Blog

From The CTO’s Office

By Nicolai Solling, Chief Technology Officer

May-2021 3 min to read

Dear Reader,

It gives me great pleasure to introduce Help AG’s Q3 2021 Threats and Vulnerabilities report.

The Q3 report is also the last TVR that we will publish in 2021, and it gives us a good opportunity to look back at some of the trends we saw when helping enterprise organizations respond to cyber-attacks.

Help AG is observing an increased activity of cyber-attacks across our customer base and it is fair to say that adversaries have perfected their business-model.

Unfortunately, it is a highly lucrative business. To demonstrate how lucrative it is, we got a sneak peek when the US Department of the Treasury released their findings and analysis of Suspicious Activity Reports and the link to ransomware related campaigns.

Their research showed that the top 10 malware variants in the works from July 2018 until present day are tied to Bitcoin transactions worth 5.2 billion USD – a staggering amount, which unfortunately verifies that the business model of the attackers is working way too well.

Another trend we observed is that 3rd party applications are a prime target of attackers – this is sometimes referred to as supply chain attacks – Microsoft Exchange has had its share of vulnerabilities this year, and also this quarter, but also SolarWinds, Pulse Secure and VMware have had their share of issues to name a few.

In the vulnerabilities section of this report you can find some of the most notable issues reported this month.

Key to all of these vulnerabilities is, that if left unpatched, you will be at risk of cyber criminals launching attacks, exploiting and gaining foothold in your environment.

Proper cyber hygiene in the form of patch management has never been more important as of now.

We also recorded another increase in DDoS attacks across our customer base in Q3 of 2021. DDoS attacks keep increasing and we deal with thousand of them on a daily basis. Fortunately, most of the mitigation is completely automated and there is no customer impact, especially when you are receiving a service as complete and efficient as our DDoS service, someone may also forget how important it is and may even question if it is required – But the ugly truth is that data does not lie. If our service was not able to protect our clients there would be severe interruptions to IT systems around the nation.

Unfortunately, for the attackers the business case is simple; the more dependent you are on your systems the more they will gain from disrupting them – either in the form of direct payment from you or any other benefit they gain from disrupting your business.

Furthermore, when you are busy getting your systems back online you are less likely to focus on other aspects of IT security and therefore DDoS may often be used as a distraction.

If you are not yet protecting your online presence against DDoS, now is a good time to explore how we can assist you. It is much easier to plan before an attack than when the issue is happening.

I also want to highlight the interesting content from our Strategic Consulting team who in this publication is focusing on data privacy – a topic that is increasingly important for any organization processing and storing data about customers and clients. As some of you may have read there is a lot of legislations around data privacy not just in Europe and the US, but also in the Middle East with both KSA and UAE announcing frameworks recently.

Finally, I am extremely proud of our Security Analysis team as they continue to help clients bolster their security by highlighting the vulnerabilities, configuration issues and code issues.

Recently, the team spoke at a number of security conferences around the world about interesting topics such as smart contracts on blockchains and around our zero day research that we constantly perform.

Again, we identified a number of zero days in this quarter and as we wait for the CVEs to be approved and vendors to release software patches, I invite you to spend some time on our website to see much more around our work on zero day research.

If you are not yet performing proper vulnerability assessment and penetration testing on your applications and infrastructure maybe now is a good time to start? I believe it is one of the most efficient ways you can assess your infrastructure as the results are always tangible and relevant.