*** DO NOT SET LIVE ***
The biggest verticals targeted by hackers in 2018, so far, are Education, Retail, Biotechnology, Construction, and Nonprofit Organizations. According to researchers at eSentire, attackers zeroed in on exploit attempts against the Education vertical, targeting consumer-grade routers used in those settings.
“Trending in router exploitations was first observed in late 2017, when the Reaper Botnet was gaining media attention. Router exploitation attempts continued to be observed through Q1 of 2018, with a 539 percent increase in observations from Q4 2017 to Q1 2018,” according to a report released by eSentire on Wednesday.
Researchers said Biotechnology experienced a wave of Secure Socket Shell (SSH) brute force attempts as well as a variety of exploit attempts. “Most of the vulnerabilities targeted by these exploits were dated between 2013 and 2016. For example, HeartBleed – a four-year-old vulnerability – is still being observed in the wild,” researchers wrote.
Nonprofits, researchers said, were hit with several waves of traffic attempting to exploit the HeartBleed OpenSSL vulnerability.
Retail organizations “experienced a large degree of exploit attempts across different technologies with a focus on web servers. Many attacks targeted PHP or web server vulnerabilities,” researchers wrote.
Construction organizations experienced similar exploit attempts against publicly facing web servers, as well as a variety of scanning activity and SSH brute force attempts, according to the report.
Overall, intrusion type threats were the most common, growing 36 percent from the previous year. Researchers credit exploitation of a DNS manipulation vulnerability in consumer-grade routers for the uptick.
(ThreatList is an occasional overview of InfoSec landscape as represented in at-a-glance lists of relevant data.)