- Are you ready for ISO27001 compliance? - 01/04/2023
- Steps To Implement ISO27001 ISMS - 01/04/2023
- How an organization achieves ISO 27001 certification? - 01/04/2023
SYNOPSIS
Valency Networks is committed to track the cyber attacks. While catering to our customers for cyber security services we end up gaining a huge amount of insights. This is primarily possible via the vulnerability assessments and cyber forensic services. While focusing on the first quarter of 2021, we realized a paradigm shift in the attack vectors. While in some cases the attacks are similar to that of last year, the root reasons behind those attacks seem to have changed drastically. This report depicts a gist of our findings of the Q1 of 2021.
DISCLAIMER
Statistics presented in this report are an outcome of cyber security services data gathered by Valency Networks. There is no data in this report that is copied from or referred from any other source on internet or otherwise. Feel free to refer to this report and use information contained in it for your presentation. Although, since this report is a copyrighted material of Valency Networks, modification or presentation of this report without prior consent of Valency Networks is strictly prohibited. You can contact us using the details found on our website link (mentioned on the last page of this report).
STATS
Ransomware attacks increased out of proportion
- In 95% cases the ransomware was not detected by antivirus software
- In 100% of cases the data recovery was not possible
Reason behind the increase in attacks
- No information security policy in place for employees on the usage of removable media; plus open USB access on laptops or desktops.
- Thereby increasing the possibility of virus, malware attack vector.
- BYOD is allowed in many IT industries. No information security policy guidelines or Policies from System administrators for BYOD assets when connecting to company LAN or WiFi.
- Lack of critical data backup and restore policies and procedures.
- Missing basic end-point protection policy deployment and monitoring
RANSOMWARE & SERVERS
Data leakage from servers was on rise
- In all cases, one or more patches were missing
- SSH Port was exploited in most of the cases
Reason behind the increase in attacks
- Missing and vulnerable patch management mechanism – no proper system reboot for effective deployment of patches.
- Ignorance toward Linux/Unix system updates and upgrades.
- Negligence towards server hardening practices
- Improperly configured firewall rules
WEB ATTACKS
- Cross site scripting to deliver virus payload
- PHP file injection attacks
- WordPress plugin exploitation
Reason in increase of attacks
- Improper file upload coding logic
- No parameter sanitization logic deployed on all user accepted and stored inputs
- Negligence towards server hardening practices
- Absence of periodic and timely update and upgrade of WordPress version along withused themes, plugins
- Negligence while updating the patches of PHP frameworks such (e.g Laravel)
MOBILE ATTACKS
- Incorrect permissions
- Exploitable programming framework
- WebView based JavaScript injections
Reason in increase of attacks
- Deploying various android permissions without striking secure balance between functional requirements of mobile application and sensitive data handling by mobile application
- Having blind trust on security features provided by various mobile programming framework without secure testing
- No parameter sanitization logic deployed on all user accepted and stored inputs
SUGGESTIONS
- Follow and imbibe some standard security practices and discipline within organizations i.e. ISO27001, SOC, etc.
- Have policies and procedures for patch management – which involves frequency and secure methodology of patch installation, deployment and monitoring.
- Train developers to create and follow secure coding practices and various standards such as OWASP Top 10 for web and mobile.
- Perform timely and periodic Vulnerability assessment and penetration testing (VAPT)of Web, mobile & Cloud applications along with IT and Cloud infrastructure VAPT.
- Create and execute server hardening checklist and secure practices
- Deploy centralized end-point protection mechanism and ensure to include all the company assets under those policies.
- Highly encouraged to set-up internal and external threat monitoring mechanisms for IT and Cloud infrastructures owned by organizations.
- Perform timely Information security assessments or Audits refereeing to any Standardi.e. ISO27001, SOC, etc.
REFERENCES
Why Manufacturing Industry is Prone to Ransomware Attacks?
(https://www.valencynetworks.com/blogs/why-manufacturing-industry-is-prone-to-ransomware-attacks/)
Why Hackers Like The Healthcare Industries?
(https://www.valencynetworks.com/blogs/why-hackers-like-thehealthcare-industries/)
Vulnerability Assessment – Automated v/s Manual Testing
(https://www.valencynetworks.com/blogs/vulnerability-assessmentautomated-v-s-manual-testing/)
Top 5 Reasons To Perform VAPT Of Your Web Application
(https://www.valencynetworks.com/blogs/top-5-reasons-to-perform-vapt-of-your-web-application/)
GDPR Compliance for Mobile Apps
(https://www.valencynetworks.com/blogs/gdpr-compliance-for-mobile-apps/)
Why HIPAA and GDPR cannot replace each other?
(https://www.valencynetworks.com/blogs/why-hipaa-and-gdpr-cannot-replace-each-other/)
PDF of blog-
Cyber-Security-Statistics-2021-Q1