NTT Reveals GTIC Monthly Threat Report
Application attacks by gaining access to operating systems and databases on the rise, reveals NTT Ltd.’s GTIC Monthly Threat Report.
NTT Ltd., a world-leading global technology services provider, today released its GTIC Monthly Threat Report for the month of August 2020. The Global Threat Intelligence Center (GTIC) protects, informs, and educates NTT Group clients through threat research, vulnerability research, intelligence fusion and analytics.
With reduced IT spend being predicted as an outcome of COVID-19, the adage ‘architect twice, implement once’ is going to become even more imperative. Threat actors are attacking applications and are looking for flaws in the applications available through their web presence. Vulnerabilities in off-the-shelf applications, custom-built applications, databases, support infrastructure, as well as development and management tools, allow cyber criminals to gain direct and public access to databases to churn sensitive data.
- In June 2020, attacks against networking products (i.e., Zyxel, Netis, Netcore, Netgear, Linksys, D-link and Cisco) and video cameras accounted for about 32% of all attacks. Many of these were brute force or authentication attacks
- Beyond actual technologies being attacked, the list of actual vulnerabilities which are actively exploited tends to be relatively narrow. For instance, the top 10 most attacked vulnerabilities in 2019 accounted for 84% of all attacks observed and the top 20 most attacked vulnerabilities accounted for nearly 91% of all attacks.
- Some versions of Oracle Products, ThinkPHP, Joomla!, vBulletin, Apache Products, OpenSSL, IIS, and WordPress included vulnerabilities which could allow an unauthenticated remote attacker to perform remote code execution on the targeted system
- Organisation or businesses can adopt a web-application firewall (WAF) that helps to protect exposed systems from attack; it can block or filter attempted attacks from potentially hostile sources and can identify exploit attempts
- In addition, segregation of internal networks from each other using access control lists, white lists, blacklists, and other filtering techniques can help limit, or at least minimise, the attacker’s attempts to access other systems and data from any compromised system
- Organisations must focus on application security and include a vast set of controls and concerns, starting with designing secure applications, considering security as a basic business requirement, and extending good security practices through ongoing testing, maintenance, and monitoring of the supporting operational environment
As businesses continue to transform within information security, the need for the security industry to move away from ‘best of breed’ technology towards a unified strategic approach that prioritizes partnering with vendors who provide more effective coverage of security controls. People, processes, and technology; the three key pillars of information security must be considered across each to maintain an acceptable level of cyber maturity. The three reasons to consider a consolidation of vendors for cybersecurity solutions are:
- Reduction in risk for both the vendor and the operating environment
- Greater coordination of processes
- Increased purchasing power
Secure by design: An application perspective
Many organizations rely on custom applications for key aspects of their business. Unfortunately, designing, building and maintaining a secure application is not an easy task. Attackers are aware of this: our 2020 Global Threat Intelligence Report identified that nearly 55% of attacks we detected were application-specific or web-application attacks. A secure design is thus, critical for public-facing as well as internal applications.