Report details how traditional exploit techniques used in innovative ways can mask dangerous threat activity
Palo Alto Networks has revealed new research on how attackers exploit commonly-used business applications to bypass security controls — and provides helpful insight into how business leaders and security practitioners need to reassess and strengthen their security posture.
The findings are based on analysis of traffic data collected from 5,500 network assessments and billions of threat logs over a 12-month span and are revealed in the 2014edition of the Palo Alto Networks Application Usage and Threat Report. The report provides the industry’s most detailed assessment of the relationship between advanced cyber threats and the applications running on enterprise networks worldwide.
“Our research shows an inextricable link between commonly-used enterprise applications and cyber threats. Most significant network breaches start with an application such as e-mail delivering an exploit. Then, once on the network, attackers use other applications or services to continue their malicious activity – in essence, hiding in plain sight. Knowing how cyber criminals exploit applications will help enterprises make more informed decisions when it comes to protecting their organizations from attacks,” said Anil Bhasin, MD (India and SAARC), Palo Alto Networks.
Key takeaways:
Common sharing applications such as e-mail, social media, and video remain favored vehicles for delivering attacks but are often the start of multi-phased attacks rather than the focus of threat activity.
99 percent of all malware logs were generated by a single threat using UDP; attackers also use applications like FTP, RDP, SSL, and NetBIOS to mask their activities.
34 percent of applications observed can use SSL encryption; many network administrators are unaware of what applications on their networks use un patched versions of Open SSL, which can leave them exposed to vulnerabilities such as Heartbleed.
