During recent months, the Managed Firewalls that SDN Communications’ customer use weeded out approximately 2,000 attacks directed at a vulnerable version of Apache Struts website-building software.
As you might recall, an attack on Apache Struts recently humiliated the Equifax credit-reporting service and, worse, exposed the personal information of 145 million Americans.
SDN’s customers hadn’t all necessarily used the vulnerable software in their websites, but bad electronic traffic came looking. Recently updated firewalls stopped the malicious code, presumably while searching for vulnerable business networks to exploit.
“Over the past three months, there were quite a few attempts to test our customers to see if they were susceptible to these attacks,” said Mike Klein, a managed services data technician at SDN. “As the traffic was passing through, our firewalls we were able to identify it and terminate the requests.”
There were 220 instances in one week, Klein said. He estimated the quarterly total at about 2,000 incidents.
A brief discussion of the attack on potentially vulnerable Apache Struts software is among the highlights of SDN’s Cyber Threat Landscape Cybersecurity Intelligence Report for the third quarter of 2017. The report covers the three-month period from July 1 through Sept. 30.
The free, quarterly report highlights regional activity related to SDN’s Managed Firewall and Managed DDoS Protection Services. The report helps companies and IT workers monitor the general threat environment throughout South Dakota and southern Minnesota.
As evidenced by the data breach at Equifax, prompt and regular application of security-related updates is critically important. Hackers have been known to take advantage of companies’ delays in updating website applications. Whether by design or luck, hackers scored big at Equifax.
The U.S. Computer Emergency Readiness Team, or US-CERT, is part of the U.S. Department of Homeland Security. It identified and disclosed the Apache Struts software flaw in March. The data breach at Equifax began in May, about two months after a patch had become available.
Fortigate firewalls deployed by SDN had been updated promptly, which helped protect companies who might have been vulnerable.
Services such as SDN Managed Firewall can help protect the edges of clients’ networks from attack. But Klein and other cybersecurity experts at SDN stress the importance of companies taking a layered approach to protecting their networks. That means also protecting areas such as workstations and providing good, ongoing threat-mitigation training to all employees.
Here are some other highlights from SDN’s most recent, three-month report:
- SDN Managed DDoS Protection Service detected 832 attacks. That translates to an average of nine per day. The volume of Distributed Denial of Service attacks increased 47 percent from the second quarter. The average attack size increased 17 percent from the prior quarter.
- SDN Managed Firewall Service stopped more than 147,000 viruses, more than 154,000 malware placements and about 14,600 botnet infections.
- 40 percent of Managed Firewall traffic was flagged as malicious or spam, and was filtered out.
- China was the biggest originator of threat events, followed by the United States and Ukraine.
“The challenge facing cybersecurity leaders and professionals certainly isn’t lessening. Cybersecurity experts must be vigilant, aware and thorough in their use of layered security,” the report concludes, in part.
“Patch management needs to be a top priority for cybersecurity leaders and professionals. Ensuring that systems are updated routinely is a key characteristic of remaining safe and secure.”
SDN’s Theron McChesney gave an in-person review of the report at a recent Better Business Bureau cybersecurity event in Sioux Falls. Watch the presentation below.