Social media may be getting the lion's share of media buzz. But when it comes to cyber attacks they are only a minor part of the picture. Most cyber attacks are aimed squarely at widely used core business applications. A study of event log data shows that ports used by browsers and widely used tools such as Microsoft SQL are the most frequent targets of malicious traffic.
These were the findings of a study by Palo Alto Networks that examined IT event logs from 3056 companies. The study looked at more than 260 million log entries detailing some 5300 individual threats.
The study found that "Microsoft's SQL and remote procedure calls (RPC), Web browsers and the Server Message Block (SMB) protocol" were the most commonly targeted applications. Other common targets include Active Directory, the domain name system (DNS), and Microsoft Office Communicator.
The prominence of Microsoft business applications among the most targeted apps testifies to Redmond's ubiquitous presence in core business computing.
By contrast, social media, file-sharing, and multimedia applications played only a minor role in cyber attacks. These findings, however, should be regarded as having one important proviso: The study looks at direct attacks aimed at networks, not at "social engineering." Tricking a user into revealing a password would not be detected by this particular analysis.
In addition to showing that core business applications are prime targets, the Palo Alto Networks study also provided some useful information about cyber threats. Malicious traffic relies heavily on custom communications protocols. Which means that "customized or modified traffic" is closely correlated with threats – information that can be used to improve network security.
Many important business applications have security weaknesses that attackers can exploit. Companies can protect themselves, however, by taking proactive measures to improve their cyber security. Let GRT Corporation help you strengthen your firm's defenses.