Top Cyber Security Risks

Two risks dwarf all others, but organizations fail to mitigate them.

Featuring attack data from TippingPoint intrusion prevention systems protecting 6,000 organizations, vulnerability data from 9,000,000 systems compiled by Qualys, and additional analysis and tutorial by the Internet Storm Center and key SANS faculty members.
Overview

Throughout the developed world, governments, defense industries, and companies in finance, power, and telecommunications are increasingly targeted by overlapping surges of cyber attacks from criminals and nation-states seeking economic or military advantage. The number of attacks is now so large and their sophistication so great, that many organizations are having trouble determining which new threats and vulnerabilities pose the greatest risk and how resources should be allocated to ensure that the most probable and damaging attacks are dealt with first. Exacerbating the problem is that most organizations do not have an Internet-wide view of the attacks.

This report uses current data – covering March 2009 to August 2009 – from appliances and software in thousands of targeted organizations to provide a reliable portrait of the attacks being launched and the vulnerabilities they exploit. The report’s purpose is to document existing and emerging threats that pose significant risk to networks and the critical information that is generated, processed, transmitted, and stored on those networks. This report summarizes vulnerability and attack trends, focusing on those threats that have the greatest potential to negatively impact your network and your business. It identifies key elements that enable these threats and associates these key elements with security controls that can mitigate your risk.

The report’s target audience is major organizations that want to ensure their defenses are up-to-date and are tuned to respond to today’s newest attacks and to the most pressing vulnerabilities. Data on actual attacks comes from in trusion prevention appliances deployed by TippingPoint that protect more than 6,000 companies and government agencies. Data on vulnerabilities that remain unpatched comes from appliances and software deployed by Qualys that monitor vulnerabilities and configuration errors in more than 9,000,000 systems, scanned more than 100,000,000 times so far in 2009. The patterns in the data are vetted by the senior staff at the Internet Storm Center and by the faculty of the SANS Institute responsible for SANS programs in hacker exploits, penetration testing, and forensics. In other words, these findings reflect a fusion of data and experience never before brought together.

The report also includes a pictorial description/tutorial on how some of the most damaging current attacks actually work. One of the most important findings in cybersecurity over the past several years has been the understanding most often asserted by White House officials that “offense must inform defense.” Only people who understand how attacks are carried out can be expected to be effective defenders. The tutorial shows what actually happened in a very damaging attack and is excerpted from Ed Skoudis’ SANS Hacker Exploits and Incident Handling class. It is included to boost defenders’ understanding of current attack techniques.

The report was compiled by Rohit Dhamankar, Mike Dausin, Marc Eisenbarth and James King of TippingPoint with assistance from Wolfgang Kandek of Qualys, Johannes Ullrich of the Internet Storm Center, and Ed Skoudis and Rob Lee of the SANS Institute faculty.