In May, Cato Networks published a report that was the first of its kind in cybersecurity news. The detailed report, known as the inaugural CTRL SASE Threat Report, showed all organisations surveyed are continuing to operate insecure protocols across all of their wide-stretching cybersecurity networks, leaving a door open for cybercriminals to access each one easily.
The report provided unparalleled insight into the current security threat landscape and the characteristics of threats for all aggregate traffic and endpoints, including remote users and cloud resources.
Fragmented Landscape
With the emergence of new and sophisticated threat actors using fresh tools, techniques, and procedures that target organisations across every industry sector, the cybersecurity threat intelligence landscape continues to be fragmented. The Cato CTRL SASE Threat Report is crucial in providing a more holistic view of enterprise threats in cybersecurity UK.
Gathering its findings through traffic flows across Cato customers between Jan-Mar 2024, Cato would analyse 1.26 trillion network flows and end up blocking 21.45 billion attacks. The result was that enterprises have fallen into a habit of being too trusting within their networks.
Key Findings
Key findings from the report documented that upon threat actors penetrating a network, they seemingly have no problem snooping critical data in transit across the network.
Most enterprises had been running insecure protocols across their WAN, with 62% of all web application traffic being HTTP, 54% telnet, and 46% SMB v1 or V2 instead of SMBv3. Lateral movement – where attackers move across networks – was found most common in sectors of agriculture, real estate, and the travel/tourism industries.
The report also highlights the most common AI tools used between Jan-Mar 2024 among enterprises. Topping the list were Microsoft Copilot, OpenAi ChatGPT, and Emol – an app used to record emotions and talks with AI robots. The strongest adoption for these tools came from the travel and tourism industry at 79%, with entertainment being the lowest user (44%).
Forget Zero-Day
Zero-day threats get the lion’s share of cybersecurity attention in the industry, yet the newly discovered vulnerabilities do not mean threat actors will use the most common exploitative measures.
Threat actors often eschew fresh vulnerabilities to concentrate on unpatched systems. When looking at the biggest inbound common vulnerabilities and exposures, targeting the PHPUnit testing framework was discovered to be the most common for seven years running. Adding to that, Log4J remains the most-used exploit across 30% of those observed in the report, which has been a common issue for three years now.
Industry-Specific Targeting
As detailed in the inaugural report from Cato, many cyber attacks have been industry-specific. Of the observed media and entertainment organisations within the report, 48% chose not to use any of the 200+ applications identified by Cato as essential information security tools.
The top industries targeted with T1499 Endpoint Denial of Service techniques by threat actors have been entertainment, telecommunications, and mining/metals. For the services and hospitality sectors, threat actors have been utilising the T1212 Exploitation for Credential Access over three times more than in other sectors.
The inaugural report has proven to be a big player in cybersecurity awareness moving forward and will be an integral part of cybersecurity conferences going forward. The findings involved will help shape the learning of men and women in cybersecurity, and reshape the future of cybersecurity for beginners.
Some of the biggest cybersecurity companies will use the report to strengthen the structure of UK cybersecurity at upcoming cybersecurity events.