View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 26, 2018updated 06 Jul 2022 8:52am

Attack Automation and “Spray and Pray” Posing Bigger Cyber Threat to Organisations

App attacks are now the dominant attack method for multiple industry verticals

By jonathan chadwick

Attack automation, “spray and pray” techniques, and a shorter cyber killchain are some of the cyber attack trends posing an ever greater security threat to organisations, according to a new report from Houston-headquartered Alert Logic.

The privately held cybersecurity company took into account 1 billion security anomalies, millions of security events, and over a quarter million verified security incidents from April 2017 June 2018 to prepare the Critical Watch Report 2018.

Alert Logic said their research demonstrated a “significant uptick” in the trend of automated attacks, known as spray and pray, that roll through a set of IP addresses seeking vulnerabilities.

‘Innovation’ in New Attack Automation

While the targeting of IP addresses is not new, the use of automation is, as is the scale at which it is being utilised. Increasingly innovative automation techniques are also now being deployed, the firm said, examples of which it previously detailed in a blog post.

“So called spray and pray attackers are assaulting organisations at an unprecedented rate,” Alert Logic said. “The random nature of attacks has created a threat environment that is so aggressive, if there is proof-of-concept (POC) code out there, and your organisation is vulnerable, you will be attacked.”

New Attack Automation

(Image: Alert Logic)

Alert Logic also used the report to highlight how the cyber killchain, or the structure and progress of an attack, is being shortened. Attack stages are now merging, Attack Logic said, giving organisations less of a chance to respond before they are affected and rendering standard methods of detecting and interrupting an attack ineffective.

The report outlined the traditional seven phases of the cyber killchain as reconnaissance, or harvesting information; weaponisation, coupling exploit with backdoor into deliverable payloads; delivery of the threat to the victim; exploiting the vulnerability to execute code the victim’s system; installing malware; command channel for remote manipulation; and action on objections, accomplished with hands on keyboard access.

“What we have observed in our new research is that attackers have modified this traditional killchain, effectively collapsing the first five phases into a single action, greatly speeding the process of identifying system vulnerabilities and launching a targeted attack,” the report says.

Content from our partners
Why email is still the number one threat vector
Why HR must take firm steps to become a more data-driven function
Why enterprises of all sizes must  embrace smart manufacturing solutions

This merging of the five stages and the approach to leverage pre-defined and weaponised attack packages marks the most significant change in the cyber killchain since it was defined, Alert Logic said. The firm said it saw this technique used in 88 percent of cases.

“It’s no secret that attackers push the envelope and innovate attacks to abuse weaknesses anywhere they find them—in cloud and hybrid deployments, containerized environments, and on-premises systems,” said Rohit Dhamankar at Alert Logic.

“What is troublesome is the use of force-multipliers like automation to scale attacks for increased financial gain. This report demonstrates that attackers are gaining increasing sophistication in their ability to weaponize trusted techniques to exploit common vulnerabilities and misconfigurations for purposes such as cryptomining.”

Cryptojacking ‘Rampant’

Alert Logic also called cyptojacking “rampant”, with the report saying 88 percent of recent WebLogic attacks were cryptojacking attempts.

Alert Logic also said that the increased access and variety of hacking tools such as these mean that relatively small organisations no longer have a safety net. Greater use of cloud-based resources and more systems and applications that are accessible over the internet mean organisations with fewer customers and more limited use of sensitive data were at a lower threat risk.

App attacks are now the dominant attack method for multiple industry verticals, accounting for more than three quarters of attacks in information technology and services, media communication and entertainment, not-for-profits, and retail and hospitality.

“Most organisations can improve their security posture dramatically by focusing on the basics,” the report concludes. “To effectively improve security, organisations must embrace security hygiene, including proactive steps like patching, monitoring, and threat hunting.

“You can’t improve what you can’t see; understanding your assets, liabilities, and gaps is essential.”

IT security company Malwarebytes revealed in a report last month that that an organisation in the United Kingdom with 2,500 employees should expect to pay more than £821,000 per year in cybersecurity-related costs.

See more: Understanding and Assessing Technical Debt for Improved Cybersecurity

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU