2018 State of Security Statistics
Cyberattackers are voracious innovators, so you should keep up on trends with a roundup of cybersecurity statistics from the past year.
With so many security statistics from so many sources, wouldn’t it be nice to have them all gathered in one place? CSO Online did it, and here are a few highlights:
- 90 percent of all remote code execution attacks were associated with cryptomining.
- 92 percent of malware is still delivered by email.
- 56 percent said that targeted phishing attacks were the top security threat they faced.
- Fileless malware is on the rise, accounting for 77 percent of compromised attacks.
- The biggest cost of ransomware isn’t the ransom! 55% is from system downtime and productivity loss.
- 54 percent of companies sampled experienced an industrial control system security incident within the past twelve months. Yikes!
Not enough stats for you? Read CSO Online’s article Top cybersecurity facts, figures and statistics for 2018.
“Perfect” Antivirus from Three Different Vendors
While no antivirus software is perfect, solutions from Bitdefender, Kaspersky, and Microsoft earned perfect scores from AV-TEST.
Three antivirus (aka antimalware) vendors earned perfect scores across the board from AV-TEST. Based in Germany, AV-TEST is a respected, independent research institute for IT security that has been around for 15 years.
The three vendors (and five editions) that earned a perfect score for protection, performance, and usability are:
- Bitdefender Endpoint Security 6.6
- Bitdefender Endpoint Security Elite 6.6
- Kaspersky Small Office Security 6
- Kaspersky Endpoint security 11.0
- Microsoft Windows Defender Antivirus 4.12 & 4.18
For full details, and more, checked out AV-TEST’S latest round of testing.
Factoring Cyberthreats Into Company Value
Techies have been guesstimating cybersecurity risks forever, but businesses are only starting to measure these risks as part of an organization’s financial bottom line.
Enterprise Risk Management (ERM) is how businesses calculate risk by multiplying potential impact of an event by the chances it will happen. Disclaimer: that was an oversimplification, read the link below for more.
The broader point is, how in the heck can anybody factor the business impact of future cybersecurity risks into ERM? They are trying to do this with frameworks, equations, models, scorecards, AI, machine learning, etc. Put another way, they are building some really amazing Excel spreadsheets. Still, nobody has really nailed it.
This quote sums it up, “Even the really big insurance players right now aren’t widely promoting cyber insurance policies,” says Nathan Wenzler, chief security strategist at AsTech. “They exist, and they’re becoming more of a thing, but there’s no static actuarial data that’s consistent across the board.”
For more detail, read What is enterprise risk management? How to put cybersecurity threats into a business context.
US Weapons Systems Fail Cybersecurity Audit
Don’t be too proud to question cybersecurity basics like “change admin passwords from default” because the US DoD just failed an audit for that and other major oversights.
The Bad News
The U.S. Department of Defense (DoD) failed a weapon systems cybersecurity audit. The Government Accountability Office (GAO) reported, “Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications.”
The Good News
The audit succeeded in its main purpose: to focus increased attention on cybersecurity in new systems before they are built. Plus, IT pros can take it as reminder to go check your passwords and other security basics.
Read Wired’s article, US Weapons Systems are Easy Cyberattack Targets, New Report Finds.
Hunting Down and Killing PowerShell Malware
PowerShell malware is extra hard to notice, find, and remove, so it may help to see how this cybersleuth and his team did it.
PowerShell cryptomining malware blew its cover by slowing host machines
Killing it just caused respawns a couple hours later.
Finding it was hard because no modified system files, hidden folders, etc.
Had to turn on PowerShell logging and dig deeper
Finally removed from the WMI database
Read TechTarget’s article, Tips to track down and neutralize PowerShell malware.
Patch Alert: Adobe Fixes Critical Flaws in Reader and Other Apps
Adobe has patched both critical and important bugs in Reader for Windows and Mac OS as well as other apps, so patch them already!
Adobe has patched bugs in a variety of applications. Since Reader is the most ubiquitously deployed, I’ll show you a few of the vulnerabilities patched there to get you a sense of it.
|Vulnerability Category||Vulnerability Impact||Severity|
|Out-of-bounds write||Arbitrary Code Execution||Critical|
|Stack Overflow||Information Disclosure||Important|
|Security Bypass||Privilege Escalation||Critical|
While that example is from Reader, many Adobe apps are impacted by different vulnerabilities. Either patch everything Adobe, or dig deeper to see if your apps are affected.
It’s really several security bulletins from Adobe, which you can find lined in this Security Boulevard article, Adobe patches critical flaws in many of its software offerings.
The Cybersecurity Professionals Shortage Is Worse than we Thought … and We Thought It Was Bad!
If you are thinking about a career change, note that some experts are predicting a shortfall of two million cybersecurity jobs by next year.
The article basically says:
- National security is at risk because there are not enough cybersecurity pros
- Cybersecurity is a ridiculously hot career (which makes the world safer)
- Adults should encourage children to get interested in a cybersecurity career
- If you want to switch careers, there are lots of ways to get trained, get experience, and get credentialed
The article didn’t mention salary. Obviously, with this many openings it’s a decent option.
For more, read Help Net Security’s article, Serious lack of infosec professionals a key risk to national security.
The Most Popular Publicly Available Hacker Tools
Make sure you are following guidance from US-CERT on how to identify and prevent attacks using the five most common hacker tools of 2018.
Here are the five
- JBiFrost is a Remote Access Trojan (RAT) which grants remote administrative control.
- China Chopper is a Webshell which can grant remote access.
- Mimikatz is a Credential Stealer which can pull passwords from memory, and more.
- PowerShell Empire is a Lateral Movement Framework which spreads malware to different systems around a network.
- HUC Packet Transmitter is a is C2 Obfuscation and Exfiltration tool, so basically it hides the IP address / identity of an attacker
For details, read US-CERT’s Publicly Available Tools Seen in Cyber Incidents Worldwide.