| Ashish Patel of Intel Security explains why there is a real disconnect between IT and the evolving landscape of network abuse The network threat landscape is shifting rapidly, leaving enterprises vulnerable to a broad range of attacks. Intel Security detected over 54 million network attacks in the first quarter of 2015 alone. Our recent report, entitled Dissecting the Top Five Network Attack Methods: A Thief's Perspective, identified that browser attacks, network abuse, stealth attacks, evasive technologies and SSL attacks are the largest threats to our network security. As cybercriminals develop increasingly sophisticated attack methods, it's crucial that IT professionals educate themselves and all employees so that everyone can stay protected in the face of these evolving threats.
BROWSER ATTACKS
Browser attacks are a key weapon in the cybercriminal arsenal. Hackers know that employees are constantly online and therefore vulnerable to social engineering, phishing emails and drive-by browser downloads. Suspect URLs grew by 87 per cent between 2013 and 2014, but in 2015 we are still seeing a lack of employee awareness concerning these criminal tactics. Our recent research found that 52 per cent of UK organisations fail to train their customer service team while 60 per cent do not train their receptionists and front-of-house staff. This is extremely worrying as these employees are on the front line, in daily contact with hundreds of external people - increasing their vulnerability to attack.
NETWORK ABUSE
Using Distributed Denial of Services (DDoS) attacks, hackers can overwhelm server resources and bring down an organisation's website, demanding ransom money to restore the organisation’s entire online presence. The variety of DDoS toolkits is astounding: over 109 million DDoS attacks were detected in 2014 alone. On-premises, deep-packet inspection is vital for IT departments to monitor and analyse the traffic hitting their web server, keeping watch for abusive traffic or large increases in traffic volume.
STEALTH ATTACKS
Stealth attacks pose a significant threat to enterprises. Cyber criminals are exploiting employee-owned and managed endpoints to infiltrate protected networks from the inside, and they remain hidden as they discreetly steal or manipulate data. Investing in an abundance of technology does not lower the number of threat vectors if these technologies are failing to communicate with each other. The best approach is to introduce advanced inspection techniques and solutions which share security insights in real-time to identify and stop stealthy attacks. A connected approach is essential to combat these advanced threats and breaches.
EVASIVE TECHNOLOGIES
Advanced evasive techniques (AETs) are a huge challenge for IT departments. From sandbox evasion to endpoint data exfiltration, it is estimated that there are more than 800 million viable evasion combinations in use by attackers to avoid detection. The IT team can invest in innovative intelligent technologies which can monitor code behaviour and share actionable intelligence in real time, in order to assess threat levels and quickly respond to an attack.
SSL ATTACKS
SSL and encryption have produced huge improvements in secure communications but cyber criminals have been quick to use existing encrypted channels as new avenues of attack. By hiding within encrypted traffic, cyber thieves are bypassing organisational defences. McAfee Labs detected 24 million SSL attacks in 2014 alone. Nevertheless, enterprises can effectively block SSL attacks by integrating advanced SSL inspection within IPS and firewall solutions so that traffic can be inspected both into and out of the organisation's network.
To safely navigate the evolving threat landscape, enterprises must take time to understand all of these network threats and tailor their security strategy to focus on the greatest risk. A connected security solution, which enables security devices to break down data silos by sharing information with each other in real time, is vital. This type of dynamic security profile enables companies to present a more unified front against attackers who are testing network defences for signs of weakness.
| 
