Our Cyber security partners Webroot released their cybersecurity report a few weeks back – this report summarises Webroot’s discoveries and analysis of threat activity over the last year. Here at Complete I.T. we know you are busy scaling your businesses, so we have condensed the 24 page report into today’s blog post. Don’t fancy digesting words? See our infographic instead
The importance of updating operating systems:
A common theme in the report is the importance of adopting the latest operating systems. Home users are adopting Windows 10 at rapid pace, but on the other side of the table businesses are making the move at a much slower pace – in 2017 only 20% of observed business computers were running the Windows 10 operating system. Organisations operating on Windows 7, which remains the second most common operating system seen by Webroot, are encountering almost twice as much risk as those organisations who are running Windows 10. Do you remember the breakout of the WannaCry ransomware attack in 2017? Almost all of the devices that fell victim were running Windows 7.
Ransomware and Cryptojacking:
2017 saw the rise of the two largest ransomware attacks in history – WannaCry and NotPetya. Together these pieces of ransomware infected 200,000 machines in just 24 hours. During the same year another prolific form of malware entered the world called NotPetya, with estimated damages equating to around 1.2 billion US dollars.
IP Addresses and URLs:
Each year Webroot sees tens of millions of IP addresses that are determined to be malicious – a malicious IP address could be compromised computers that send out spam, open proxies that allow anonymous traffic to pass through, or unsecured IoT devices that are part of a botnet distributing malware. Webroot categorise malicious IP addresses as spam, windows exploits, scanners, botnets, Denial of Service attack proxies, web attacks, phishing and mobile threats – 84% of malicious IPs represent spam and scanners. You might be wondering what scanners relate to; they aren’t the things you use to scan hard copy documents, but scanner attacks. During scanner attacks, hackers scan the network environment to learn its specifics – things like the software being used, the network configuration and user data – so that they can mount an attack that has been tailored to that specific environment.
Now on to URLs – thousands of new websites are created each day specifically to carry out cyberattacks. This creates an issue for organisations trying to safeguard their users against malicious sites – even when an organisations safeguarding systems identify a URL as benign, or in other words non-malicious, in a matter of minutes or hours the same site could have been compromised and now contains malicious materials. Webroot has found that certain types of sites are more likely to be high-risk or suspicious. These include business and economy, shopping, society, streaming media, and shareware and freeware sites. Those most likely to be trustworthy, based on the URLs observed by Webroot in 2017, include health and medicine, news and media, and society sites. In 2017, Webroot found that 25% of all URLs were malicious, suspicious or moderately risky.
Webroot’s research team found phishing to be one of the most used and most successful attack vectors. Phishing attacks rely on social engineering, drawing on themes that are relevant or interesting to the targeted individual. When the victim clicks on the link or opens an infected attachment, they open their systems up to the attacker. Webroot found that most phishing sites were only online for 4-8 hours, with the shortest being online for just 15 minutes. This highlights the need for organisations to use real time anti phishing solutions that can assess a sites’ phishing status in real time. The most impersonated sites set up for a phishing attack in 2017 were Google, Microsoft, Dropbox, Facebook, PayPal and Yahoo.