Two new reports from eSentire and Proofpoint show that that as online threats remain an issue, user security leaves much to be desired. The mismatch between the danger of cyberthreats and lack of user readiness could leave individuals or businesses at risk of serious losses to data or property. Having good security practices, such as keeping systems updated, using a variety of passwords, keeping WiFi networks secure, and running antivirus software can help ameliorate the risks.

eSentire 2018 Q2 Threat Report

The eSentire Quarterly Threat Report looked at exploit campaigns, phishing, malware, and endpoint events throughout the second quarter of 2018. The industry most exposed to online threats was biotechnology, followed by accounting services, real estate, marketing and construction. Most attacks were looking for outdated vulnerabilities, and a small number were successful due to unpatched systems or configuration issues.

eSentire Industry Chart

The report found a surge in Microsoft Internet Information Services (IIS) attacks, up from two thousand in the first quarter to 1.7 million in Q2, a 782x increase, largely coming from compromised servers originating from Tencent and Alibaba. Those increases continued into the third quarter.

Drupal and Oracle Web Logic were also targeted heavily by exploit attacks throughout the second quarter. The firm observed successful attacks using exploits such as Drupalgeedon2 and EternalBlue. Other devices seeing attacks included GPON home routers manufactured by DASAN Zhone Solutions, which are being targeted by botnets such as Muhstik.

In terms of malware, the Panda banking Trojan had the greatest increase quarter over quarter:

eSentire Malware


Emotet and Hancitor were also seen throughout Q2. Emotet has evolved from a banking Trojan to becoming a malware downloader which is delivered through malicious documents disguised as invoices, shipping forms and IRS tax forms. Phishing attacks also remain popular, and eSentire saw an increase in lures mimicking shipping and eFax services.

Proofpoint 2018 User Risk Report

Wombat Security, a division of Proofpoint, released a report looking at user risks in 2018. The firm commissioned a third-party survey to question 6,000 working adults in Germany, France, Italy, the U.K., the U.S., and Australia about end-user actions and capabilities that affect device, data, and system security. It tested respondents understanding of cybersecurity fundamentals that includes knowledge of phishing, ransomware and WiFi security, their password management practices, use of data protections, and social media use.

The survey found that many respondents had a limited understanding of common cybersecurity risks. More than 60 percent didn't know what ransomware was, while 32 percent didn't understand malware.

User Surveys

In terms of password usage, 33 percent said they used a password manager. Of those that didn't, 21 percent said they use the same one or two passwords for all their online accounts.

However, when it comes to personal cybersecurity, many respondents failed to take proper security cautions in their personal life. For firms that have employees work from home or bring their own devices, this could be an issue.

For example, 44 percent of respondents did not password-protect their home WiFi networks, and 66 percent haven’t changed the default password on their WiFi routers. Furthermore, 55 percent of respondents whose employer gives them a device to use at home allow their friends and family members the access the device.

The relatively poor security habits of many respondents might cause organizations to consider educating their employees on the risks of online threats and proper security measures to take. Wombat calls this a "people-centric" view of cybersecurity, and judging by the results of the survey, it might be a concept worth considering.

Related Articles:

SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords

Ad Clicker Hiding as Google Photos App Found in Microsoft Store

The Week in Ransomware - October 12th 2018 - NotPetya, GandCrab, and More

CoinMiners Use New Tricks to Impersonate Adobe Flash Installers

Windows 10 Ransomware Protection Bypassed Using DLL Injection