Although the cyber threat landscape evolves every day, bringing in new threats from new enemies, a significant number of cyber attacks involve well-known tactics that should be preventable by now, according to a new report from Hewlett Packard.
“Our researchers saw that despite new technologies and fresh investments from both adversaries and defenders alike, the security realm is still encumbered by the same problems—even in some cases by the very same bugs—that the industry has been battling for years,” stated HP in its 2015 Cyber Risk Report. “The work of our threat research and software security research teams revealed vulnerabilities in products and programs that were years old—in a few cases, decades old. Well-known attacks were still distressingly effective, and misconfiguration of core technologies continued to plague systems that should have been far more stable and secure than they in fact proved to be.”
Such attacks are usually due to poor coding in applications and software vulnerabilities, HP commented, adding that basic system maintenance could solve some of the issues.
“While newer exploits may have garnered more attention in the press, attacks from years gone by still pose a significant threat to enterprise security. Businesses should employ a comprehensive patching strategy to ensure systems are up to date with the latest security protections to reduce the likelihood of these attacks succeeding,” the computer firm said.
Observing trends in the cybersecurity world, HP cited 2014 as the year for a rise in new threats relating to technology as well as increased regulatory interests in breaches of all kinds. An increase in threat actors originating from other nation-states prompted more cooperation among law enforcement agencies and federal agencies. A groundswell of development in the cyber-spying efforts in Iran, China, Turkey, and North Korea signaled a new battleground for the world, as well as significant effects on society and how we interact with technology.
HP said, “There’s the Internet that we see and the Internet that most of us don’t, and even though it is mostly invisible, the darker side of the Internet is pervasive and influential. Our investigations certainly suggest that the machinations and maneuvers of criminals and state-sponsored cyber operators in the cyber underground have significant and lasting effects on the security of the greater Internet and society at large. Looking into nation-state-sponsored cyber activity highlights the many levels at which cyber operations and state -sanctioned activity can occur, and how malware and the tools and techniques of cyber criminals can be utilized in different ways to accomplish different goals.”