to take cyber security seriously, educate employees and put in place security measures such as managed firewalls to ensure they don’t expose themselves to undue risk.”

Skills shortage and 5G fears at European data centres

150 150 Stuart O'Brien

Continuing unprecedented demand for new datacentres, fears around the shortage of skilled professionals, concerns about the future disruption of 5G, and the limited impact of Brexit are some of the key findings from the latest industry survey from Business Critical Solutions (BCS).

The Summer Report, now in its 10th year, is undertaken by independent research house IX Consulting, who capture the views of over 300 senior datacentre professionals across Europe, including owners, operators, developers, consultants and end users. It is commissioned by BCS, a specialist services provider to the digital infrastructure industry. 

The report highlights the rising demand for datacentres with almost two thirds of users exceeding 80% of their capacity today, 70% having increased capacity in the last six months and almost 60% planning increase capacity next year.

This demand is currently being driven by cloud computing with over three quarters of respondents identifying 5G and Artificial Intelligence (AI) as disruptors for the future.

With industry predictions that edge computing will have 10 times the impact of cloud computing in the future, half of respondents believe it will be the biggest driver of new datacentres.

However, the survey found that the market remains confident that supply can be maintained, with over 90% of developers stating they have expanded their datacentre portfolio in the last six months.

With regards to supply, there are concerns that a shortage of sufficiently qualified professionals at the design and build stages will cause a bottle neck, with 64% of datacentre users and experts believing there is a lack of skilled design resource in the UK. AI and Machine Learning may help to mitigate these issues with nearly two thirds of respondents confident that datacentres will utilise these to simplify operations and drive efficiency.

The political uncertainty around Brexit continues to impact the sector with 78% of respondents believing that it will create an increase in demand for UK-based datacentres. However, the overall feeling was that the fundamentals underpinning the demand for datacentre space, such as the continued proliferation of technology-led services, outweighs these concerns and the European datacentre market will overcome any difficulties that occur.

Commenting on the report, James Hart, CEO at BCS, said: “As always this report makes for fascinating reading and I was encouraged by the overwhelming positive sentiment to forecast growth and the limited impact of Brexit. The fact that half of our respondents believe that edge computing will be the biggest driver of new datacentres tallies with our own convictions. We believe that the edge of the network will continue to be at the epicentre of innovation in the datacentre space and we are seeing a strong increase in the number of clients coming to us for help with the development of their edge strategy and rollouts.”

The full report can be downloaded here.

Image by Jorge Guillen from Pixabay

The Rising Email Threat: Are instant messaging tools the answer?

960 640 Guest Post

By Barracuda Networks

At Barracuda we believe two heads are better than one. Following that logic, we can’t argue the value of the opportunity to hear from our peers on industry trends. We recently discovered through such means that, for the channel, email security is its biggest focus in 2019, as partners are increasingly helping their customers fight the battle against email attacks.

This got us thinking: how do end users view email security? And does it match with their channel counterparts? Are they too prioritising it over the next 12 months?

To answer our question, we quizzed 280 high-level decision makers across different industries throughout EMEA on their email security measures, where it falls on their ever-changing priority list, and ultimately how equipped they are for the inevitable attack.

Attacks are going up, up, up 

The results pointed to an industry already aware of – and often affected by – the rising new wave of email threats. Of the 280 decision makers polled, a majority (87%) predicted email threats to increase in the coming year. Perhaps unsurprisingly, the majority (75%) also said they had witnessed a steady increase in email attacks over the past three years against their own organisation. 

Breaking those attacks down, in the last year, almost half (47%) were attacked by ransomware, 31% were victim to a business email compromise attack, and a huge 75% admitted to having been hit with brand impersonation. This final statistic gives credence to our recent spear phishing report, which found that 83% of all the email attacks we analysed focused on brand impersonation. Clearly the criminal’s favourite choice, and for good reason.

Email remains the weakest link

However, regardless of this awareness, many organisations admit to being vastly unprepared when it comes to email security. Despite email being used since the 1990s, a staggering 94% admitted that email is still the most vulnerable part of organisations’ security postures. 

Unsurprisingly, finance departments seem to experience the most attacks, with 57% identifying it as the most targeted department. What was surprising was the rise in customer support attacks; a not insignificant 32% identified this as their most attacked department in what could indicate a new emerging trend for would-be attackers.

Without proper employee training, these attacks will continue to succeed. However, training is still hugely lacking across most organisations we spoke to, with the most popular answer (29%) being from respondents who receive it just once a year. Shockingly, 7% stated they’d either never had training or that they weren’t sure.

The lack of training is clearly leaving employees either confused or unaware of security protocol, as over half (56%) stated that some employees do not adhere to security policies. Of those, 40% said their employees used a ‘workaround’ to do so, perhaps referring to shadow IT solutions and the issues they continue to cause in enterprise IT environments. Both of these issues could be solved by regular and in-depth employee security training.

Not all doom and gloom

That being said, we’d be amiss to ignore those taking measures to reduce email threats. For the 38% whose security budgets are increasing next year, we’d hope security awareness training will play a key role in where the funds will be spent – after all, regardless of whether you have the latest technology, your employees are still the last line of defence. 

However, with 62% of security budgets to either stay the same or decrease over the next year, it seems that organisations are taking to other ways to try and reduce the rising email threat. Over a third (36%) are implementing instant messaging applications such as Slack or Yammer, to reduce email traffic.

This approach comes with a warning from us: while we haven’t yet seen attacks using messaging platforms such as Slack, this may well change in the future and doesn’t necessarily mean that these platforms are immune to attacks. Any organisation going down this route should do so with care, as if we know anything about cyber attackers, it’s that they’re always trying new ways to catch their victims out.

Interestingly, those companies using instant messaging tools are more likely to use Office 365 (78%), compared to an average of 56% across the rest of the study. They were also slightly more likely to pinpoint email as the weakest link (97%) versus 92%. With that in mind, security should be front of mind in order to ensure Office 365 environments are fully protected in the move away from Exchange.

In the short term, while a shift away from email to communications tools such as Slack might be tempting in order to temporarily ease the email burden, it might not work out in the long run, as we wouldn’t be surprised if cyber attackers just changed their tactics in response. In the longer term, the right combination of technology and security awareness training is the key to email attack protection. Attacks will always increase in sophistication, but as long as you stay ahead of the game, it is possible to keep the bad guys out. After all, even at 30 years old, email attacks are still proving profitable for cyber criminals, so they won’t stop any time soon… 

Image by rawpixel from Pixabay