Cato Networks recently released its inaugural Cato CTRL SASE Threat Report for Q1 2024. The report reveals that all surveyed organisations persist in using insecure protocols across their wide access networks (WAN), making it easier for cybercriminals to move across networks.
The Cato CTRL SASE Threat Report Q1 2024, developed by Cato CTRL’s cyber threat intelligence (CTI) research team, offers insights into security threats and their identifying network characteristics for all aggregate traffic, irrespective of its origin or destination on the internet or WAN, and for all endpoints across sites, remote users, and cloud resources.
“As threat actors constantly introduce new tools, techniques, and procedures targeting organisations across all industries, cyber threat intelligence remains fragmented and isolated to point solutions,” said Etay Maor, Chief Security Strategist at Cato Networks and a founding member of Cato CTRL. “Cato CTRL is filling this gap to provide a holistic view of enterprise threats. As the global network, Cato has granular data on every traffic flow from every endpoint communicating across the Cato SASE Cloud Platform, and we’re excited to share what we’ve learned with the broader industry to spark a more secure future.”
The report summarises findings derived from Cato SASE Cloud Platform traffic flows across Cato customers between January and March 2024. Cato CTRL analysed 1.26 trillion network flows and thwarted 21.45 billion attacks. Key findings include:
Enterprises are too trusting within their networks
- Once cyber criminals are inside of a network, they have less of a problem finding insecure data
- Insecure protocols continue to be prevalent across WAN, with HTTP accounting for 62% of all web application traffic, telnet for 54% of all traffic, and SMB v1 or v2 for 46% of all traffic, rather than the more secure SMBv3
- Lateral movement, where attackers move across networks, was most commonly observed in the agriculture, real estate, and travel and tourism sectors
AI takes the enterprise by storm
- The adoption of AI tools, including Microsoft Copilot, OpenAI ChatGPT, and Emol, was widespread across enterprises, particularly in the travel and tourism industry
Zero-day threats
- Zero-day threats, although receiving considerable attention, are not the most common. Older vulnerabilities, such as the seven-year-old CVE-2017-9841 targeting the PHPUnit testing framework, remain prevalent
- Three years after discovering it, Log4J (CVE-2021-44228) is one of the most used exploits. The report found it was across 30% of the outbound CVE exploitations observed
Many cyber threats are industry-specific
- For instance, media and entertainment organisations demonstrated a lack of adoption of essential security applications, while endpoint denial of service techniques were more frequently observed in the entertainment, telecommunications, and mining and metals sectors
- Threat actors also exploited credential access vulnerabilities more frequently in the services and hospitality sectors compared to others
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.