Quarterly Threat Report - eSentire

threat volume and attack types. Each topic is divided into multiple sections, including visual data analysis, written analytical analysis, practical recommendations ...
3MB Sizes 2 Downloads 350 Views
Q1

2017

Quarterly Threat Report

Threat Report

eSentire Threat Intelligence

Table of Contents Preface......................................................................................3 Industry Targets......................................................................4 Threat Trend............................................................................4 Threat Type Heat Map...........................................................5 Threat Count by Day of Week..............................................6 Threat Breakdown Heat Map..............................................6 Methodology............................................................................7 Appendix 1: Threat Types.....................................................7 Appendix 2: Confidence Language....................................9

eSentire 2017 Q1 Quarterly Threat Report © 2017 eSentire, Inc. All rights reserved. www.eSentire.com | @eSentire.com | [email protected]

2

Threat Report

eSentire Threat Intelligence

Preface eSentire invented a highly integrated technology stack that enables unparalleled visibility into our midmarket customer networks and agile real-time threat response capabilities. This report provides a quarterly snapshot, analyzing all events investigated by the eSentire Security Operations Center (SOC), while addressing three topics: threat types, threat volume and attack types. Each topic is divided into multiple sections, including visual data analysis, written analytical analysis, practical recommendations and key assumptions.

eSentire 2017 Q1 Quarterly Threat Report © 2017 eSentire, Inc. All rights reserved. www.eSentire.com | @eSentire.com | [email protected]

3

Threat Report

eSentire Threat Intelligence

Industry Targets Between January 1 and March 31, the eSentire SOC detected nearly 4 million attacks across multiple industries, with Finance, Technology, Legal, Mining, and Retail seeing the most activity. Small financial companies, in particular, make for high-reward, low-risk opportunities for attackers as they can provide large monetary returns with little effort. Robust cybersecurity standards in small companies are seldom cost-effective unless security tasks are outsourced to companies specializing in security.

Retail

Technology 10.31% Legal 7.80%

Finance 66.38% Mining

Threat Trends This quarter has seen an upward trend in attacks with the threat landscape increasing dramatically in the third week of February and through March. Scanning and intrusion attempts dominated the data trends. Together, they represent 75 percent of signals for Q1, with Malicious Code trailing at 11 percent. Compared to 2016, scanning events have seen a large increase in 2017, particularly in the month of March, in which detection of scanning events nearly doubled. As exploitation becomes more costly for attackers, analysts are observing a gradual transition to tactics that rely on social engineering. This includes phishing, spam and webpages that manipulate users into installing malware on their computer or divulging confidential information.

eSentire 2017 Q1 Quarterly Threat Report © 2017 eSentire, Inc. All rights reserved. www.eSentire.com | @eSentire.com | [email protected]

4

Threat Report

eSentire Threat Intelligence

Threat Type Heat Map Information Gathering was the dominant threat type in Q1 when compared to 2016, in which Intrusion Attempts were most prominent. Additionally, Malicious Code incidents increased in March. These changes in threat type volume indicate an increase in Information Gathering as attackers regroup to determine the best methods of attack going forward. Together, Intrusion Attempts and Information Gathering accounted for about three quarters of observed attacks. March, in particular, saw the largest