The eSentire Q2 2018 threat report shows that DocuSign dominates the lures being used to get people in the construction sector to give away information. A high volume of exploitation attempts does not typically indicate one industry is targeted over another; rather, it is representative of the exposure to opportunistic attacks. As the report points out, construction companies make frequent use of DocuSign in handling digital invoices and quotes because of the number of remotely-based business relationships and employees.
The construction industry has experienced a large share of ‘Drupalgeddon2’ attacks, which exploit vulnerabilities in the web-content management application Drupal. Firewall misconfigurations and neglect to install patches were behind the intrusions that succeeded.
“Opportunistic attacks look for misconfigurations and negligence within patching and updating,” says the report. “The reason attacks continue is because most organizations have internal systems they hesitate to update for fear it will change or break something.” They may be unaware that a patch is necessary or may underestimate the gravity of failing to patch. “This is an easily rectifiable problem that lingers for many,” warns the report, which is available from eSentire’s website.
According to eSentire, which is based in Ontario in Canada, the top five most affected industries in the quarter were biotechnology, accounting, real estate, marketing, and construction. The industries typically experienced failed opportunistic attacks on outdated vulnerabilities. However, a small number of attempts were successful due to misconfigurations or an absence of routine patching.
The report gives details of the technologies being targeted by the various types of cyber-attack and the origins of the different attacks. Among the key findings was a discovery that there has been a massive uptick in attacks on Microsoft Internet Information Services (IIS), from two thousand in Q1 2018 to 1.7 million in the second quarter.
The report addresses three key areas: threat types, threat volume, and attack types. Each topic is divided into multiple sections, including visual data analysis, written analytical analysis, practical recommendations, and key assumptions.
The eSentire Threat Intelligence team used data gathered from 2,000+ proprietary network and host-based detection sensors distributed globally across multiple industries. The processed data was reviewed by an analysts, with quantitative analysis results followed by further processed by a qualitative intelligence analyst. The resulting quarterly snapshot analyses all cyber threat events investigated by the eSentire Security Operations Center.