This list is often leveraged by the greater
security industry as a framework to protect
against common web app attacks.
Unfortunately, this dynamic also provides
cybercriminals with a better blueprint from
designing attacks.
Currently, the top known web attacks include
SQL injection, directory traversal, cross-site
scripting (XSS), broken authentication and
session management, cross-site request
forgery (CSRF) security misconfigurations,
sensitive data exposure and more.
Web applications make the digital world spin,
particularly in a hyper-connected, cloud dominant
landscape. They help deliver the client-side
experience most end-users know and use within
their favorite browser.
Everything from Office 365 and G Suite, to
Salesforce and Dropbox, either deliver cloud-first
interfaces or offer web versions that complement
a software offering.
According to one industry study, the global IoT
security market is expected to reach or exceed
$35.2 billion (USD) by 2023, a spike of 33.7%
based on compound annual growth rate
(CAGR).
As witnessed in global news headlines,
concerns over IoT device security — and
respective IoT security regulations — are
driving the high market forecasts.
To increase the chances of a malware deploying
and executing within a target environment,
savvy cybercriminals use transport layer
security (TLS) and secure sockets layer (SSL)
encryption standards to mask their attacks
from inspection by traditional security controls.
Fileless malware is a type of malicious software
that exists exclusively as a memory based artifact
(i.e., RAM).
Fileless malware does not write any part of its
activity to the computer’s hard drive, making it
very resistant to existing computer forensic
strategies that incorporate file-based whitelisting,
signature detection, hardware verification,
pattern-analysis, time-stamping, etc.
In Australia, the head of the local intelligence
agency was recruited to inform universities about
cyber threats and ways of prevention. This was
one of the initiatives put in place after an
extremely sophisticated threat actor
compromised the Australian National University
(ANU) and persisted within the university’s
network for months at a time.
In 2019, there was an increase in ransomware
used in targeted attacks toward state, provincial
and local governments, as well as large
corporations.
Attacks have ranged from hospitals, police
stations and educational institutions to
aluminum factories (Norsk Hydro, Norway) and
power grids (City Power, Johannesburg).
“In a modern, citizen-centric environment,
successful ransomware attacks are highly
disruptive,” SonicWall President and CEO Bill
Conner wrote for Forbes.
The shuttering of the Coinhive mining operation in March 2019 dealt a devasting blow to the nefarious cryptojacking racket that abused the service.
Coinhive was not inherently malicious; it was an alternative method for websites to earn revenue instead of showing advertisements.
Mirroring how malware is being leveraged,
cybercriminals are being more targeted with
phishing than ever before, too. So much so,
SonicWall Capture Labs threat researchers
recorded a 42% decline in overall phishing
volume, the third straight year the attack vector
declined.
Introduction of SASE
The cybersecurity and network security solution spaces
are highly segmented with an endless number offerings
and vendors. This creates a massive headache forCyber
organizations trying to smoothly integrate these
solutions into their network environment.