Contact Us

Continuity Insights Management Conference

New Report Reveals Killchain Efficiencies, Cyber-Attack Automation Giving Attackers Unprecedented Advantage

Continuity Insights

Security-as-a-Service solutions provider Alert Logic has released its latest cybersecurity analysis, “Critical Watch Report: The State of Threat Detection 2018,” which shows cyber attackers are gaining vastly greater scale through new techniques such as killchain compression and attack automation, expanding the range of organizations under constant attack regardless of industry or size.

Among the findings in the report is the end of the traditional killchain1, with 88 percent of killchain attacks now gaining efficiency and speed by combining what was formerly the first five phases – “recon,” “weaponization,” “delivery,” “exploitation” and “installation” – into a single action. In the traditional killchain model, organizations focused on stopping cyber threats at the earlier phases; however, the new killchain creates near-instantaneous cyber attacks that make many established security practices ineffective.

The report also exposes evidence that attackers have greatly expanded their use of automation to launch random and recursive attacks that are changing the way organizations have to assess risk. These automated “spray and pray” attacks roll through a set of IP addresses at massive scale, seeking vulnerabilities, and immediately execute further automation to exploit them. Because these highly automated attacks hit small-, medium- and enterprise-sized organizations indiscriminately and at a similar rate, industry and size are no longer reliable predictors of threat risk.

Another key finding is that cryptojacking is now rampant, with many attacks featuring this as their primary motivation. In the data analyzed, for example, it was observed that 88 percent of recent WebLogic attacks were cryptojacking attempts. The report also found that web application attacks remain the most frequent and dominant type of attack, with SQL injection attempts comprising 43 percent of all attacks observed.

The report also establishes the prevalence of attack vectors by industry for government & education, financial services & insurance, health services, information technology & services, media communications & entertainment, not-or-profit organizations, production/manufacturing & logistics, and retail & hospitality.

In addition to the research findings, the report provides best practices for remediation and cyber hygiene, as well as recommendations on how to improve visibility and address staffing shortages, to help organizations improve their security posture.

Read the full release here.

A free copy of the Critical Watch Report: The State of Threat Detection 2018 is also available from Alert Logic here.

Continuity Insights

Similar Articles

Acronis Rebrands Flagship Personal Cyber Protection Solution as Acronis Cyber Protect Home Office

Acronis, a global leader in cyber protection, today released the newly-rebranded Acronis Cyber Protect Home Office (formerly Acronis True Image). This new name for the company’s flagship personal solution reflects its …

8 Steps to Protect Yourself From Phishing Scams

Going on three decades, email phishing scams continue to rise, with cyber actors improving and upping their game over time. A study by Tessian finds that 96% of phishing attacks …

CI New York Conference “Millennial Spotlight” Session – Leveraging the Me Culture to Your Advantage

Let’s shed some light on the Millennial stereotype. This highly educated and technically competent generation is our future and should be capitalized upon. In this 2017 Continuity Insights New York …

Leave a Comment

Share to...