Threat visibility is imperative, but it’s even more essential to act
Cyberthreats are escalating faster than many organizations can identify, block and mitigate them. Visibility into the expanding threat landscape is imperative, but according to a new threat report released by CenturyLink, it is even more essential to act.
“As companies focus on digital innovation, they are entering a world of unprecedented threat and risk,” said Mike Benjamin, head of CenturyLink’s threat research and operations division, Black Lotus Labs.
“Threats continue to evolve, as do bad actors. Well-financed nation-states and focused criminal groups have replaced the lone-wolf troublemaker and less sophisticated attackers motivated by chatroom fame. Thankfully, through our actionable insights, we can defend our network and those of our customers against these evolving threats.”
These rogue networks of infected computers continue to be successful because of the ease with which they compromise their targets and their ability to be operated remotely and covertly.
Botnets like Necurs, Emotet and TheMoon have demonstrated evolutions in both complexity and resiliency. Malware families like Gafgyt and Mirai are also ongoing concerns given their target of IoT devices.
DNS is often overlooked as a potential attack vector. However, we have seen a rise in DNS-based attacks, such as DNS tunneling. A DNS tunneling attack can be used to encode data in the sub domains of a DNS query or response, allowing unabated network access to extract data, subvert security controls or send arbitrary traffic.
DDoS attacks continue to cause service delays and take businesses offline. While we observed ongoing progressions in attack sizes, we also detected an increase in burst attacks, lasting a minute or less.
A point of interest to note, of the top 100 largest attacks, in the first half of the year, 89 percent were multi-vector.
Geography: Geographies with growing IT networks and infrastructure continue to be the primary source for cybercriminal activity. The top five countries most under attack in the first half of 2019 were: The United States, China, India, Russia and Vietnam.
While the United States, China and Russia have appeared on the list year-over-year, India and Vietnam are new to the top five. Most C2 attacks in the first half of 2019 targeted the United States, China, Russia, Netherlands and Mexico. Netherlands and Mexico are new additions to the top five.