Threat Intelligence Q1 2020 Analytics - AXA XL
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Threat Intelligence Q1 2020 Analytics
Overview Current Threat Landscape Key vulnerabilities
This publication provides an overview of our findings and key takeaways Weaponisation of COVID-19 tech findings
from the threat landscape analysis across all all reports produced for The COVID-19 pandemic is being leveraged by threat groups for financial,
AXA XL in Q1 2020. Through the AXA XL partnership with Accenture, we political and espionage purposes. Techniques include phishing, social Use of outdated infrastructure and insecure protocols
are able to offer a range of services to support our clients’ end-to-end engineering, malware deployment, vulnerability exploitation and business Despite awareness of the risks involved in using outdated infrastructure
cybersecurity needs. Our bespoke Threat Intelligence reports are produced email compromise. and insecure protocols, 66% of assessed clients were exposed to web server
specifically for AXA XL clients, to identify any cybersecurity vulnerabilities vulnerabilities and several cases of usage of Telnet, HTTP (unencrypted
and threats, and help them to improve their security posture and overall Key targets: global; government, healthcare, pharmaceuticals, utilities, web traffic) and FTP were observed. Of the web exposure threats identified,
risk. This summary gives a view of our findings and concludes with some media 72% related to vulnerable common web technologies.
actionable next steps to consider.
Ransomware attacks Sensitive information leakage
We are seeing continued prevalence of extortion malware being deployed 10% companies were found to have sensitive manuals, product diagrams,
creating additional threats of data disclosure. Ryuk and Maze ransomware or protocols exposed on public online repositories. These exposed
are popular for targeting global organisations. Organisations are often documents may be a gateway to the exposure of valuable knowledge about
initially compromised by popular and successful Emotet or Trickbot trojans. the company or intellectual property.
Key targets: global; local government, healthcare, oil and gas
Insecure remote access
There has been a surge in remote working activity and subsequent reliance
State actor activity on related infrastructure as a result of COVID-19. When surveyed, 30% of
An alleged Iranian espionage operation called the Fox Kitten campaign companies analysed had remote access vulnerabilities, which could lead to
has been active since Q4 2019. It aims to steal information from target account takeover attacks. While enabling multi-factor authentication (MFA)
organisations to develop access routes and breach other companies by can block 99.9% of all account takeover attacks, not many organisations
leveraging supply chain relationships from the initial infected corporation. have deployed it for remote workers.
The campaign leverages unpatched VPN and RDP services on hosts, which
are increasingly being used to support remote working.
Key targets: United States, Europe, Israel, Saudi Arabia, Australia; oil and
gas, aviation, telecommunications.Key vulnerabilities Lessons learned from
industry findings Cyber Claims*
Financial services & retailer industry exposures Phishing is still the most common attack vector and was found Nature of matter
Banks and retailers continue to suffer from exposed bank account, in approximately 57% of cyber investigations last quarter. The
33% Business email compromise
credit or store card details that are being published or sold online. second most prevalent attack vector is credentials access through
One in four banks assessed had leaked customer data, 88% of which vulnerable VPN or Remote Desktop Protocol (RDP) access, observed 17% Malware
was identified on the deepweb or dark net, with the rest on clearnet in approximately 15% of cyber investigations. Additionally, 43%
17% Ransomware
public sites such as Pastebin. of investigations involved successful attacks on cloud-based
infrastructure and applications. 11% Application compromise
Manufacturing industry exposure 6% OT/ICS
There has been a significant quarter-on-quarter rise in web 33% 6% Unauthorised access to
vulnerabilities identified for those Manufacturing clients assessed. of the cyber investigations last quarter were related to Business
Manufacturers were also more exposed to Internet-facing Email Compromise (33%). information
infrastructure and web application weaknesses than other industries.
5% POS / Cred dump
They appear behind the curve on aspects of security despite higher
17%
business interruption exposures related to attacks on Operational 5% Fraud
of the investigations included Ransomware attacks, while a further
Technology and Internet of Things footprints, which are increasingly
17% included commodity malware. These incidents far outweighed
becoming more connected.
other cyber attacks investigated due to the significant business Attack vector
disruption they caused, predominantly in the Manufacturing and
57% Phishing
Health sector.
15% Credentials access
RDP vulnerabilities were found to account for 50% of successful
14% Unidentified
Ransomware attacks.
7% Network access
7% External exploit
* Based on US figures only4 Key takeaways
Be aware of phishing emails Increase your focus on Reduce the likelihood of Proactively monitor data
and provide training to all cybersecurity tasks related exposure to Ransomware breach and disclosure of
employees focusing on: to remote working attacks: sensitive data
Greater awareness of phishing, their “lures”,
n Patch and update VPNs, network infrastructure,
n Decommission insecure technologies (FTP, Telnet,
n Monitor all data breaches in the public domain
n
methods for success and potential business impact. and remote-working devices. HTTP) and replace with more secure alternatives and on dark web forums, to identify and remediate
Due to increased misinformation and targeting,
n Conduct security log reviews, attack detection
n (SFTP, SSH, HTTPS). exposure of sensitive information.
use only trusted sources for up-to-date, fact-based activity, and incident response and recovery Ensure regular online and offline backups of key
n Actively monitor corporate brand activity and
n
COVID-19 information. preparation to anticipate the impacts of potential business systems are undertaken and actively sensitive data disclosure related to the company
Verifying the authenticity of the sources of emails
n cyber attacks. tested. on social media, Clear net (public Internet) and
electronic communications (email and voice) Use MFA and strong passwords to reduce the
n Actively test incident response and business
n Dark net.
before making decisions related to financial success rate of remote account takeovers. continuity plans with ransomware scenarios. Subscribe to cyber threat monitoring services to
n
transactions, e.g. making payments, donations Test business continuity plans and VPN limitations
n Ensure antivirus and active threat detection
n gain greater awareness of threats and proactively
and/or transferring funds. to ensure they are optimised to support changes in software is updated and running across your identify and remediate them.
Avoiding links and attachments from unsolicited
n demand. enterprise.
emails and not revealing personal financial
information.
As part of the AXA XL partnership with Accenture there are a number of pre-breach services available which may help with these key takeaways (fees apply for selected services).
For more information, please click here.This summary does not constitute an offer, solicitation, advertisement, or legal advice in any jurisdiction, nor is it intended as a description of any products or services of AXA XL or Accenture. The reproduction and distribution of this material is forbidden
without express written permission from Accenture and AXA XL. This information is provided on an “as-is” basis and is subject to change. No liability or responsibility is assumed for any action or inaction taken in response to this information. Accenture, the
Accenture logo, and other Accenture trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. © 2020.
AXA XL is a division of AXA Group providing products and services through three business groups: AXA XL Insurance, AXA XL Reinsurance and AXA XL Risk Consulting. AXA, the AXA and XL logos are trademarks of AXA SA or its affiliates. © 2020You can also read
