We cannot believe that we're already into August! Time really flies when the internet is constantly on fire. When it came time to analyze data for our Q2 Threat Report and pull out threat trends and landscape changes, there was plenty to work with. Q2 kept defenders on their toes—from the Shadow Broker's leaks at the beginning of April (was it really just four months ago?) to the Petya/NotPetya/but-something-crazy-is-definitely-going-on attacks in the final days of the quarter. There were quite a few significant lessons learned in Q2, both about the threat landscape and how defenders can adapt to changes. Some of our key takeaways from Q2:
- We can't respond based on how exciting or novel something seems. Many of the exploits leaked by the Shadow Brokers were old, and nearly all of them had patches available. They targeted services that are tried-and-true attack vectors—and we thought that we knew better than to have them exposed. Our initial response to the leaks was lackluster. Many of us moved on once the vulnerabilities were identified, because it seemed so obvious that we should have been protected. It turned out that many people were not, and attackers took advantage of that—though not full advantage, mind you, because there are plenty of exploits in the dump that haven't been leveraged yet, and our research with Project Sonar indicates that there is plenty of additional opportunity for attackers.
- Other attacks don't stop when there is a high-profile security event in the news. Multiple high-profile attacks occupied much of defender time this quarter, but the majority of incidents defenders responded to during that time were not related to the high-profile events. Understanding how to prioritize these breaking news events while still focusing on the threats impacting your organization was a key lesson we highlighted in the Q2 Threat Report.
- Understanding the factors that impact your threat profile will help make sure that you are focusing on the right threats. The industry you are in may dictate the types of attackers who target you and the tools that they are likely to use, but there are other factors as well. While we saw specific trends emerge on a per-industry basis, we also saw a handful of tactics that were used across all sectors. In addition, we identified key difference in attacker tactics against large organizations and small organizations.
The full report is available here, with all of the data we used in our analysis and some amazing visualizations. If you want even more Q2 threat report goodness, sign up for the webcast Bob Rudis, Tod Beardsley and I are hosting on August 15th.