Alert Logic Report Reveals New Killchain Efficiencies and Cyber-Attack Automation that Give Attackers Unprecedented Advantage

Alert Logic's picture
New Tactics Subvert Traditional Security Measures and Indiscriminately Strike Organizations of All Sizes

HOUSTON – September 25, 2018Alert Logic, the leading provider of Security-as-a-Service solutions, today released its latest cybersecurity analysis, “Critical Watch Report: The State of Threat Detection 2018,” which shows cyber attackers are gaining vastly greater scale through new techniques such as killchain compression and attack automation, expanding the range of organizations under constant attack regardless of industry or size.

To prepare the cybersecurity report, Alert Logic Security Operations and Threat Intelligence team members analyzed data from more than 1.2 billion anomalies, 7.2 million security events, and 250,000 verified security incidents across the Alert Logic customer base of more than 4,100 organizations over a 14-month period between 2017 and 2018.

Among the notable findings in the report is the end of the traditional killchain1, with 88 percent of killchain attacks now gaining efficiency and speed by combining what was formerly the first five phases—"recon,” “weaponization,” “delivery,” “exploitation” and “installation”—into a single action. In the traditional killchain model, organizations focused on stopping cyber threats at the earlier phases; however, the new killchain creates near-instantaneous cyber attacks that make many established security practices ineffective.

The report also exposes evidence that attackers have greatly expanded their use of automation to launch random and recursive attacks that are changing the way organizations have to assess risk. These automated “spray and pray” attacks roll through a set of IP addresses at massive scale, seeking vulnerabilities, and immediately execute further automation to exploit them. Because these highly automated attacks hit small-, medium- and enterprise-sized organizations indiscriminately and at a similar rate, industry and size are no longer reliable predictors of threat risk.

Another key finding is that cryptojacking is now rampant, with many attacks featuring this as their primary motivation. In the data analyzed, for example, it was observed that 88 percent of recent WebLogic attacks were cryptojacking attempts. The report also found that web application attacks remain the most frequent and dominant type of attack, with SQL injection attempts comprising 43 percent of all attacks observed.

“It’s no secret that attackers push the envelope and innovate attacks to abuse weaknesses anywhere they find them—in cloud and hybrid deployments, containerized environments, and on-premises systems,” said Rohit Dhamankar, Vice President of Threat Intelligence Products at Alert Logic. “What is troublesome is the use of force-multipliers like automation to scale attacks for increased financial gain. This report demonstrates that attackers are gaining increasing sophistication in their ability to weaponize trusted techniques to exploit common vulnerabilities and misconfigurations for purposes such as cryptomining.”

The report also establishes the prevalence of attack vectors by industry for government & education, financial services & insurance, health services, information technology & services, media communications & entertainment, not-or-profit organizations, production/manufacturing & logistics, and retail & hospitality.

In addition to the research findings, the report provides best practices for remediation and cyber hygiene, as well as recommendations on how to improve visibility and address staffing shortages, to help organizations improve their security posture.

“While attackers continue to innovate with improved agility, speed and covertness, defenders also have opportunities to evolve the way they approach their security processes, procedures, and technologies. With our deep understanding of new and enhanced attack methods, Alert Logic can be a trusted partner in helping them,” said Dhamankar.

To download a free copy of the full report, Critical Watch Report: The State of Threat Detection 2018, visit here.

Additional Resources

Blog

LinkedIn

About Alert Logic

Alert Logic delivers better cybersecurity for everyone, regardless of their company’s size or technology environment. Our proactive threat management platform, always-current threat intelligence, and 24x7, customer-obsessed analyst services protect organizations cost-effectively and with fast time-to-value. More than 4,000 organizations trust their security to Alert Logic every day so they can focus on what matters most—running their business. Founded in 2002, Alert Logic is headquartered in Houston, Texas, with offices in Austin, Seattle, Dallas, Cardiff, Belfast, London and Cali, Colombia. For more information, please visit www.alertlogic.com.

Share Now

For Alert Logic Inquiries:

Christine Blake
Public Relations
W2 Communications
703-877-8114
Christine@w2comm.com

Contact Alert Logic
Contact Us

SCHEDULE A DEMO

Want to learn about Alert Logic products in more detail? Call us direct at +1.877.484.8383, for the UK call +44 (0) 203 011 5533, or complete this form. An Alert Logic representative will contact you soon.

Alert Logic would like to contact you occasionally by email and phone to offer you resources such as in-depth threat intelligence, security best practices, webinars, and events.

Alert Logic
  • Toll Free: +1.877.484.8383
  • Corporate: +1.713.484.8383
  • UK: +44 (0) 203 011 5533

Contact Us

United States:
844.816.1051

United Kingdom:
+44 (0) 203 011 55331

Or fill out the form below and an Alert Logic represetitive will contact you shortly.

Copy this html code to your website/blog to embed this press release.

Comments

Post new comment

7 + 3 =

To prevent automated spam submissions leave this field empty.