20-Yr-Previous Exploits and TikTok Flows Threaten Enterprise Safety, Finds New Cato Networks SASE Report
“With Cato’s converged SASE solution, we can merge security observations with network analyzes from live traffic. In the first quarter, we saw that corporate security officers cannot focus on newly discovered vulnerabilities at the expense of older, more general risks,” he says Etay Maor, Senior Director for Security Strategy at Cato Networks. “Threat actors are constantly on the lookout for unpatched End of Live (EOL) and legacy systems, vulnerabilities that are two to nearly 20 years old. Several governments have raised privacy concerns at TikTok and ultimately banned this application from their networks and devices. Too many corporate networks continue to transmit TikTok flows. “
Legacy security measures fail because old exploits are the most common threat
While the industry is focused on exotic attacks – like the SolarWinds breach – the real risk for businesses is in legacy exploits, some of which are up to 20 years old. “While organizations need to keep up with the latest security patches, it’s also important to ensure that older systems and known vulnerabilities from the past few years are also monitored and patched,” says Maor. “Threat actors are trying to take advantage of overlooked, vulnerable systems.”
Our research has shown that attackers often look for legacy devices and unsupported systems. Common Vulnerability and Exposures (CVE) identified by Cato were exploits targeting software, namely vSphere, Oracle WebLogic, and Big-IP, as well as routers with vulnerabilities in remote management.
Patching can fix the problem, but organizations are finding it difficult to keep track of patching and legacy security systems are often inadequate to stop threats. In addition, threat actors are constantly changing their signatures and characteristics to avoid detection.
Many companies are exposed to attacks from security gaps in applications
When analyzing the network traffic, Cato identified several security risks. Microsoft Office and Google continue to dominate, but remote access software such as RDP (Remote Desktop Protocols), VNC (Virtual Network Computing) and TeamViewer have been widely used.
If not properly secured, these applications can be attacked by threat actors with disastrous consequences, such as the recent attacks on the Florida Water supply system, Molson Coorsand colonial pipeline. “The proliferation of remote access software is of concern for security reasons. In many attacks on critical infrastructures, attackers have exploited the vulnerabilities and weak passwords in this verry package. When organizations need to run such software, special care must be taken to ensure their security. ” says Maor.
Enterprise networks continue to be populated by consumer applications. The most popular is TikTok, which has millions more flows than Gmail, LinkedIn or Spotify. In the past few months, Cato has seen a sharp surge in Robinhood and eToro transactions as well – likely due to the recent GameStop Reddit Wall Street. The data transmitted to these trading applications outperformed more popular applications such as CNN, The New York Timesand CNBC.
“The proliferation of consumer applications not only consumes bandwidth, it also poses a security risk to businesses,” Maor said. “As the nature of the flow of data and applications changes, the way threat actors exploit vulnerabilities changes, and in turn, the way organizations secure their networks must change too.”
Threats come from countries other than Russia or China
To protect themselves from attackers, companies often block traffic from certain countries, e.g. Russia and China. Such an approach is ineffective. Cato’s analysis shows that most threats don’t come from there in the first quarter of 2021 China or Russia. In fact, the The United States than any other country.
“Blocking network traffic to and from the usual suspects may not necessarily make your organization any more secure,” Maor said. “Threat actors are hosting their Command and Control servers for ‘kind’ reasons, including the US. Germany, and Japan. “
Machine learning algorithms detect network characteristics of security threats
In order to properly understand network and cybersecurity trends for its report, Cato Networks analyzed nearly 200 billion network flows from more than 850 companies worldwide on Cato’s global private backbone January 1, 2021, and March 31, 2021.
Approximately 16 billion security incidents have been identified and forwarded to the Cato Threat Hunting System (CTHS). This proprietary machine learning platform identifies threats through contextual network and security analysis. By understanding and identifying the network patterns of cyber attacks, CTHS warns of security threats that legacy cybersecurity software often misses.
In total, CTHS identified 181,000 high-risk streams resulting in 19,000 threats that were reviewed by the Cato security team. The highlights of this analysis have been recorded in this report. To learn more, download a copy of the SASE Threat Research Report from Cato Networks at https://go.catonetworks.com/SASE-Threat-Research-Report.html.
About Cato Networks
Cato is the world’s first SASE platform that combines SD-WAN, network security and Zero Trust Network Access (ZTNA) into a global, cloud-native service. Cato optimizes and secures application access for all users and locations. With Cato Cloud, customers can easily migrate from MPLS to SD-WAN, optimize connectivity to local and cloud applications, enable secure internet access for branch offices everywhere, seamlessly integrate cloud data centers into the network and mobile users with Cato SDP clients and clientless Access connect options. With Cato, the network and your company are ready for whatever comes next.
Infographic – https://mma.prnewswire.com/media/1516354/Cato_Networks_1_Infographic.jpg
Infographic – https://mma.prnewswire.com/media/1516353/Cato_Networks_2_Infographic.jpg
SOURCE Cato Networks