Skip to main content

Outdated cyber defences putting companies at risk

(Image credit: Image Credit: Pavel Ignatov / Shutterstock)

As cyber threats such as phishing, malware and cryptojacking have grown increasingly sophisticated, new research has revealed that legacy security solutions are no longer able to defend against them. 

In its annual threat report (opens in new tab), the security firm Webroot examined data collected throughout 2017 to illustrate how ransomware (opens in new tab) and other cyber attacks have become a global threat.  The company also shed light on the way that these attacks have been able to bypass legacy security solutions due to organisations neglecting to patch, update or replace their systems. 

The report highlighted how new and reused ransomware variants have become an even more serious threat with 200,000 machines being infected with WannaCry and NotPetya in over 100 countries (opens in new tab)

Phishing attacks have also become increasingly targeted as cyberattackers have turned to social engineering and IP masking to improve their success rates.  Phishing sites also bypassed security by remaining online for just four to eight hours in order to evade traditional anti-phishing strategies.  Webroot also found that 62 domains were responsible for 90 per cent of the phishing attacks that took place in 2017. 

As cryptocurrency prices increased in 2017, hackers turned to cryptocjacking (opens in new tab) as a profitable and anonymous attack method.  Since September of last year, over 5,000 sites were compromised with the JavaScript cyrptocurrency miner CoinHive which hijacked users' systems to mine Monero. 

Webroot's Chief Technology Officer, Hal Lonas stressed that organisations should utilise real time threat inteligence to better protect themselves, saying: 

“Over the past year, news headlines have revealed that attackers are becoming more aggressive and getting extremely creative. Cryptojacking made our threat report for the first time this year as an emerging threat that combines everything an attacker could want: anonymity, ease of deployment, low-risk, and high-reward. Organizations need to use real-time threat intelligence to detect these types of emerging threats and stop attacks before they strike.”   

Image Credit: Pavel Ignatov / Shutterstock

After getting his start at ITProPortal and then working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches to how to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.