Threat Analysis Report - Compuquip

2y ago
21 Views
2 Downloads
2.40 MB
23 Pages
Last View : 18d ago
Last Download : 2m ago
Upload by : Philip Renner
Transcription

Security CheckupThreat Analysis ReportSample Report

TABLE OF CONTENTSExecutive Summary . 03Key Findings . 04Malware & Attacks . 04High Risk Web Access . 12Data Loss . 14SCADA Communication . 16Mobile Threats . 17Endpoints . 22Bandwidth Analysis . 23Security Checkup - Threat Analysis Report2

EXECUTIVESUMMARYThe following Security Checkup report presents the findings of a security assessment conducted in your network.The report uncovers where your organization is exposed to security threats, and offers recommendations to address these risks. Toassess risk, network traffic was inspected by Compuquip's Check Point engineers to detect a variety of security threats, including:malware infections, usage of high risk web applications, intrusion attempts, loss of sensitive data, and more.Malware and AttacksData Loss287 computers8 known malware4.6K21 new malwareinfected with botscommunications withC&C* sites* C&C - Command and Control. If proxy is deployed,there might be additional infected computers.114 potential dataloss incidentsdownloaded by 10 usersdownloadedNew malware variant is a zero-day attack or maliciouscode with no known anti-virus signature.14 unique software vulnerabilitieswere attempted to be exploitedIndicates potential attacks on computers on yournetwork.6 sensitive datacategoriesIndicated information sent outside the companyor to unauthorized internal users. Information thatmight be sensitive.High Risk Web Access18 high risk web22 high risk web sites15 cloud applications96.2GB409 hits12.5GBapplicationsPotential risks: opens a backdoor to your network,hides user activity, causes data leakage or malwareinfections.Potential risks: Exposure to web-based threatsand network infection. Examples: Spam, malicious,phishing web sites.Risk of data loss and compliance violations.Examples: Dropbox, Google Drive, OneDrive.Security Checkup - Threat Analysis Report3

Key FindingsMalware and AttacksMalware Family*MACHINES INFECTED WITH BOTSA bot is malicious software that invades your computer. Bots allow criminals to remotely control your computer to executeillegal activities such as stealing data, spreading spam, distributing malware and participating in Denial of Service (DOS) attackswithout your knowledge. Bots play a key role in targeted attacks known as Advanced Persistent Threats (APTs). The following tablesummarizes the bot families and number of infected computers detected in your network.Infected Computers **Communications withCommand and Control CenterDestination CountryCommand & Control LoactionsMexicoTop Bot Families (Top 10 Malware)Sality61 Computers1,453United StatesCanadaChinaUnited StatesZeroaccess57 Computers684United KingdomCanadaMexicoZeus54 Computers546Pushdo41 Computers307IsraelGermanyRussian FederationMexicoScar32 Computers115United StatesCanadaVirut23 Computers97ItalyRussian FederationItalyRustock18 Computers66FranceUnited StatesCanadaGermanyConficker15 Computers50SwedenSpainKoobfaceTotal: 10 Malware FamiliesComputers287 Infected Computers134,596SpainItaly13 Countries* Check Point’s malware naming convention: malware type . operatingsystem . malware family . variant For more details on specific malware, search themalware name on www.threat-cloud.com ** The total number of infected computers(sources) presents distinct computers.Security Checkup - Threat Analysis Report4

Key FindingsEXTENDED MALWARE INCIDENTS (CHECK POINT THREATCLOUD INTELLISTORE)Malware threats were detected by extended security intelligence feeds (via Check Point ThreatCloud IntelliStore*).Malware and AttacksTop Threats by FeedMnemonicMalwarePatrolIDTotal: 3 FeedsThreatSeveritySourceFeed DetectionEngineMalicious domain.bqzeiHigh52 SourcesAnti-BotC&C domain.utqzyHigh43 SourcesAnti-BotAdware domain.qzfHigh20 SourcesAnti-BotAdware domain.qafHigh17 SourcesAnti-BotC&C domain.uteuuHigh25 SourcesAnti-BotC&C domain.vaoekHigh19 SourcesAnti-BotMalicious domain.bqtmgHigh7 SourcesAnti-BotC&C domain.uxqcwHigh10 SourcesAnti-BotC&C domain.umzgwHigh3 SourcesAnti-BotAdware domain.qbmHigh2 SourcesAnti-BotTotal: 10 ThreatsHigh198 Sources1 EngineURL hosting a malwareexecutable file.dkgohHigh57 SourcesTotal: 1 ThreatHigh57 Sources2 EngineExploitKit Nuclear.lkfoHigh24 SourcesAnti-VirusExploitKit Nuclear.rqdxHigh32 SourcesAnti-VirusMalwareDownload Generic.bpkpMedium15 SourcesAnti-VirusExploitKit Angler.bcncrMedium7 SourcesAnti-VirusTotal: 4 ThreatsHigh78 Sources1 Engine333 Sources2 Engine15 ThreatsHighFeeds by SeverityHighVendor & SeveityFeedMediumMnemonicMalware PatrolID050100150200Anti-BotAnti-Virus* For more information on Check Point ThreatCloud IntelliStore please refer to ellistore/Security Checkup - Threat Analysis Report5

Key FindingsMalware and AttacksMACHINES INFECTED WITH ADWARE AND TOOLBARSAdware and toolbars are potentially unwanted programs designed to display advertisements, redirect search requests to advertisingwebsites, and collect marketing-type data about the user in order to display customized advertising on the computer. Computersinfected with these programs should be diagnosed as they may be exposed to follow-up infections of higher-risk malware. Thefollowing table summarizes the adware and toolbar malware families and the number of infected computers detected in yournetwork.Top Malware FamiliesAdware Name*Infected Computers**Adware domain.pzf3 ComputersAdware domain.qaf2 ComputersAdware domain.qbm1 ComputerAdware.Win32.MyWay.A1 ComputerAdware.Win32.Staser.A1 ComputerAdware domain.iqpTotal: 6 Adware1 Computer570 Computers* Check Point’s malware naming convention: malware type . operating system . malware family . variant For more details on specific malware, search on www.threat-cloud.com** The total number of infected computers (sources) presents distinct computersSecurity Checkup - Threat Analysis Report6

Key FindingsMalware and AttacksMALWARE DOWNLOADS (KNOWN MALWARE)With the increase in sophistication of cyber threats, many targeted attacks begin by exploiting software vulnerabilities in downloadedfiles and email attachments. During the security analysis, a number of malware-related events which indicate malicious filedownloads were detected. The following table summarizes downloads of known malware files detected in your network and thenumber of the downloading computers. Known malware refers to malware for which signatures exists and therefore should beblocked by an anti-virus system.Downloads by ProtocolTop Malware Downloads (Top 10 Malware)Infected File’s NameDownload ComputersProtocolwire.zip3 ComputerssmtpTranfer.xlsx3 Computerssmtptasknow.exe3 ComputersTCP/8886Proforma Invoice.Doc2 ComputerssmtpDF4325.Skm2 ComputershttpInvitation.pdf1 ComputersmtpYour order.pdf1 ComputersmtpRH2221.cgi1 ComputerhttpTotal: 8 Infected Files10 Computerssmtp [62% 10]TCP/8886 [19% 3]http [19% 3]3 ProtocolsSecurity Checkup - Threat Analysis Report7

Key FindingsMalware and Attacks18.5KDOWNLOADS OF NEW MALWARE VARIANTS (UNKNOWN MALWARE)With cyberthreats becoming increasingly sophisticated, advanced threats often include new malware variants with no existingprotections, referred to as "unknown malware." These threats include new (zero-day) exploits, or even variants of known exploitswith no existing signatures and therefore are not detectable by standard solutions. Detecting these types of malware requiresrunning them in a virtual sandbox to discover malicious behavior. During the security analysis, a number of malware-related eventswere detected in your network. The table below summarizes downloads of new malware variants detected in your network.21Total files scannedTotal malware foundDownloads by ProtocolDownloads of New Malware Variants (Top 5 Malware)Infected File NameMalicious ActivityDownloadsMD5*Protocolswire.zipBehaves like a known malware (Generic.MALWARE.3d0e )Malware signature matched (Trojan.Win32.Generic.T.kbvx )Unexpected Process Crash209831c242084870326865966037ea68fsmtp0802 41.xlsBehaves like a known malware (Generic.MALWARE.6c6c )Malicious Filesystem ActivityMalicious Registry ActivityUnexpected Process 0 .png.zipA new process was created during the emulationThe module creates a suspended process The moduleexecutes files or commands The module loads APIfunctions from a DLL dynamically5 more malicious oice--0245.zipBehaves like a known malware (Generic.MALWARE.84ef us Registry Activity Unexpected 0httpTotal: 21 Infected Files16 Activitieshttp 64%smtp 32%9 Downloads8 MD52 Protocols* You can analyze suspicious files by copying and pasting files’ MD5 to VirusTotal online service at www.virustotal.comSecurity Checkup - Threat Analysis Report8

Key FindingsACCESS TO SITES KNOWN TO CONTAIN MALWAREMalware and AttacksOrganizations can get infected with malware by accessing malicious websites while browsing the Internet, or by clicking onmalicious links embedded in received email. The following summarizes events related to sites known to contain malware.Top Accessed Sites Known to Contain MalwareMalicious URL *Number of SourcesNumber of 7ta.com11Total: 5 Infected Files8 Sources42 emailsReceived with link to malicious site8 Hits* You can analyze suspicious files by copying and pasting files’ MD5 to VirusTotal online service at www.virustotal.comSecurity Checkup - Threat Analysis Report9

Key FindingsATTACKS AND EXPLOITED SOFTWARE VULNERABILITIESDuring the security analysis, attacks and exploited software vulnerabilities on servers/clients were detected. Such incidents mightindicate intrusion attempts, malware attacks, DoS attacks or attempts to bridge security by exploiting software vulnerabilities. Thefollowing summarizes these events.Malware and AttacksAttacks on Clients (Top 10 Attacks)Attack NameCVEAttackComputerAttackersAdobe Flash Player SWF FileBuffer Overflow (APSB13-04)CVE-2009-05203243High3,342Adobe Reader TTF CVT BufferOverflow (APSB10-09)CVE-2010-28833112High1,232Internet Explorer ActiveXNavigate Handling CodeExecution (MS08-073)CVE-2008-007814523High32Microsoft Access SnapshotViewer ActiveX Control ArbitraryFile DownloadCVE-2008-24631312Medium226594 AttackedComputersTotal: 5 AttacksNumber ofAttacksSeverity594Attackers4,884 AttacksAttacks on Servers (Top 10 Attacks)Attack NameCVEMicrosoft SCCM Reflected Cross-siteScripting (MS12-062)CVE-2012-25361256Medium4,765Joomla Unauthorized File UploadRemote Code ExecutionCVE-2012-29021233Medium2,543Web Servers Malicious HTTP HeaderDirectory TraversalCVE-2002-04407123High126ImageMagick GIF Comment ProcessingOff-by-One Buffer OverflowCVE-2005-019134Medium24PHP Php-Cgi Query String ParameterCode ExecutionCVE-2012-182322High10Oracle Database Server CREATETABLES SQL InjectionCVE-2009-199122Low5Total: 5 Attacks40 AttackedComputers265AttackersServers [70% 94]Clients [30% 40]AttackComputerAttackersAttacked TargetsNumber ofAttacksSeverity7,182 AttacksSecurity Checkup - Threat Analysis Report10

Key FindingsDDOS ATTACKSDenial-of-service (DoS) attacks target networks, systems and individual services flooding them with so much traffic that they eithercrash or are unable to operate. This effectively denies the service to legitimate users. A DoS attack is launched from a single sourceto overwhelm and disable the target service. A Distributed Denial-of-service (DDoS) attack is coordinated and simultaneouslylaunched from multiple sources to overwhelm and disable a target service. During the security analysis, DDoS attacks weredetected. The following summarizes the events.Malware and AttacksSummary14attack types70.4K13.3MBtotal attacksTop Source Countriesbandwidth utilizationAttack NameTop 5 DDoS AttacksAttack NameNetwork flood IPv4 UDPSeveritySourceCritical59 SourcesDestination7 attacked4 attackedEventsCritical2 Sources21 attackedHigh3 Sources2 attacked15.55K13 attackedTCP Scan (vertical)High3 Sources15 attacked1.6K5 attacked21 attacked18 attackedTCP ScanHigh12 Sources17 attacked1.0K7 attacked2 attackedTotal: 14 ProtectionsCritical118 Sources594 Attackers41.4KUnited Kingdom5.9KUnited Trinidad andTobago2Kuwait25.0K4 attackedTCP Scan (horizontal)Mexico6.4K13 attackedNetwork flood IPv4 TCP-SYNAttacks70.4 KTotal: 16 Countries56.6KSecurity Checkup - Threat Analysis Report11

Key FindingsUSAGE OF HIGH RISK WEB APPLICATIONSWeb applications are essential to the productivity of every organization, but they also create degrees of vulnerability in its securityposture. Remote Administration applications might be legitimate when used by admins and the helpdesk, but please note thatsome remote access tools can be used for cyber-attacks as well. The following risky web applications were detected in yournetwork, sorted by category, risk level and number of users.High Risk Web Access96.2 GBTop High Risk Web Applications (Top 5 Categories)Application CategoryProxy AnonymizerApplication NameSourceRisk Level *TrafficTor7 Sources5 Critical23 GBHola4 Sources5 Critical354 MBUltrasurf4 Sources5 Critical239 MBHide My Ass3 Sources5 Critical120 MBOpenVPN1 Source5 Critical32 MBTotal: 7 ApplicationsP2P File SharingTotal: 3 Categories26 GBBitTorrent Protocol24 Sources4 High23 GBSoulSeek22 Sources4 High22 GBXunlei19 Sources4 High12 GBiMesh13 Sources4 High456 MBGnutella Protocol8 Sources4 High56 MBTotal: 6 ApplicationsFile Storage & SharingApplications16 Sources73 Sources61 GBDropbox132 Sources4 High6 GBHightail54 Sources4 High3 GBMendeley9 Sources4 High123 MBZippyshare5 Sources4 High55 MBSendspace1 Source4 High3 MBTotal: 5 Applications201 Sources9.2 GB18 Applications290 Sources96.2 GBtotal high risk webapplications trafficTop CategoriesAttack NameAttacksProxy Anonymizer26 GBP2P File Sharing61 GBFile Storage & SharingApplications9.2 GBTotal: 3 Countries96.2 GB* RIsk level 5 indicates an application thatcan bypass security or hide identities. Risklevel 4 indicates an application that cancause data leakage or malware infectionwithout user knowledge.Security Checkup - Threat Analysis Report12

Key FindingsACCESS TO HIGH RISK WEB SITESWeb use is ubiquitous in business today. But the constantly evolving nature of the web makes it extremely difficult to protectand enforce standards for web usage in a corporate environment. To make matters more complicated, web traffic has evolvedto include not only URL traffic, but embedded URLs and applications as well. Identification of risky sites is more critical than ever.Access to the following risky sites was detected in your network, organized by category, number of users, and number of hits.High Risk Web AccessAccess to sites containing questionable contentTop Risky Websites (Top 5 Categories)Site CategoryPhishingSpamSpyware / Malicious SitesTotal: 3 CategoriesSite CategoryNumber of UsersNumber of HitsSite CategoryBrowse Time (hh:mm:ss)Traffic Total Byteswsq.altervista.org7 Users59Illegal / sale.com4 Users45Sex2:42:008.9MBlogin.marlktplaats.com4 Users21Gambling13:11:007.4MBmasternard.com3 Users5pro-update.com1 User3Total: 7 Sites16 Users135bgeqwre.com24 Users65bgvlidf.com22 Users55buogbvd.com19 Users19br46cy78son.net13 Users7dq4cmdrzqp.biz8 Users1Total: 6 Sites73 Users153100footdiet.org132 Users660scan.com54 Users33050h.com9 Users5123carnival.com5 Users50hm.net1 User3Total: 9 Sites254 Users12122 Sites343 Users409HackingTotal: 4 Categories00:01:0017:10:0056.0KB31.5MBAccess to non-business websites or to sites containingquestionable content can expose an organization to possibleproductivity loss, compliance and business continuity risks.Security Checkup - Threat Analysis Report13

Key FindingsDATA LOSS INCIDENTSYour company’s internal data is one of its most valuable assets. Any intentional or unintentional loss can cause damage to yourorganization. The information below was sent outside the company, or to potentially unauthorized internal users. This informationmay potentially be sensitive information that should be protected from loss. The following represents the characteristics of thedata loss events that were identified during the course of the analysis.Data LossSummary74.3K2total emails scanned114emails with data loss incidentsweb data loss incidentsIncidents by ProtocolTop Data Types (Top 10 Categories)Data TypeUsersEventsServicesCredit Card Numbers754httpBusiness Plan532smtpFinancial Reports212httpSource Code19httpPay Slip File35smtpU.S. Social Security NumbersTotal: 6 Data Types119 Users2114 Eventshttp 77 [67.5%]smtp 37 [32.5%]http2 ServicesSecurity Checkup - Threat Analysis Report14

Key FindingsFILES UPLOADED TO CLOUD BASED WEB APPLICATIONSOne of the greatest characteristics of Web 2.0 is the ability to generate content and share it with others. This capability comes withsignificant risk. Sensitive information can get into the wrong hands by storing confidential financial files on cloud-based file storageand sharing services. The following table provides an overview of the types of files uploaded from your organization and therespective file storage and sharing applications used.Data LossCloud-Based Web Applications (Top 5 Categories)Site / Application CategoryFile Storage & SharingApplicationsP2P File SharingShare FilesTotal: 3 CategoriesFile TypesSite / ApplicationUploaded FilesNumber of UsersFile TypeDropbox7 Files59 Users.EXE, .PPTX, .PDFHightail4 Files45 Users.DOCX, .PPTXMendeley4 Files21 Users.PDF, .XLXSGoogle Drive-web4 Files13 Users.EXE, .PDFMega3 Files6 Users.EXETotal: 7 Sites3 Files163 UsersBitTorrent Protocol24 Files65 Users.DOCX, .PPTXSoulSeek22 Files55 Users.PDF, .XLXSFileMp3.org16 Files43 Users.PDF, PPTXP2P-Radio9 Files22 Users.XLXSSharebox3 Files10 Users.PDF, .XLXSTotal: 6 Sites76 Files201 UsersFacebook132 Files66 Users.DOCX, .PPTXFreeWire42 Files23 UsersDOCX.Total: 2 Sites174 Files89 Users15 Sites274 Files453 UsersPDF [27%]EXE [14%]DOCX [18%]PPTX [22%]XLXS [19%]Security Checkup - Threat Analysis Report15

Key FindingsSCADA CommunicationsSCADA (Supervisory Control and Data Acquisition) is a type of industrial control system (ICS) that monitors and controls industrialprocesses. It operates with coded signals over communication channels to provide control of remote equipment. SCADA networksare usually separated from the organizational IT network for security purposes. SCADA protocols detected on the IT network mightindicate a security risk with a potential for a security breach. The following SCADA protocols were detected on your network.SCADA rtsTop SCADA Protocols & Commands (Top 20)Protocol & CommandTransactionsTrafficBACNet Protocol (Building Automation and Control Networks)384.3GBDNP3 Protocol - freeze and clear21123MBEtherNet/IP162.2GBOPC UA - secure conversation message271.0MBDNP3 Protocol - immediate freeze2513 MBDNP3 Protocol21.6GBDNP3 Protocol - write11.7GBDNP3 Protocol - ware restart157MBDNP3 Protocol - select1321MBTotal: 9 Protocols & Commands84 Transactions10.885GBSecurity Checkup - Threat Analysis Report16

Key FindingsMobile ThreatsThe following Security Checkup report presents the findings of a security assessment conducted in your network. The reportfocuses on mobile threats and uncovers where your organization is exposed to them, and offers recommendations to addressthese risks.To assess risk, network traffic was inspected by Check Point to detect a variety of security threats, including: mobile malwareinfections, usage and downloads of high risk mobile apps, download of malicious mobile applications, outdated mobile operatingsystems, and more.547Android devices433iOS devices979GBtotal mobile trafficMobile devices detected on corporate network (number of devices is based onsource IP addresses).3018201cloud mobile appshigh risk mobile appshigh risk web sites19GB traffic9GB traffic855 hitsExamples: Dropbox, Google Drive, OneDrive. Riskof data loss and compliance violations.High risk mobile apps are apps that might be usedby attackers to monitor and control mobile devicesor cause data loss.Examples: Spam, malicious, botnets and phishingweb sites. Potential risks: Exposure to web-basedthreats and network infection.20 downloads ofmalicious apps andmalware13 infected devicesDownload of malicious content such as maliciousapps, malware and adware and infected devicescommunicating with Command and Control servers.Security Checkup - Threat Analysis Report17

Key FindingsMOBILE DEVICES INFECTED WITH MALWAREMobile malware are malicious software which invade your mobile device. Mobile malware allow criminals to steal sensitiveinformation from a device, take control of its sensors to execute keylogging, steal messages, turn on the video camera, and all thiswithout your knowledge. Mobile malware play a key role in targeted attacks known as Advanced Persistent Threats (APTs). Thefollowing table summarizes the mobile malware detected in your network.Mobile ThreatsBot infections (top 20 bots)Malware*Infected DevicesCommunications withCommand and Control CenterPlankton5 devices1,453Xinyin5 devices1,265AndroRAT4 devices684BatteryBot2 devices587Bosua3 devices45HummingBad2 devices33SMS-Agent.A2 devices26SmsThief1 device7SMS-Agent.B1 device3Total: 9 malware families13 infected devicesCommand & Control Location4,103* For more information on specific app, search on http://appwiki.checkpoint.com/Security Checkup - Threat Analysis Report18

Key FindingsMobile ThreatsDOWNLOADS OF MALICIOUS APPS AND MALWAREWith the increased in sophistication in mobile cyber threats, many targeted attacks begin by embedding malware in downloadedapps and files. During the security analysis, a number of malware-related events which indicate malicious file downloads weredetected. The following table summarizes downloads of malware by mobile devices.Malware downloads (top 20)Malware*Downloaded byDownloadsMD5MobileConf.apk21 d.senscx.apk13 er.vrtwidget.apk8 ad.apk7 d.systemUI.apk3 pk2 devices26fa0ffc80d7796748238ad5f1ef3fd71Settings Tools.apk2 ty.apk1 device1f3867f6159ee25ebf90c8cc0220184edclean.apk1 device1eeb6777ce814c6c78e7b9bce9f8176e6Total: 9 malware files18 apps20 downloads* For more information on specific malware, search on www.threat-cloud.comSecurity Checkup - Threat Analysis Report19

Key FindingsMobile ThreatsUSAGE OF HIGH RISK MOBILE APPSMobile apps are essential to the productivity of every organization, but they also create degrees of vulnerability in its securityposture. Remote Administration apps might be legitimate when used by admins and the helpdesk, but when used maliciously, theycan allow potential attackers to steal sensitive information from a device, take control of the sensors to execute keylogging, stealmessages, turn on video camera, and more. The following risky apps were detected in your network.Mobile DevicesTop high risk mobile appsApp CategorySpywareTotal: 1 categoryApp Name*Risk LevelDevicesTrafficMspy4 High245 GBSpy2Mobile4 High222 GBBosspy4 High191 GBMobile Spy4 High11456 MBShadow Copy4 High5350 MBMy Mobile Watchdog4 High3120 MBMobiStealth4 High259 MBTalkLogV4 High156 MB879GB18 appsAndroid 64%IOS 36%* For more information on specific app, search on http://appwiki.checkpoint.com/Security Checkup - Threat Analysis Report20

Mobile ThreatsACCESS TO HIGH RISK WEB SITESWeb use is ubiquitous in business today. But the dynamic, constantly evolving nature of the web makes it extremely difficult toprotect and enforce web usage in a corporate environment. Identification of risky sites is more critical than ever. Access to thefollowing risky sites was detected in your network, organized by category, number of users, then number of hits.Top high risk web sites (top 10 sites per category)Application/SiteSiteSuspicious /scripts/beaco 2/drivethelife5 s 19 more clk/redirect.phpcomerciointernacional.com.mx nt5oxgpoe.dreamingofgalleries.me16 more SitesMobile Users81 MobileUsersHigh risk web sites by categoryHits104Suspicious ContentSite CategoryKey FindingsSpamSpyware/Malicious SitesBotnetsPhishing020406080100HitsAccess to sites containing questionable content61 MobileUsers73CategoryBrowse Time (hh:mm:ss)Traffic Total BytesSex21:24:003.9GBIllegal / king0:01:0064.0KBT otal: 4 Categories25:34 :004.8GBWeb Access to non-business websites or to sites containing questionablecontent can expose an organization to possible productivity loss, complianceand business continuity risks.Security Checkup - Threat Analysis Report21

Key FindingsEndpoints343 Total Endpoints DetectedEndpoints Involved in High Risk Web Accessand Data Loss Incidents23running high riskapplications19accessed high riskwebsitesEndpoints Involved in Malware and Attack Incidents34infected with malware44downloaded malware55received email containinglink to malicious site22servers attacked22users accessed questionable,non-business related websites14users involved in potentialdata loss incidents15accessed a site knownto contain malwareattacked endpoints23clients attackedSecurity Checkup - Threat Analysis Report22

Key FindingsBandwidth AnalysisBANDWIDTH UTILIZATION BY APPLICATIONS & WEBSITESAn organization‘s network bandwidth is usually utilized by a wide range of web applications and sites used by employees. Someare business related and some might not be business related. Applications that use a lot of bandwidth, for example, streamingmedia, can limit the bandwidth that is available for important business applications. It is important to understand what is usingthe network’s bandwidth to limit bandwidth consumption of non-business related traffic. The following summarizes the bandwidthusage of your organization sorted by consumed bandwidth.539.8GBTop Applications/Sites (Top 30)Total Traffic ScannedApplication/SiteCategoryRisk LevelSourcesTrafficYouTubeMedia Sharing2 Low151 Sources13.6GBOffice 365-OutlookEmail1 Very Low363 Sources10.9GBMicrosoft SQL ServerBusiness Application2 Low189 Sources6.4GBWindows UpdateSoftware Update1 Very Low623 Sources4.7GBServer Message Block (SMB)Network Protocols1 Very Low491 Sources3.7GBSkypeVoIP3 Medium475 Sources2.3GBbestday.comTravel-Unknown232 Sources2.3GBSMTP ProtocolNetwork Protocols3 Medium248 Sources2.2GBMS-SQL-ServerGoogle ServicesComputers / Internet2 Low437 Sources1.9GBMicrosoft-dsMicrosoft Dynamics CRMBusiness Application1 Very Low3 Sources1.7GBFacebookSocial Network2 Low226 Sources1.6GBoloadcdn.netComputers / Internet-Unknown3 Sources1.5GBServer Message Block (SMB)-writeNetwork Protocols1 Very Low33 Sources1.2GBTCP/587GmailEmail3 Medium55 Sources1.1GBUPD/3389Outlook.comEmail3 Medium280 Sources1.0GBds.pr.dl.ws.microsoft.comComputers / Internet-Unknown1 Source958.6MBJabber Protocol (XMPP)Network Protocol2 Low391 Sources872.6MBTotal: 254 Applications/Sites34 Categories4 Risks2,049 SourcesTraffic by 100GB200BG539.8GBSecurity Checkup - Threat Analysis Report23

Rustock 18 Computers 66 Italy France United States Canada Conficker 15 Computers 50 Germany Sweden Spain Koobface Computers 13 Spain Italy Total: 10 Malware Families 287 Infected Computers 4,596 13 Countries Top Bot Families (Top 10 Malware) * Check Point’s malw

Related Documents:

Shared third-party threat information via the Cyber Threat Alliance further enriches this knowledge base. The Cyber Threat Alliance is a consortium of 174 different threat intelligence and threat feed providers that crowdsource and share threat intelligence. Cyber Threat Alliance processes more than 500,000 file samples and 350,000 URLs daily.

threat mitigation program: Defining the Threat, Detecting and Identifying the Threat, Assessing the Threat, and Managing the Threat. On CISA.gov, visitors will find extensive tools, training, and information on the arra

Counter-Insider Threat Program Director's vision to integrate the social and behavioral sciences into the mission space. As part of a partnership with the PERSEREC Threat Lab, CDSE provides links to their insider threat resources in the Insider Threat toolkit. This promotes the applied use of research outcomes to the insider threat community.

Threat Modeling: Designing for Security Adam Shostack Securing Systems: Applied Architecture and Threat Models Brook S.E. Schoenfield Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis Marco Morana and Tony UcedaVelez Measuring and Managing Inf

Threat analytics attempt to understand where threats to assets exist and plan mitigation strategies around that. ML, DL, and AI are used in threat analytics and can reduce the complexity of analysis performed by humans. Threat telemetry, threat data , and threat intelligence are often used interchangeably though they are different.

fenders to explore threat intelligence sharing capabilities and construct effective defenses against the ever-changing cyber threat landscape. The authors in [17] and [18] identify gaps in existing technologies and introduce the Cyber Threat Intelli-gence model (CTI) and a related cyber threat intelligence on-tology approach, respectively.

Threat assessment – also known as behavioral threat assessment or threat management – is a process designed to identify, investigate, evaluate, and manage threats, stalking, harassment, and other troubling behavior. The goal of threat

“Accounting is the art of recording, classifying and summarizing in a significant manner and in terms of money, transactions and events which are, in part at least, of a financial character, and interpreting the result thereof”. Definition by the American Accounting Association (Year 1966): “The process of identifying, measuring and communicating economic information to permit informed .