Biggest WAN pain points: Security and service flexibility

Corporate WANs are failing to deliver on businesses’ priorities, with 55% of respondents citing security is the biggest pain point, 43% service flexibility, 36% supplier performance, and 35% network congestion, according to a survey from Telia Carrier.

WAN pain points

The research was conducted in four of the world’s biggest markets – the US, the UK, Germany and France – and provides insights into the evolution of the corporate WAN and cloud adoption from the top of business.

Digital technology and the cloud have transformed the way businesses are run and connect with their employees, suppliers, partners, and customers — across sites and geographies. Public internet and cloud-based services underpin the corporate WAN landscape and reliable connectivity is seen as critical to business performance.

With 90% of the survey’s respondents confirming that their enterprises rely on the public internet for some or all of their wide area network services, 48% of them say the impact of a corporate WAN outage exceeding 24 hours would be catastrophic.

Today’s enterprise: Connected but uninformed?

However, as the research findings reveal, the corporate WAN experience is not yet the best it could, and should, be. This is not just because WAN technology is still evolving and suppliers need to improve their customer experience, but also because the WAN ecosystem hasn’t been fully understood: knowledge gaps about the internet and its various tiers have made decision-making difficult.

For example, only half of survey respondents (US: 57%; FR: 56%; UK: 49%; DE: 37%) rate their understanding of how the internet backbone works as very good or excellent, but almost two-thirds think of public internet connectivity as a commodity that doesn’t vary much between suppliers. (FR: 74%; DE: 62%; US: 62%; UK: 49%).

Commenting on the findings of the research, Mattias Fridström, Chief Evangelist, Telia Carrier said: “Network-development strategies, unfortunately, appear to be missing the backbone piece of the puzzle. This means that Tier 1 suppliers, such as telcos and carriers, are often overlooked when it comes to choosing a method to build their WANs and connect to the cloud.”

Tomorrow’s supplier: Flexible, innovative and customer-focused

The research illustrates that the network providers of the future have to put the needs of the customer at the center of everything they do. Bandwidth (40%), service flexibility (36%) and customer support (29%) are enterprises’ top three priorities when deciding on a local network partner or ISP to connect to their preferred cloud-service providers.

Sustainability is also a key criterion when shortlisting suppliers or choosing between candidates, and enterprises are prepared to pay a premium for it. In fact, 38% of all respondents confirmed that they now only shortlist suppliers with a strong commitment to sustainability – in France, this number rises to 55%. Of those who don’t include sustainability in their initial selection criteria, 42% say it helps them choose between the final candidates (US: 46%; UK & DE: 45%; FR: 28%).

Only a fifth say they choose suppliers solely on the basis of price and performance. Importantly, 95% are willing to pay a premium for a sustainable supplier of 5% or more. 49% of respondents in Germany, 48% in the UK, 42% in the US and 37% in France confirmed their commitment to paying between 10% and 15% more.

The survey also found that demand for new tools and technologies to improve workflows and increase transparency is strong. For example, 90% would like their network partners to adopt more machine-to-machine workflows and automation to enhance their services, and 68% say they already use APIs to achieve real-time visibility of their network performance or control of their network infrastructure.

“If organizations really want to create the networks that transform their businesses, whilst controlling costs and reducing their carbon footprint,” Fridström concluded, “their leaders may need to review their strategies for the next three to five years. Network providers can be strategic partners in the growth and development of enterprises—if they’re aligned with enterprises’ needs.”

New defense method enables telecoms, ISPs to protect consumer IoT devices

Instead of relying on customers to protect their vulnerable smart home devices from being used in cyberattacks, Ben-Gurion University of the Negev (BGU) and National University of Singapore (NUS) researchers have developed a new method that enables telecommunications and internet service providers to monitor these devices.

protect consumer IoT devices

An overview of the key steps in the proposed method

According to their new study, the ability to launch massive DDoS attacks via a botnet of compromised devices is an exponentially growing risk in the Internet of Things (IoT). Such attacks, possibly emerging from IoT devices in home networks, impact the attack target, as well as the infrastructure of telcos.

“Most home users don’t have the awareness, knowledge, or means to prevent or handle ongoing attacks,” says Yair Meidan, a Ph.D. candidate at BGU. “As a result, the burden falls on the telcos to handle. Our method addresses a challenging real-world problem that has already caused challenging attacks in Germany and Singapore, and poses a risk to telco infrastructure and their customers worldwide.”

Each connected device has a unique IP address. However, home networks typically use gateway routers with NAT functionality, which replaces the local source IP address of each outbound data packet with the household router’s public IP address. Consequently, detecting connected IoT devices from outside the home network is a challenging task.

The researchers developed a method to detect connected, vulnerable IoT models before they are compromised by monitoring the data traffic from each smart home device. This enables telcos to verify whether specific IoT models, known to be vulnerable to exploitation by malware for cyberattacks are connected to the home network. It helps telcos identify potential threats to their networks and take preventive actions quickly.

By using the proposed method, a telco can detect vulnerable IoT devices connected behind a NAT, and use this information to take action. In the case of a potential DDoS attack, this method would enable the telco to take steps to spare the company and its customers harm in advance, such as offloading the large volume of traffic generated by an abundance of infected domestic IoT devices. In turn, this could prevent the combined traffic surge from hitting the telco’s infrastructure, reduce the likelihood of service disruption, and ensure continued service availability.

“Unlike some past studies that evaluated their methods using partial, questionable, or completely unlabeled datasets, or just one type of device, our data is versatile and explicitly labeled with the device model,” Meidan says. “We are sharing our experimental data with the scientific community as a novel benchmark to promote future reproducible research in this domain.” This dataset is available here.

This research is a first step toward dramatically mitigating the risk posed to telcos’ infrastructure by domestic NAT IoT devices. In the future, the researchers seek to further validate the scalability of the method, using additional IoT devices that represent an even broader range of IoT models, types and manufacturers.

“Although our method is designed to detect vulnerable IoT devices before they are exploited, we plan to evaluate the resilience of our method to adversarial attacks in future research,” Meidan says. “Similarly, a spoofing attack, in which an infected device performs many dummy requests to IP addresses and ports that are different from the default ones, could result in missed detection.”

Microsoft releases new encryption, data security enterprise tools

Microsoft has released (in public preview) several new enterprise security offerings to help companies meet the challenges of remote work.

Microsoft enterprise security

Double Key Encryption for Microsoft 365

Secure information sharing is always a challenge, and Microsoft thinks it has the right solution for organizations in highly regulated industries (e.g., financial services, healthcare).

“Double Key Encryption (…) uses two keys to protect your data—one key in your control, and a second key is stored securely in Microsoft Azure. Viewing data protected with Double Key Encryption requires access to both keys. Since Microsoft can access only one of these keys, your protected data remains inaccessible to Microsoft, ensuring that you have full control over its privacy and security,” the company explained.

“You can host the Double Key Encryption service used to request your key, in a location of your choice (on-premises key management server or in the cloud) and maintain it as you would any other application.”

This Microsoft enterprise security solution allows organizations to migrate sensitive data to the cloud or share it via a cloud platform without relying solely on the provider’s encryption. Also, it makes sure that the cloud provider or collaborating third parties can’t have access to the sensitive data.

Microsoft Endpoint Data Loss Prevention

“Data Loss Prevention solutions help prevent data leaks and provide context-based policy enforcement for data at rest, in use, and in motion on-premises and in the cloud,” Alym Rayani, Senior Director, Microsoft 365, noted.

“Built into Windows 10, Microsoft Edge, and the Office apps, Endpoint DLP provides data-centric protection for sensitive information without the need for an additional agent, enabling you to prevent risky or inappropriate sharing, transfer, or use of sensitive data in accordance with your organization’s policies.”

Organizations can use it to prevent copying sensitive content to USB drives, printing of sensitive documents, uploading a sensitive file to a cloud service, an unallowed app accessing a sensitive file, etc.

When users attempt to do a risky action, they are alerted to the dangers and provided with a helpful explanation and guidance.

Insider Risk Management and Communication Compliance

Insider Risk Management is not a new offering from Microsoft, but has been augmented by new features that deliver new, quality insights related to the obfuscation, exfiltration, or infiltration of sensitive information.

“For those using Microsoft Defender Advanced Threat Protection (MDATP), we can now provide insights into whether someone is trying to evade security controls by disabling multi-factor authentication or installing unwanted software, which may indicate potentially malicious behavior,” explained Talhar Mir, Principal PM at Microsoft.

“Finally, one of the key early indicators as to whether someone may choose to participate in malicious activities is disgruntlement. In this release, we are further enhancing our native HR connector to allow organizations to choose whether they want to use additional HR insights that might indicate disgruntlement to initiate a policy.”

Communication Compliance has also been introduced earlier this year, but now offers enhanced insights and improved actions to help foster a culture of inclusion and safety within the organization.

Internet security is improving, but exposures still run rampant

Rapid7’s research found that the security of the internet overall is improving. The number of insecure services such as SMB, Telnet, rsync, and the core email protocols, decreased from the levels seen in 2019.

internet security improving

Vulnerabilities and exposures still plague the modern internet even with the increasing adoption of more secure alternatives to insecure protocols, like Secure Shell (SSH) and DNS-over-TLS (DoT).

“We were surprised to see that recent incidents appear to have had no obvious effect on the fundamental nature of the internet, however it is possible that we have yet to see the full impact,” said Tod Beardsley, Director of Research at Rapid7.

Most exposed countries and organizations

The United States, China, South Korea, the United Kingdom and Germany rank as the top five most exposed countries, while the top publicly traded companies in the United States, the United Kingdom, Australia, Germany, and Japan are still hosting a high number of unpatched services with known vulnerabilities.

Publicly traded financial services and telecommunications companies in the United States, the United Kingdom, Australia, Germany, and Japan were found particularly vulnerable. There are tens of thousands of high-rated Common Vulnerabilities and Exposures (CVEs) across the public-facing assets of these two sectors.

Telnet continues to be commonly used across cloud providers, despite being unsuitable for the internet due to its lack of security controls – with Microsoft, Alibaba and OVHcloud having the most exposure.

internet security improving

Slow patch and update adoption

Patch and update adoption continues to be slow, especially in remote console access where, for example, 3.6 million SSH servers are running versions between five and 14 years old.

Furthermore, there has been an average 13 percent year-over-year decrease in exposed, highly vulnerable services such as SMB, Telnet, and rsync.

Also, unencrypted, cleartext protocols are still heavily used with 42 percent more plaintext HTTP servers than HTTPS, 3 million databases awaiting insecure queries, and 2.9 million routers, switches, and servers accepting Telnet connections, which is a 7% decrease when compared to research Rapid7 conducted 2019.

Zero-day flaws in widespread TCP/IP library open millions of IoT devices to remote attack

19 vulnerabilities – some of them allowing remote code execution – have been discovered in a TCP/IP stack/library used in hundreds of millions of IoT and OT devices deployed by organizations in a wide variety of industries and sectors.

“Affected vendors range from one-person boutique shops to Fortune 500 multinational corporations, including HP, Schneider Electric, Intel, Rockwell Automation, Caterpillar, Baxter, as well as many other major international vendors,” say the researchers who discovered the flaws.

flaws TCP/IP library

About the vulnerable TCP/IP software library

The vulnerable library was developed by US-based Treck and a Japanese company named Elmic Systems (now Zuken Elmic) in the 1990s. At one point in time, the two companies parted ways and each continued developing a separate branch of the stack/library.

The one developed by Treck – Treck TCP/IP – is marketed in the U.S. and the other one, dubbed Kasago TCP/IP, is marketed by Zuken Elmic in Asia.

The library’s high reliability, performance, and configurability is what made it so popular and widely deployed.

“The [Treck TCP/IP] library could be used as-is, configured for a wide range of uses, or incorporated into a larger library. The user could buy the library in source code format and edit it extensively. It can be incorporated into the code and implanted into a wide range of device types,” the researchers explained.

“The original purchaser could decide to rebrand, or could be acquired by a different corporation, with the original library history lost in company archives. Over time, the original library component could become virtually unrecognizable. This is why, long after the original vulnerability was identified and patched, vulnerabilities may still remain in the field, since tracing the supply chain trail may be practically impossible.”

The vulnerabilities were discovered by Moshe Kol and Shlomi Oberman from JSOF in the Treck TCP/IP library, and Zuken Elmic confirmed that some of them affect the Kasago library.

About the vulnerabilities

Collectively dubbed Ripple20, the vulnerabilities (numbered CVE-2020-11896 through CVE-2020-11914) range from critical to low-risk. Four enable remote code execution. Others could be used to achieve sensitive information disclosure, (persistent) denial of service, and more.

“One of the critical vulnerabilities is in the DNS protocol and may potentially be exploitable by a sophisticated attacker over the internet, from outside the network boundaries, even on devices that are not connected to the internet,” the researchers noted.

“Most of the vulnerabilities are true zero-days, with 4 of them having been closed over the years as part of routine code changes, but remained open in some of the affected devices (3 lower severity, 1 higher). Many of the vulnerabilities have several variants due to the stack configurability and code changes over the years.”

The researchers plan to release technical reports on some of them and are scheduled to demonstrate exploitation of the DNS vulnerability on a Schneider Electric APC UPS device at Black Hat USA in August.

Coordinated disclosure

The Treck TCP/IP library did not receive much attention from security researchers in the past. After JSOF researchers decided to probe it and discovered the flaws, they also discovered that contacting the many, many vendors who implement it was going to be a time-consuming task.

Treck was made aware of the vulnerabilities and fixed them, but insisted on contacting clients and users of the code library themselves and to provide the appropriate patches directly.

But, since some of the vulnerabilities affect also the Kasago library, JSOF involved multiple national computer emergency response team (CERT) organizations and regulators in the disclosure process.

“CERT groups focus on ways to identify and mitigate security risks. For example, they can reach a much larger target group of potential users with blast announcements, ‘mass-mailings’ that they broadcast to a long list of participating companies to notify them of the potential vulnerability. Once users are identified, mitigation comes into play,” the researchers explained.

“While the best response might be to install the original Treck patch, there are many situations in which installing the original patch is not possible. CERTs work to develop alternative approaches that can be used to minimize or effectively eliminate the risk, even if patching is not an option.”

The Ripple20 vulnerabilities have been dubbed thusly because of extent of its impact.

“The wide-spread dissemination of the software library (and its internal vulnerabilities) was a natural consequence of the supply chain ‘ripple-effect’.​ ​A single vulnerable component, though it may be relatively small in and of itself, can ripple outward to impact a wide range of industries, applications, companies, and people,” they noted.

“The inclusion of the number ’20’ denotes our disclosure process beginning in 2020, while additionally symbolizing and giving deference to our belief in the potential for additional vulnerabilities to be found from the original 19,” they told Help Net Security.

The researchers have pointed out that the vulnerability disclosure process, their own efforts to identify users of the Treck library, and the patch/mitigation dissemination process have been immensely aided by Treck, various CERTs, the CISA, and several security vendors (Forescout, CyberMDX).

Risk mitigation

A number of vendors have confirmed that their offerings are affected by the Ripple20 flaws. JSOF has compiled a list of affected and non affected vendors, which will be constantly updated as additional information becomes available.

Device vendors should update the Treck library to a fixed version (6.0.1.67 or higher), while organizations should check their network for affected devices and contact the vendors for more information on how to mitigate the exploitation risk. The researchers will make available, upon request, a script to help companies identify Treck products on their networks.

“Fixing these vulnerabilities presents its own set of challenges, even once they’ve been identified on the network. Some already have patches available. But there are also complicating factors,” Forescout CEO and President Michael DeCesare noted.

“With these types of supply chain vulnerabilities and embedded components, the vendor that is creating the patch isn’t necessarily the one that will release it. That can delay the issuance of a patch. There are also no guarantees that the device vendor is still in business, or that they still support the device. The complex nature of the supply chain may also mean the device is not patchable at all, even if it needs to remain on the network. In such cases, mitigating controls such as segmentation will be needed to limit its risk.”

The various CERTs and agencies like CISA will surely offer mitigation advice via security advisories.

A worrisome increase in call traffic from fraudsters exploiting the pandemic

There’s a worrisome increase in call traffic from bad actors looking to cash in on new vulnerabilities created by the global COVID-19 pandemic, according to research from Next Caller.

call traffic pandemic

The report found that during the week of March 16 – which coincided with the time that many Americans started staying home to curb the spread of COVID-19 – there was an extraordinary strain placed on contact centers operated by Fortune 500 banking clients. While the rapid rise in call volumes may not be entirely surprising, a far more alarming trend has been uncovered.

Call spoofing increase

Internal data reveals a massive increase in call spoofing, the primary technique phone criminals use to trick businesses into automatically matching them with customer accounts. While data suggests that consumer calling may ebb and flow weekly, suspicious or high risk calls have increased unabated.

After just 3 weeks, high-risk calls are up 28% on average, outpacing the growth rate of overall call traffic – suggesting that as concerned customers call in waves, hundreds of thousands of potentially fraudulent attacks pummel contact centers in their wake.

To shed light on the potential impact that this influx of criminal activity could have on both the enterprise and the general public, Next Caller combined internal data with a research study administered to over 1,000 Americans.

Amongst the many findings, the study found that 32% of Americans believe that they have already been targeted by some form of fraud related to COVID-19.

Fraudsters stress-testing contact center security systems

With millions awaiting financial relief from the government’s $2 trillion stimulus package, the activity seen to date may be the precursor to an impending tsunami of fraud aimed at stealing money and information from individuals.

Widespread anxiety and confusion only threaten to exacerbate the problem by providing ample cover for fraudsters to stress-test contact center security systems.

“It’s no surprise that fraudsters are exploiting a chaotic circumstance, that’s the playbook,” says Ian Roncoroni, CEO, Next Caller.

“What is particularly dangerous is the timing and the broadening scope of the schemes. People are understandably confused and distracted, and so they may be more likely to let down their guard, especially when attacked from new and different directions. And while businesses are desperate to provide relief, contact centers don’t stand a chance when criminals can successfully pose as customers. It’s the perfect storm for fraud.”

Call traffic and the pandemic: Key findings from the report

  • During the week of March 16-23, two Fortune 500 financial institutions saw call volumes spike over 35%. Telecommunications companies saw similar volume increases.
  • In the most drastic case, during Week 3 one financial institution saw call volumes increase to almost 60% above Pre-COVID-19 levels. Call volume across all clients closed Week 3 up over 15% from traffic prior to Week 1.
  • Weeks 1-3 show a steady rise in high-risk calls disproportionate to the ebb and flow of overall call traffic patterns. After 3 weeks, high-risk calls are up nearly 30% without a decline during that time period.
  • At the same time, nearly 1-in-3 Americans (32%) say that they believe they’ve already been targeted by fraud or scams related to COVID-19.
  • 52% of Americans are more concerned about being victimized by fraud than they normally would be due to COVID-19 related fraud and scams.
  • Nearly 1-in-3 Americans are “not at all confident” that businesses and government institutions are taking the necessary measures.

A massive increase in eCrime behavior can easily disrupt business operations

During 2019, financially motivated cybercrime activity occurred on a nearly continuous basis, according to a CrowdStrike report.

eCrime behavior

There was an increase in incidents of ransomware, maturation of the tactics used, and increasing ransom demands from eCrime actors. Increasingly these actors have begun conducting data exfiltration, enabling the weaponization of sensitive data through threats of leaking embarrassing or proprietary information.

Moving beyond eCrime, nation-state adversaries continued unabated throughout 2019, targeting a wide range of industries. Another key trend in this year’s report is the telecommunications industry being targeted with increased frequency by threat actors, such as China and DPRK.

Various nations, particularly China, have interest in targeting this sector to steal intellectual property and competitive intelligence.

Pursuing the 1-10-60 rule

Combatting threats from sophisticated nation-state and eCrime adversaries requires a mature process that can prevent, detect and respond to threats with speed and agility. Organizations should pursue the “1-10-60 rule” in order to effectively thwart cyberthreats.

1-10-60 guidelines are the following: detect intrusions in under one minute; investigate in 10 minutes; contain and eliminate the adversary in 60 minutes. Organizations that meet this benchmark are much more likely to eradicate the adversary before an attack spreads from its initial entry point, ultimately minimizing organizational impact.

“2019 brought an onslaught of new techniques from nation-state actors and an increasingly complex eCrime underground filled with brazen tactics and massive increases in targeted ransomware demands. As such, modern security teams must employ technologies to detect, investigate and remediate incidents faster with swift preemptive countermeasures, such as threat intelligence, and follow the 1-10-60 rule,” said Adam Meyers, vice president of Intelligence at CrowdStrike.

eCrime behavior

Report highlights

  • The trend toward malware-free tactics accelerated, with malware-free attacks surpassing the volume of malware attacks. In 2019, 51% of attacks used malware-free techniques compared to 40% using malware-free techniques in 2018, underscoring the need to advance beyond traditional AV solutions.
  • China continues to focus many operations on supply chain compromises, demonstrating the nation-state’s continued use of this tactic to identify and infect multiple victims. Other targeting of key U.S. industries deemed vital to China’s strategic interests — including clean energy, healthcare, biotechnology, and pharmaceuticals — is also likely to continue.
  • The industries at the top of the target list for enterprise ransomware (Big Game Hunting) observed were local governments and municipalities, academic institutions, the technology sector, healthcare, manufacturing, financial services and media companies.
  • In addition to supporting currency generation, DPRK’s targeting of cryptocurrency exchanges could support espionage-oriented efforts designed to collect information on users or cryptocurrency operations and systems. In addition, it is suspected that DPRK has also been developing its own cryptocurrency to further circumvent sanctions.

“This year’s report indicates a massive increase in eCrime behavior can easily disrupt business operations, with criminals employing tactics to leave organizations inoperable for large periods of time. It’s imperative that modern organizations employ a sophisticated security strategy that includes better detection and response and 24/7/365 managed threat hunting to pinpoint incidents and mitigate risks,” said Jennifer Ayers, vice president of OverWatch at CrowdStrike.

Mobile data roaming traffic generated by consumer and IoT devices expected to surge

Mobile data roaming traffic generated by consumer and IoT devices reached 737 Petabytes in 2019, according to Kaleido Intelligence. This is forecast to reach 2,000 Petabytes in 2024, representing an average annual growth of 22% over the period.

mobile data roaming traffic

Leading vendors for Wholesale Roaming, split by service area

Mobile data roaming traffic around the world

Driven by the significant increase in roaming data traffic across key regions including Asia-Pacific, Middle East and Africa, Kaleido predicts that consumer inbound wholesale roaming revenues will reach $16 billion in 2024, with IoT adding a further $5.7 billion.

Nitin Bhas, Chief of Strategy & Insights at Kaleido Intelligence said: “Roam-Like-At-Home will continue to be the most important revenue driver, followed by the introduction of IoT and 5G roaming services.

“However, the challenge here is to identify and predict what data roaming services will look like in 3 years time; i.e. IoT and 5G use cases that will have an impact – anything from connected cars to high-speed video services.”

Telco roaming challenges and opportunities

  • Ensuring a premium customer experience from a 4G/5G roaming perspective was found to be the biggest challenge by participants.
  • Real-time business analytics and intelligence were found to be the most popular and immediate technical requirement.
  • 67% of the global operators surveyed reported over 5% increase in traffic in 2019; in comparison, 11% reported between 1-5% increase.

How industries are evolving their DevOps and security practices

There’s significant variation in DevOps maturation and security integration across the financial services, government, retail, telecom, and technology industries, according to Puppet’s report based on nearly 3,000 responses.

DevOps security integration

“Integrating security into your DevOps practices can be challenging, but when done correctly is proven to pay off. Security should not be an afterthought; it must be a shared responsibility across teams during every stage of their software delivery lifecycle,” said Alanna Brown, Sr. Director Community and Developer Relations at Puppet.

Industries were measured based on their overall DevOps maturation and current state of security integrations.

Technology

The technology industry leads the way for both DevOps maturation and security integration for requirements, design, building and testing. One interesting observation around this industry is that 35 percent of these companies view security as a shared responsibility by all teams, not just the security team — compared to the industry average of 31 percent.

It also had the highest degree of leadership support for DevOps initiatives. 28 percent of technology respondents say that leadership always supports DevOps initiatives.

Financial services and insurance

This sector has the largest number of organizations that are in the group characterized as Medium on the DevOps evolution journey. Conversely, they have the lowest number of organizations that are characterized as High.

This shows that the financial services and insurance industry have a solid foundation of DevOps practices to build upon, but advancing beyond the middle is challenging.

Audits also stand out in financial services and insurances and not in a good way. Only 17 percent of financial services and insurance industry respondents strongly agree with the statement “Our audit process helps minimize risk to the business.” This is the lowest of all the industries — the overall average is 24 percent.

Telecom

The telecom industry has made significant progress to evolve its DevOps practices. The number of companies that scored in the High category of the DevOps evolution rose 42 percent since last year’s survey.

One glaring challenge with this industry is it has the highest level of friction between security and delivery teams — 19 percent of companies reported friction when collaborating together.

DevOps security integration

Retail

The retail industry has the highest percentage of firms that can and do deploy on demand — 57 percent are capable of deploying to production on demand and 28 percent say that they are actually deploying on demand. This industry also resolves their critical vulnerabilities the fastest with 53 percent reporting remediation in under one day.

Government

Conversely to the retail sector, government agencies reported the slowest time to remediate critical vulnerabilities with three percent of respondents being able to remediate in less than one hour and 24 percent able to remediate in less than one day.

In terms of security integration, there’s no real middle ground in the industry, 43 percent of respondents report either significant integration or full integration while 42 percent have no or minimal integration.

Spam over phone and email is changing consumer communication preferences

Of today’s main communications mediums – text, phone calls and email – consumers get the most spam over phone and email: 70% said they receive spam often over email and 51% said the same for phone calls, a Zipwhip survey reveals.

spam over phone

Fifty-four percent of people even use a separate email address to avoid getting spam in their main account. Comparably, consumers report receiving much less spam over text: 41% reported rarely receiving text spam, and only 18% reported getting text spam often.

Given the high spam figures for phone and email, it’s no surprise that 92% of survey respondents said they ignore phone calls from unknown numbers. With texting, however, a person or business can identify themselves immediately without the consumer needing to engage.

This could be part of the reason texts have better response rates than phone calls; in a separate survey, Zipwhip found that 83% of consumers respond to a text message within 30 minutes or less.

Low scam attempts via text

Consumers also reported low volumes of scam attempts via text, with only 17% reporting they receive them often, versus 43% who report scam by phone and 46% who report scams by email often.

“Texting continues to be consumers’ most preferred medium, and that’s increasingly the case as spam and scam attempts infect other methods of communication like phone and email,” said John Lauer, CEO of Zipwhip. “Legitimate businesses with a real need to reach their customers have an obvious choice, and that’s to text.”

Surging robocalls

The survey also found that a large majority of consumers have been affected by the surge in robocalls – 83% of respondents said they’ve noticed an increase in the last year.

Consumers inundated with spam and scam phone calls, as well as robocalls, can report them to the Federal Communications Commission (FCC), the Federal Trade Commission (FTC) or their network carrier. In Zipwhip’s survey, 35% of consumers report already having done so.

DNSSEC still fueling DNS amplification attacks, TCP SYN flood attacks rise

DNS amplification attacks continue to increase in number, growing 4,788% over Q3 2018, according to Nexusguard.

DNS amplification attacks increase

DNSSEC (Domain Name System Security Extensions) remains the main driver of growth of DNS amplification attacks in the quarter, yet analysts have detected a sharp and concerning rise in TCP SYN flood attacks.

TCP SYN flood is not a new method, but findings indicate that techniques have grown in sophistication and have emerged as the third most used attack vector, behind DNS amplification and HTTP flood attacks.

SYN flood attacks can impact innocent users

Cyberattackers have long favored DDoS attacks that amplify damage beyond the resources required, but suitable reflectors or amplifiers are not as widely available for DNS amplification and memcached reflection attacks. In contrast, any server with an open TCP port is an ideal attack vector, and such reflectors are widely available and easy to access to cause SYN flood reflection attacks.

Consequently, SYN flood reflection not only hits targeted victims, but also can impact innocent users, including individuals, businesses, and other organizations. These innocent victims end up having to process large volumes of spoofed requests and what appear to be legitimate replies from the attack target. As a result, bystanders can incur hefty fees for bandwidth consumed by junk traffic, or even suffer from secondary outages.

“Our research findings revealed that even plain-vanilla network attacks could be turned into complex, stealthy attacks leveraging advanced techniques, from the bit-and-piece attacks, also known as carpet bombing, we identified last year, to the emergence of Distributed Reflective DoS (DRDoS) attacks in the third quarter.

“Telcos and enterprises must take note while these tactics don’t cause notable strain on network bandwidth, which may go undetected, but that they are powerful enough to impact their service. Advanced mitigation techniques are required to address these threats,” said Juniman Kasman, CTO at Nexusguard.

Largest sources of traffic

Report findings also showed that 44% of Q3 attack traffic came from botnet-hijacked Windows OS computers and servers. The second largest source of traffic came from iOS-equipped mobile devices. The total number of attacks has mirrored patterns observed in 2019, with Q1 seeing the highest number attacks and numbers dropping over Q2 and Q3.

While attack volume has decreased since Q2 2019, levels grew more than 85% compared to the same quarter last year. More than half of all global attacks originated in China, Turkey or the United States.

Redefining security KPIs for 5G service providers

Telco security professionals are missing the mark when understanding their consumers’ priorities, according to KPMG’s recent report. In the wake of a security breach, consumers seek proof that the incident isn’t repeatable, while security executives prioritize apologies. The 5G telco industry isn’t exempt from the “the customer is always right” mentality, so pleasing a consumer is – or at least should be – a major business goal. This disconnect between consumer expectations and security teams’ … More

The post Redefining security KPIs for 5G service providers appeared first on Help Net Security.