Insights from the first Rapid7 Quarterly Threat Intelligence Report
“It provides very useful insights into how the threat landscape is evolving. It also demonstrates why proactive, robust information sharing is a critical element of mitigating cyber vulnerabilities in such a rapidly evolving threat landscape. Automated information sharing, paired with context, enables Rapid7 to efficiently deploy proactive defenses and provide more effective incident response to their respective customers.” – Michael Daniel, President at The Cyber Threat Alliance.
You may be thinking at this stage ‘what are we on about?’ Well, now we’ve got your attention, lets dig deeper. Back at the start of April Rapid7 released its first “Quarterly Threat Intelligence Report”. The report shined a light on a myriad of security focused areas. We’ve been sent some of the key highlights to share with you, from Rapid7, below.
- By observing the timing of alerts generated, Rapid7’s analysis found that attackers still heavily rely on user interaction. For instance, on Mondayholidays, alerts dipped significantly, which the analysts attributed to a lack of employees interacting with malicious emails, attachments, etc.
- Organisations in industries that align with nation state interests (government, manufacturing, aerospace), sophisticated attack activity such as APTs is alive and kicking. For the most part though, this analysis observed that organisations outside those industries were not significantly affected by highly targeted attacks.
- While a 30-day patching cycle was once generally effective, the Apache Struts vulnerability presented a strong case to reevaluate this traditional thinking. Just days after the Apache Struts vulnerability was publicly disclosed, our analysts began to detect mass-exploitation attempts.
- If you design indicators based only on currently available information, rather than seeking out additional intelligence or adding industry- and company-specific context, the result will be low-quality alerts.
You can access the full report here: https://www.rapid7.com/…