Over the last few months we have witnessed an abundance of cyber-attacks. Heartbleed, CryptoLocker's two week count down and now the new variants of file-encrypting ransomware called Cryptowall and Cryptodefensybe are evidence enough to show that cyber criminals have no plans of slowing down.
Even high profile companies such as PayPal and LinkedIn have been subject to breaches in recent months, so it is important businesses understand what is out there and what they can do to prevent such attacks.
Our Application Usages Threat Report a study of analysis of traffic data collected from 5,500 network assessments paints a similar picture. We have found that attackers are also exploiting commonly-used business applications to bypass traditional security controls and the enterprise needs to get smarter by preparing for not just the attacks of today, but also for the attacks of tomorrow.
While we know that 100% prevention and detection is just not possible right now, the industry wants to get closer to that goal by working faster at preventative measures.
Unsurprisingly, common sharing applications (CSM) such as IM, email, social media and video account for nearly one-third of all applications on the network. Interestingly, this makes up only 5% of all threat activity which means CSM is merely being used as the entry point and the first step within a multi-phased assault.
Unprecedented levels of trust
Consumers are also putting an unprecedented levels of trust in social media apps, which makes it easier for attackers to get in the network and get to work. In other words, too many doors are being left open for attackers to walk right in undetected and steal data right in front of us, so they're operating in plain sight.
Another problem on the rise for the security industry is SSL (Secure Sockets Layer). It's undeniable that SSL is a great underlying cornerstone for business privacy, however it's also ideal for masking hackers.
To put it simply, hackers are now able to exploit the network by exhibiting application-like evasion tactics and either acting as or using common network applications for lateral communications and data sifting.
The problem doesn't just stop with SSL. Criminals are also using FTP (File Transfer Protocol), RDP (Remote Desktop Protocol) and netbios to mask their activities as they work to exploit the system. This is alarming because the use of SSL is more widespread than ever. With 34% of all applications running on the networks communicated over SSL, businesses have no way of being certain that the traffic within the encrypted channels is free of malicious activity.
SSL use is a much bigger problem than it was even a year ago. If an administrator doesn't know how many applications running on the network use SSL, they also don't know how many of those applications use OpenSSL. This means they may directly or indirectly expose the organisation to the next Heartbleed.
The key for businesses to ensure they remain protected and increase their security is by focussing on preventing cyber-attacks before they enter the network, instead of fixing them after they've breached. In fact, there are simple steps you can take to protect your business right away. First, it is crucial to determine and selectively decrypt applications that use SSL. Selective decryption can help you uncover and eliminate potential hiding places for cyber threats to stop the criminals at entry point.
Every employee is a potential security risk
Secondly, be aware that unknown traffic will always occur in the network. We've found that while this will only average at around 10% of the bandwidth, it can still be high in risk. By effectively controlling unknown UDP/TCP you will quickly eliminate a significant volume of potential malware.
However, overall we found the key takeaway from the Application Usage Threat Report is that, while they play a fundamental role, securing the network is not the sole responsibility of the CSO or CIO.
The entry point for the majority of breaches we saw were via everyday interactions on laptops and mobile devices, so every employee is a gateway to a potential security risk.
Educating the workforce about the dangers of cyber threats and making them more aware that the applications and public networks they use could cause threats is vital. So you should obviously keep your security solution updated to stay ahead of the new techniques cyber criminals are using, but also update your company policy regularly and keep your staff vigilant about the apps and public networks they use.
Alex Raistrick is VP of Western Europe at Palo Networks