Analytics

Information systems at large corporations are like living organisms: they "breathe in" new hosts and systems, grow to accommodate network topology changes, and adapt to new equipment configurations. Ensuring the uninterrupted security of information systems is difficult, with infrastructure scattered across countries and continents, labyrinthine architectures, and a large number of dependencies within and between subsystems. Here we provide an overview of the most common vulnerabilities detected during security audits by Positive Technologies in 2016. In an audit, our experts simulate how actual attackers (external and internal) would try to penetrate corporate systems. This method identifies a large number of protection flaws, including ones impossible to detect in any other way. The research reveals the overall protection level of tested systems and the main tendencies, and includes recommendations for improving corporate information system security.

Bank robbery is perhaps the quintessential crime. The promise of immense, instant riches has lured many a criminal to target banks. And while the methods, tools, and scale of robbery have all changed, two things have stayed the same: the enticement of a hefty payday and the fact that no system is perfectly secure. In the modern digital economy, criminals are becoming ever more creative in ways to make off with millions without having to leave home. Despite enormous efforts, security is always a work in progress because of technical vulnerabilities and the human factor. Only a small fraction of banks today are able to withstand targeted attacks of the kind perpetrated by Cobalt, a cybercriminal group first described in 2016 that is currently active worldwide. In this report, we will describe the new techniques used by Cobalt in 2017, the changing target profile, and recommendations on how to avoid becoming their latest victim.

Researchers at Positive Technologies have demonstrated how easily hackers can compromise ATMs. Having gained access to the front of the machine, a criminal can access USB ports within the device to perform various attacks. These include forcing the machine to dispense cash, install malware to skim card details, and even inject malware back through the network to infect further ATMs. In a report published today, the team also reveal how easily hackers can perform logic attacks against banks, including the recent spate of GreenDispenser malware. There are currently 70,000 ATMs in circulation within the UK and reports confirm that malware is the number one threat they face. Positive Technology predicts that 2017 will see a 30 percent growth in overall cyberattacks against banks, including at the ATM level.

Banking services are becoming more accessible to clients every year, using advanced technologies to make payments, transfers, and other transactions convenient like never before. In 2016, these technologies increased in popularity thanks to contactless payment systems: PayPass and payWave were joined by the NFC-based Apple Pay and Google Wallet on smartphones. But the security of web and mobile banking has lagged behind. Data in this report has been taken from 2016 security audits by Positive Technologies of e-banking and automated banking systems. The report offers an overview of the state of protection of banking applications and trends in security. The report also includes recommendations that will help vendors, developers, bank employees, and clients to increase the level of security in development, support, and use of banking applications.

This report provides statistics on attacks performed against web applications during the first quarter of 2017. Sources of data are pilot projects involving deployment of PT Application Firewall, as well as Positive Technologies’ own PT AF installations. Priorities included determining the most common types of attacks, objectives, intensity, and time distribution of attacks. In addition, we discuss the attacks most frequently encountered by clients in different sectors. With this up-to-date picture of attacks, companies and organizations can track trends in web application security, identify the most important threats, and focus their efforts during web application development and subsequent protection.

In the first three months of 2017, only five days brought no news of new cyber incidents, as found by Positive Technologies experts. The pace of attacks is relentless—attackers don't take holidays or weekends—yet still more attacks have surely gone unreported. We estimate that under half of all incidents (about 49 percent) become known to the public. This report is the first in a series of quarterly reviews analyzing the latest cyberthreats in the context of attack methods and mechanisms based on expert experience, forensic investigations, and other reliable sources. Timely information on cyber incidents is useful for improving proactive protection and minimizing the risk of compromise of critical systems in case of an attack.

Administration flaws and insecure use of corporate Wi-Fi networks pose a security threat. An intruder can hack a Wi-Fi network to intercept sensitive information, attack wireless network users, and gain access to a company's internal network. Attacks against wireless networks are diverse. This article provides an overview of the most common vulnerabilities detected during security testing of wireless networks carried out by Positive Technologies in 2016

Successful attacks on corporate information systems can result in substantial financial and reputational losses for enterprises. To prevent these threats, the experts at Positive Technologies perform numerous penetration tests each year for major organizations worldwide. This testing attempts to answer the question “What would a real attacker do?” The techniques evaluate the true level of security and identifies specific flaws in security mechanisms, including vulnerabilities that are not readily discoverable by other audit methods. From its testing, Positive Technologies has identified six key attack techniques that can be employed by outsiders to breach the network perimeter and obtain corporate network access. The scenarios described allow control to be obtained for critical corporate resources in almost all penetration tests when performed as an insider, resulting in total control of the CIS in over 70% of cases; adopting the role of an outside attacker, the network perimeter was breached in 80% of cases.

With the same technology products used within critical infrastructure facilities as well as enterprises generally, an intruder who finds an ICS vulnerability at one company can use the same vulnerability against targets all over the world. Of greater concerns is that vendors and users often neglect ICS security. Because of the need for uninterrupted uptime of critical systems (such as industrial protocols, operating systems, and database management systems), ICS software often goes years without updates. The combination of these factors has created a dangerous situation with an evolving threat landscape. This whitepaper details the results of Positive Technologies’ analysis of vulnerabilities and Internet-accessible ICS components.

Vulnerabilities in the Internet-connected software run by large organizations create a large security risk. A single successful exploit — which can be as short as a few characters typed in the wrong place — can abuse these flaws and set a breach in motion. The aim of this web application attack research was two-fold: to determine which attacks are most commonly used by hackers in the wild, and to find out which industries are being targeted and how