- Navigating E-rate for FY2025: Key Deadlines and New Opportunities
- La preocupación por los costes pone en jaque las estrategias de IA de los CIO
- This smart air purifier effectively replaced allergy medicine for me - and it's impressively quiet
- This discounted robot vacuum conquered the toughest room in my home
- I used the Google Pixel Tablet as my smart home display - and here's how it fared
Insecure protocols leave networks vulnerable: report
Nearly half (46%) use Server Message Block (SMB) v1 or v2. The SMB protocol used for file sharing and other purposes has been updated in SMB v3 to protect against vulnerabilities. Still, Cato found that many organizations continue to rely on SMB v1 and SMB v2 despite known vulnerabilities such as EternalBlue and denial of service (DoS) attacks. SMB v3 also enforces the robust AES-128-GCM encryption standard, according to the report.
“The HTTP traffic analysis clearly shows that many organizations do not encrypt their WAN traffic,” the report states. “This means that if an adversary is already inside the organization’s network, they can eavesdrop on unencrypted communications that may include personally identifiable information (PII) or sensitive information such as credentials.” Access to such data could help bad actors with lateral movement, which involves methods to explore and find vulnerabilities within already penetrated networks. The lateral movement across network devices and applications can go undetected until hackers reach their ultimate target.
“To stop cyberattacks, enterprises should be using house machine learning modules based on company data and threat intelligence feeds. They also need to be careful of compromised systems within their organizations. Threat actors are leveraging them to scan (mainly SMB scanning) the network for vulnerabilities,” the report states.
Separately, Cato’s traffic analysis report uncovered the most frequently spoofed shopping sites, which are often used in phishing and spoofing attempts so hackers can get access to personal information.
These cybersquatting efforts, also known as domain squatting, use a domain name to capitalize on the reputation and recognition of a brand that belongs to someone else. By incorporating common typos or slight word differences into domain names, bad actors can pose as legitimate sites and gain access to users who mistakenly entered the typo.
According to the report, Booking, Amazon, and eBay are the top three well-known brands involved in spoofing attempts. Other commonly spoofed brands include Pinterest, Google, Apple, Netflix, Microsoft, Instagram, and YouTube.
