A Look at the 2018 Alert Logic State of Threat Detection Report

Today Security-as-a-Service provider, Alert Logic, released its latest cybersecurity analysis, “Critical Watch Report: The State of Threat Detection 2018.” The report illustrates that cyber attackers gain greater scale through new techniques like killchain compression and attack automation. This expands the range of organizations under constant attack regardless of size.

The report analyzed issues across Alert Logic’s customer base over a 14-month period. Security Operations and Threat Intelligence team members analyzed over 1.2 billion anomalies, 7.2 million security events, and 250,000 security incidents.

Killchain findings

One notable standout of the report centers around traditional killchain. Essentially, killchain has evolved into a more powerful force. 88 percent of killchain attacks now gain efficiency and speed by combining that five phases into a single action. The five phases include recon, weaponization, delivery, exploitation, and installation. Traditional killchain defense focused on stopping threats as early as possible. Unfortunately, the modernization of killchain creates almost instantaneous cyber attacks that make established security practices irrelevant.

The report illustrates the increased use of automation to launch random attacks. Thus, organizations must change their approach to assess risk. “Spray and pray” attacks roll through a set of IP addresses at massive scale to seek vulnerabilities and immediately exploit them. Thus, predicting risk scenarios becomes more difficult to manage.

Cryptojacking

Another insight the report provides is the increased threat of cryptojacking. We’ve covered this before and the threat only looks worse. Many attackers view cryptocurrency as a primary motivation. Alert Logic found 88% of WebLogic attacks focused on cryptojacking. The report also found that web application attacks remain the most frequent and dominant type of attack. SQL injection attempts comprise 43 percent of all observed attacks.

More on this report

“It’s no secret that attackers push the envelope and innovate attacks to abuse weaknesses anywhere they find them—in cloud and hybrid deployments, containerized environments, and on-premises systems,” said Rohit Dhamankar, Vice President of Threat Intelligence Products at Alert Logic. “What is troublesome is the use of force-multipliers like automation to scale attacks for increased financial gain. This report demonstrates that attackers are gaining increasing sophistication in their ability to weaponize trusted techniques to exploit common vulnerabilities and misconfigurations for purposes such as cryptomining.”

The report establishes the prevalence of attack vectors by industry for government & education, financial services & insurance, health services, information technology & services, media communications & entertainment, not-or-profit organizations, production/manufacturing & logistics, and retail & hospitality.

In addition to the research findings, the report provides best practices for remediation and cyber hygiene. As well as recommendations on how to improve visibility and address staffing shortages, to help organizations improve their security posture.

“While attackers continue to innovate with improved agility, speed and covertness, defenders also have opportunities to evolve the way they approach their security processes, procedures, and technologies. With our deep understanding of new and enhanced attack methods, Alert Logic can be a trusted partner in helping them,” said Dhamankar.