Content, Channel partners, Content

eSentire Threat Report: 1.7 Million Microsoft IIS Attacks in 2Q18


Cybercriminals launched 1.7 million Microsoft Internet Information Services (IIS) attacks in the second quarter of 2018, according to research from eSentire, a Top 100 MSSP and Top 20 Managed Detection and Response provider.

Other notable findings from eSentire's "2Q18 Threat Report" of data collected from 2,000 proprietary network and host-based detection sensors included:

  • IIS attacks rose 782x quarter over quarter, and 3.5 million IIS web servers were exposed in 2Q18.
  • Emotet was the most frequently observed malware, with an observation rate of 22 percent in 2Q18.
  • 49 percent of Emotet samples included one of the following terms in their filename: "invoice," "payment" or "account."
  • Use of obfuscated PowerShell commands increased 50 percent quarter over quarter.
  • Businesses are 2.5 times more likely to fall victim to a phishing attack between Tuesdays and Thursdays.
  • On average, antivirus software lags 30 days behind evolving malware in its ability to detect.
  • Biotechnology firms experienced the highest amount of traffic due to outdated security vulnerabilities, followed by firms in accounting, real estate, marketing and construction.

Cybercriminals constantly search for misconfigurations and negligence within system patches and updates, eSentire indicated. However, endpoint detection and response (EDR) solutions are available to help organizations address these issues and minimize the risk of cyberattacks.

How Can Organizations Use EDR Solutions to Address Cyberattacks?

EDR solutions provide context around techniques employed by threat actors, eSentire said. These solutions enable organizations to identify specific techniques leveraged by threat actors that do not involve network communication.

In addition, EDR solutions can be used in combination with network monitoring tools to provide "a complete picture" of an organization's IT environment, according to eSentire. They also can leverage big data analytics, machine learning, customized rule sets and behavioral analysis to analyze events and behaviors across an IT environment to identify and respond to potential threats.

Global EDR Solutions Market Projected to Grow

MSSPs that offer EDR solutions could capitalize on the rising demand for endpoint protection products and services in the near future.

The global EDR solutions market is projected to increase at a compound annual growth rate (CAGR) of 25 percent between 2016 and 2021, industry analyst MarketsandMarkets stated. This sector also could be worth nearly $2.3 billion by 2021.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.