The Cyberattack Spectrum – Who Is More Vulnerable To What?

Cybersecurity is a buzzword in today’s business world. Every company knows it needs to invest in cybersecurity because the cyberattack landscape is increasingly full of attacks – from malware to cryptominers, from ransomware to DDoS attacks.

But there is no single one-size-fits-all cybersecurity solution that, when applied, eradicates the threat. And knowing the particular characteristics of the threat landscape that applies to your particular type of business can help you make smarter business decisions, and potentially save you money in applying your cybersecurity strategy.

New research from cybersecurity specialists Lumu Technologies suggests that companies may be using an expensive sledgehammer to crack a cybernut by investing in broad-spectrum protection, rather than focusing on the threats that are actually most likely to come their way.

The Impact of Malware

For instance, the generalized threat of “malware” – often used as a headline threat to explain the whole cybersecurity threat profile – is actually relatively miniscule in its threat level for mid-size and enterprise-level companies. The report from Lumu shows malware being a significant threat for those higher-level, larger-scale businesses in just 3% of cases.

Where malware really is the threat it’s known to be is within the SMB community. The Lumu report shows malware as a major threat a full 60% of the time, meaning many of the standard mitigation techniques and cybersecurity programs that focus on malware will be of significantly more value to the SMB sector than they will to the enterprise-level business world.

If malware is the largest single threat to the SMB community, it begs the question of what the most prolific threat for enterprise-level businesses could be. The answer, according to the Lumu report, is domain generation algorithms. Working as bridgeheads for command and control servers, and in potentially vast numbers during any given cyberattack, means they’re extremely difficult to entirely track down and either mitigate or eradicate, which is bad news for the enterprise community, as they show up as being effective in that arena an incredible 92% of the time.

While blacklists are a way to weed out some DGAs, they’re frequently poor in terms of the coverage they offer, meaning the mitigation is patchy at best. Machine learning techniques are significantly better at detecting and eradicating bridgehead domains – but you have to know you’re significantly in danger of those algorithms to justify the additional expense of machine learning domain detection. That, among other facts, is the value of getting solid business intelligence reports on the types of threat that are prevalent in your particular sector.

How Long?

Other headlines from the report are, if anything, more worrying. For SMBs, detecting a system compromise is currently taking an average of 201 days, while detecting and containing a breach can take up to 271 days – just three months short of a full calendar year. What could malware do in your systems across the space of three business quarters?

It could cost you upto $9.44 million. That’s the average cost of a data breach through cyberattack in the US in 2022. Absurdly given that potential bottom line cost, the Lumu report reveals that a full 50% of SMBs do not practice mobile device monitoring – despite the Mobile Security Index report for 2022 showing a near-doubling of major cybersecurity events in the year following the end of lockdowns, but the continuation of remote working models.

What’s more, 40% of SMBs surveyed for the Lumu report aren’t monitoring the use of network resources or traffic, either – which might explain why most recorded compromises originate within the network. Whichever level a business operates on, cyberattacks work in weak spots. If you leave an area unsupervised and unwatched, it instantly becomes a weak spot, so there’s an intrinsic connection between not monitoring network resources or traffic and inviting a cynerattack into your systems.

Cryptomining – Under The Radar

Then there’s the fact that 35% of SMBs surveyed don’t even recognise a growing threat as something that applies to them at all. Cryptomining is a practice where cybercriminals infect a computer or a system and hide silently, mining cryptocurrency using your resources indefinitely unless or until they’re discovered. For upto an average of 271 days.

It’s a practice that has been creeping up the cyberattack charts for a few years now, but compared to malware and ransomware, it hasn’t had much press – which could explain the number of SMBs who don’t believe it’s a threat to their bottom line that’s worth detecting and mitigating.

And finally, the report reveals the most active malware families in use against SMBs in the year from June, 2021-May, 2022.

Top 3 Threats

The three top threats are: Conficker (a worm that affects the Microsoft OS and also goes by the names Downup, Downadup, and Kido); Necurs (a slippery botnet that can lead to an increase in spam mail); and Suppobox (a malware family also known as Nivdort and Bayrob), which has been on the rise since 2019, claiming millions of dollars and hundreds of thousands of systems.

Knowing what threats are particularly aimed at your level of business, and in particular getting smart on what weaknesses and complacencies may be in your system or your company culture, can save you money in terms of your cybersecurity provision, and help you weather the rising tide of cyberattacks that is swamping businesses early in the hybrid working era.