1、PROTECTING WHAT YOU CANT SEE Eliminating Security Blind Spots in an Age of Technological Change 20192020 / Global Application only 6% claimed not t�������o h������ave experienced an attack. As in 2018, about one-third of respondents said that their organizations experience cyberattacks either daily or weekly. Of
2、 concern are the 22% of respondents who said that they were not aware if attacks occurred. Lack of���� visibility into what is happening in their networks is likely a contributing factor. The i�����ndustries that indicated the highest frequency of daily cyberattackswereeducation,bankingandfinancialservices a
3、nd service providers. How Often Were Businesses Attacked? Vertical Focus: Experience Daily Attacks 1. Education45% 2. Ret��������ail39% 3. Banking and financial services37% Figure 5. Segments that reported experiencing daily cyberattacks. 20192020 / Global Application & Network Security Report9 THE 2019 THR
4、EAT LANDSCAPE 0% 10% 20% 30% 40% Daily 20019 WeeklyMonthlyOnce or twice a ye�������ar NeverUnknown 14% 14% 19% 14%13% 21%20% 13% 11% 13%13% 13%14% 7% 6% 22% 17%16% 13%14% 28% 32% 27% 25% 20192020 / Global Application & Network Security Report10 THE 2019 TH�������REAT LANDSCAPE 2 3 poorly-configured-bac
5、k-up-system/ Figure 6. Primary goals of hackers (2019). Ransom Of the respondents who reported experiencing cyberattacks sometime during the previous year, ransom remained the primary motivation, with a 16% year-over-year increase from 2018 and back to the level reported in 2017. Nor��������th American comp
6、anies ranked ransom as the highest motivation for cyberattacksat70%. In 2019, hackers launched cyber-ex����tortion campaigns directed at enterprises and government agencies, often targeting employees with phishing emails that included links that, once clicked, enabled attackers to enter the networks. Wh
7、y Were Businesses A����ttacked? Among respondents who experienced cyberattacks, about one-thirdsaidthattheprimarygoalofhackerswas������financial gain or service disruption. As organizations adopt more dynamic network environments to enable more agile responses to business opportunities, new blind spots in the
8、 attack surface emerge for cybercriminals to leverage. 2019: CASE IN POINT Johannesburg, South Africa TheShadowKill Hackers gr�������oup locked down the citys infrastructure demanding four bitcoins.2 A������rizona Beverages HackersleveragediEncrypt ransomware to attack outdated back-end servers in the companys n
9、etwork.3 REGION TotalUSA/CanadaAPACEMEACALA Financial/ransom59%70%52%59%30% I����nsider threat29%26%2������8%31%39% Political/hacktivism/social28%30%23%38%20% Cyberwar/geopolitical conflict related 27%36%27%20%7% Competition/espionage25%23%22%34%26% Angry users20%21%12%23%30% Motive unknown/other27%28%27%27%2
10、6% Have not experienced any cyberattacks1%0%2%1%2% Figure 7. Motives for cyberattacks vary by regio�����n. 31%22%33% Finan���cial gainService disruptionData theft 20192020 / Global Application & Network Security Report11 THE 2019 THREAT LANDSCAPE Figure 8. Types of attacks experienced (20162019). Nation-Sta
11、te Attacks Another phenomenon in 2019 is the 42% increase in attacks reported by respondents who said that their organizations were attacked and attributed the attacks to foreign governments.������ In nation-state attacks, government entities launch attacks to gain user information and tamper with the ope
12、rations of companies or other nations. Hacktivism is �������more prevalent in EMEA at 38% than in the total respondents average of 28%. In APAC, angry users retaliated with cyberattacks, according to 30% of respondents, compared to 20% of total respondents. Therewerenomajordevelopmentsinthethreatlandscapei
13、dentifiedbysurveyrespondents.Thetypesofcyberattacksthat businesses experienced remained fairly consistent with results from 2018. Malware������� attacks were the most prevalent, hitting seven of 10 organizations. The change in DDoS attacks was minor with only a 10% decline year over year, as well as for we
14、b application attacks, which only saw an increase of 10%. What Kinds of Attacks Did Businesses Experience? 2019: CASE IN POINT DNS hijacking campaign Iranianhackersare suspected of a wave of DNS hijacking attempts against domain�����s around the globe belonging to government, telecom and internet infrast
15、ructure organizations.4 Operation Soft Cell HackerscompromisedtheIT infrastructures of 10 telecom companies, set���ting up VPNs with administrator privileges to gain access to customer data,withspecificinterestinabout20high-valuetargets.5 Operation ShadowHammer UsingtheASUSLive Update utility, hackers
16、installed back doors on ASUS computers around the globe to target a pool of users identifiedbytheirnetworkadaptersMACaddresses.6 This example i������s a supply chain attack where c������ybercriminals target a popular service intending for the damage to trickle down to the user base for maximum impact. 4 5 6 Fig
17、ure 6. Primary goals of hackers (2019). 0% 10% 20% 30% 40% 70% 50% 60% 80% Malware and bots 20019 Socially engineered threats (phishing, fraud) ������DDoSWeb application attacks Ransom threats CryptominersAPI abuseNone of the above 69% 54% 43% 42% 48% 69% 61% 43% 59% 20% 52% 76% 65% 42% 38% 21%
18、 53% 72% 65% 46% 17% 39% 48% 2% 1% 1%1% Of those who experienced attacks against a DNS server, halfexperiencedaBruteForceattack,andanothertwo-fifths indicatedabasicqueryflood.BruteForceattacksaremore common in North America and CALA tha������n in t��������he APAC region.Cachepoisoningattacksincreasedsignificantly
19、for the second year in a row (to 45%, up from 31% in 2018). Respondentsintwooffiveorganizationssaidthatthe��������ydidnotincuranyuserdatagramprotocol(UDP)DDoSattacksinthepast year. Companies that were hit by UDP DDoS attacks reported a variety of types, including randomized attacks, high-������rate small packets,
20、DNSreflection,garbage,largepacketsandnetworktimeprotocol(NTP)reflection. Figure 10. Types of UDP DDoS attacks incurred. Brute Force53% Basic query flood46% Recursive flood34% Reflective amplification attack37% Cache poisoning45% Figure 9. Attack vectors experienced a��������gainst DNS servers. 0% 10% 20% 30
21、% 40% Randomized attack High-rate small packets DNS reflectionGarbageLarge packetsNTP reflection 27% 8% 15% 18% 20% 21% 20192020 / Global Application & Network Securi������ty Report12 THE 2019 THREAT LANDSCAPE Focus on DDoS Attacks In general, cyberattacks did not differ greatly based on industry, exc�����ept
22、for DDoS attacks that were most common to service provider/telecom companies at 64% compared to 48% for all respondents. KeycharacteristicsofDDoSattacksinthisyearsreportinclude: 10% of DDoS attacks were above 10Gbps The average packets-per-second (PP�����S) rate declined 42% lasted less than one hour Bur
23、st attacks were shorter and lasted only a few minu�������tes Three��� of four DDoS attacks impacted respondents infrastructure with partial service degradation or a complete outage. Advances in DDoS protection technologies have proved effective against simplenetworkfloods.Overtime,DDoSattackshavemoved to the
24、application layer. Nearly all (91%) of the respondents who incurred a����� DDoS attack indicated that the application layer was the preferred vector. Figure 11. Components impacted by DDoS attacks. Infrastructure upgrades and investments in capacity contributed to a 9% reduction in internet pipe saturati
25、on situations as a result of DDoS a������ttacks, compared to 2018. A New Version of an Age-Old Attack The Radware Threat Research Center (TRC) and ERT monitorclientsnetworktraffictodefendagainstknown and emerging attacks. During the ����last two years, the TRCandERTidentifiedasteadygrowthinattackers leveragin
26、gTCPreflectionattacksa�����ndrecentlyissued a Radware Threat AlertTCP Reflection Attacks.7 InaTCPSYN-ACKreflectionattack,anattackersends a spoofed SYN packet (with the original source IP replaced by the victims IP address) to a wide range ofrandomorprese������lectedreflectionIPaddresses. Theservicesatthereflec
27、tionaddressesreplywitha SYN-ACKpackettothevictimofthespoofedattack. Although the typical three-way handshake might ������assume thatasingleSYN-ACKpacketwillbed�����eliveredtothe victim,whenthevictimdoesnotrespondtothelastACK packet,thereflectionservicewillcontinuetoretransmit theSYN-ACKpacket,resultinginamplif
28、ication. Thealertoutlinesthegenesis,profile,impactsand protection recommendations for this type o������f attack. 7 0%5%10%15%20%25%30%35% Internet pipe saturation Server Firewall IPS/IDS Load balancer (ADC) SQL server 35% 32% 33% 34% 6% 2% 2% 3% 7% 9% 16% 19% 20182019 20192020 / Global Application & Netwo
29、rk Security Report13 THE 2019 THREAT LANDSCAPE 20192020 / Global Application & Network Security Report14 THE 2019 THREAT LANDSCAPE New Attack Ve������ctors������ In 2019, two new DDoS attack vectors came to light that leverageamplificationattacks,afavoritevectorinthe DDoS-for-hireindustry.Amplificationattacksqu
30、ery information from a service, such as the DNS or NTP, with spoof requests that make their way to the targets. IoT Threats IoT threats continued at a rapid pace in 2019. Hackers successfully used timeworn strategies to gain access to vulnerable connected devices. Visibili���tyintoIoTbotnetattacktraffi
31、ccontinuestobeanissue for organizations. Although down from 2018 responses, 38% of respondents still said that they do not know or are not sure if they experien�������ced any DDoS attacks originated by an IoT botnet during the past year. Figure 12. Knowledge of DDoS attacks originated with an IoT botnet. 8
32、 9 10 11 12 2019: CASE IN POINT WS-Discovery Amulticastprotocollaunched that discovers nearby connected devices, such as printers or security cameras, and directs them to amplify DDoS attacks over the internet.8 MacOS ARMSAttacksleveragetheAppleremote management service (ARMS) of the macOS ����on comput
33、ers connected to the internet without firewallorlocalnetworkprotectiontoamplifyDDoS attacktraffic.9 2019: CASE IN POINT Silex malwareThismalwaregoesafter thefirmwareofIoTdevices,apracticeknown as “bricking,” by logging in with known default credentials. The author of the malware is purportedly��� a 14-
34、year-old male who was inspired by the BrickerBot malware attack in 2017.10 D-Link router������ attacksAhackergrouphijacks DNStrafficonD-Linkrouterstodirectittomalicious clones of legitimate websites.11 The strategy is similar to a����ttacks at Brazilian banks tracked by the Radware TRC dating back as far as 2
35、015.12 Don��������t know/ not sure NoYes 201720182019 0% 20% 40% 60% 80% 100% 31% 44% 38% 52% 39%������� 44% 17%17%18% 20192020 / Global Application & Network Security Report15 THE 2019 THREAT LANDSCAPE Bot Attacks Figure 13. Bot attacks experienced in 2019. Figure 14. Worldwide heat map of bot traffic, August 201
36、8 to August����� 2019. Figure 15. Bad bot traffic by generation, 12-month snapshot. A heat map shows where bot trafficisgenerated,withhotspots in China, Russia and countries in Africa. Bot attacks were experienced by 56% of respondents, and DDoS was the most prevalent at 35%������. Thirty-eight percent of resp
37、ondents did not know if their organizations were hit by IoT botnets. As bots get more sophisticated, they do a better job of mimicking human behavior by using keystrokes and mouse movements to trick se�����curity screening. Other sophisticated bots can generate different device IDs to bypass challenges t
38、o get into networks, take over user accounts, scrape data and disrupt services. 0% 10% 20% 30% 40% DDoSWeb scrapingAccount takeover/ credential���� theft Payment data abuse Skewed marketing analytics Denial of inventory 35% 7% 8%8% 17% 18% 23% Humanlike bots 16% Script bots Headless browsers 15% Distrib
39、uted bots 46% 20192020 / Global Application & Network Security Report16 THE 2019 THREAT LANDSCAPE Business Concerns About Cyberattacks Cost of Cyberattacks Figure 17. Factors included when calculating the cost of cyberatt������acks. Data leakage continued to be the biggest business concern related to a cy
40、berattack, although to a lesser extent than in 2018 (down to 30% from 35%). A secondary concern is a service outage. Similarto2018,twooffiverespondentsestimatedthatacyberattack cost their organization less than ����100,000 USD/EUR/GBP. But cost estimates varied depending on the organizations size��������. Compa
41、nies with revenues of more than 1 billion USD/EUR/GBP reported an average cost of 1.7 million USD/EUR/GBP per cyberattack. C�������ompanies with revenues of less than 1 billion USD/EUR/GBP estimated the cost of a cyberattack at 480,000 USD/EUR/GBP. Companies with revenue below 1 billion USD/EUR/GBP were mo
42、st likely to say that an attack would cost them less than����� 100,000 USD/EUR/GBP (48%) vs. 23% of companies with revenue of 1 billion USD/EUR/GBP or higher. Those with ���������revenue of at least 1 billion were more likely to incur at least 500,000 USD/EUR/GBP in related expenses. Data leakage/information loss
43、30% Service outage2������3% Reputation loss16% Revenue loss11% Customer/partner loss8% Productivity loss7% Losing my job6% Figure 16. Business concerns if faced with a cyberattack. Only about one-quarter of survey respondents said that their organizations had tried to calculate the cost of a cyberattack.
44、At least half of those who calculated the cost of an attack included factors associated with downtime, repair/patching and investigation. Figure 18. Estimated cost of a cyberattack by company revenue. COMPANY SIZE BY REVENUE 1 billion USD/EUR/GBP������� 1 billion USD/EUR/GBP AVERAGE COST OF A CYBERATTACK 1
45、.7 million USD/EUR/GBP 480,000 USD/EUR/GBP 0% 10% 30% 20% 40% 60% 50% 70% Downtime Repair/ patch cost Cost of invest. Imp. of new tech. Customer notification Third-party remediation���� Resourc������es/ staffing Govt. & regulatory fines Customer remediation Public relations Mktg./ awareness Legal fees Custome
46、r churn Other 55%55% 50% 48% 46% 43% 42% 38% 37%37% 30%29%������ 22% 2% 20192020 / Global Application & Network Security Report17 THE 2019 THREAT LANDSCAPE Figure 19. Repercussions of successful attacks. Figure 20. Solutions used to prot������ect against cyberattacks. Successful attacks most often resulted in p
47、roductivity or operational loss or negative customer experience. The most common losses are consiste��������nt across all regions. Half of the respondents reported having used premise-based DDoS protection to guard against cyberattacks. One-third used an internet service provider (ISP) or clean link service
48、 or content delivery network (CDN)-basedDDoS/filtering.Morethanhalf used multiple solutions, but one-fourth utilized only one solution against cyberat������tacks. What Security Strategies Did Businesses Use? 0% 10% 30% 20% 40% 60% 50% Prod./ oper. loss Neg. cust. exp. Brand reputation loss Revenue loss Cu
49、stomer loss Unexp. budget inc. Legal action Intellectual property loss Drop in share price value Term. of CISO or CSO Term. of C-suite leadership (CEO or exec) Other None/ dont know 45% 43% 24% 22% 18%18% 9% 4% 3% 4% 2% 13% 8% 0% 20% 40% 60% 80% 100% 51% 19% 30% 37% 23% 40% 35% 23% 43% 31% 28% 41% 30% 26% 44% Premise-based DDoS protection ISP or clean link se�����rvice CDN-based DDoS/filtering On-demand cloud-based service Always-on cloud-based service Curren
sgpjbg002
工作日 8:30 - 17:30
会员动态:
报告分类
新质生产力
ChatGPT
新能源汽车
大模型
Sora
机器人
微短剧
芯片
薪酬
白皮书
低空经济
数据要素
创新药
人工智能
AI产业
信息科技
互联网
消费经济
汽车交通
电商零售
传媒娱乐
医药健康
投资金融
能源环境
地产建筑
传统产业
英文报告
其它
扫码登录
手机快捷登录
账号登录
