Commenting on Deutsche Telekom’s new and interactive real-time map of global cyberattacks, Tufin Technologies says it is significant that the bulk of attacks (27.3m last month) identified by the Sicherheitstacho service were against the Server Message Block (SMB) – aka the Common Internet File System (CIFS). Reuven Harrison, CTO of the security policy management specialist, says this attack vector operates across an application-layer network protocol that is mainly used for providing shared access to files, printers, serial ports, and miscellaneous communications between nodes on a network.
“With over 226 million SMB attacks tracked last month - compared to 800,000-plus against the NetBIOS services, 680,000-plus on port 33434 and 600,000-plus against SSH – this highlights the fact that businesses – and high-end consumers – are losing control over their network resources. The solution to SMB/CIFS attacks of this type is quite simple: correctly configure your firewall. The results of his real-time and rolling analysis from Deutsche Telekom – which takes in data from almost 100 honeypot-style sensors around the world – confirms the findings of our annual Firewall Management Survey, details of which were released late last month (http://bit.ly/15zAinT), and which found that half of businesses audit their firewalls just once a year and, and 15% never audit their firewalls at all,” Reuven Harrison added.
Harrison went on to say that the problem with controlling the firewall in many organisations – and why SMB/CIFS attacks make it through – is that modern firewalls need to be regularly updated to cope with configuration changes, with 70% of the 200 respondents to Tufin’s annual survey reporting application service disruptions up to 20 times a year due to configuration changes. We found that 93.6% of all firewall change requests are application-related, this confirms our observation that the function of firewalls has evolved to include secure application connectivity - in addition to their traditional role of perimeter security. The problem highlighted by Deutsche Telekom’s new cyber attack service - is that cybercriminals are clearly exploiting the loopholes that arise as a result of these changes.
For more on Tufin Technologies: http://www.tufin.com
For more on Deutsche Telekom’s real-time cyber attacks service: http://www.sicherheitstacho.eu/
If you would like further information or would like to speak to Reuven, please contact Darshna Kamani on 020 718323839 or email Darshna@eskenzipr.com