In today’s modern threat landscape, it’s hard to properly allocate resources where they’re needed most. Is it cryptomining, ransomware, phishing or some new threat that no one has faced before? It can be a little (or let’s be honest here), a lot overwhelming.
As we covered in Part 1 of the Threat Trends series on DNS Security, understanding the larger trends can help, especially when dealing with the most common threat types.
To help you tackle the threats most likely to occur within your industry, in Part 2 of the Threat Trends series, we focus on the top threats facing specific industries. Author Ben Nahorney compares yearly totals of DNS traffic to malicious sites by industry for the year 2020, occasionally drilling down to the monthly level. Nahorney provides a window into which categories of threats generate the most traffic for various organizations in the technology, financial services, healthcare, manufacturing, higher education and government industries.
Research Highlights
The technology sector saw far more cryptomining traffic than any other industry, and the second highest level of ransomware related traffic, primarily driven by attacks Sodinobiki and Ryuk.
Financial services saw the highest levels of malicious DNS traffic and information stealing threats. The scope of malicious traffic speaks to how enticing a target this area is to bad actors.
Healthcare saw more trojans than any industry while still experiencing its fair share of droppers and ransomware. Most trojan-based activity came from Emotet; healthcare organizations were hit particularly hard by this malware in 2020.
Manufacturing showed high levels of cryptomining and almost as much ransomware traffic as the next two closest industries combined (technology and healthcare).
Higher education faced a fairly even distribution for the top four threat trends.
The data used to uncover these trends come from Cisco Umbrella, our cloud delivered security service that includes DNS security, secure web gateway, firewall, and cloud access security broker (CASB) functionality, and threat intelligence. Umbrella combines multiple security functions into one solution, so you can extend protection to devices, remote users, and distributed locations anywhere. Umbrella is the easiest way to effectively protect your users everywhere in minutes.
Methodology
Every day, Cisco Umbrella’s global cloud architecture processes more than 620 billion internet requests from across 190 countries. This real time DNS data is further enriched with data from both private feeds and a handful of public ones. With such a massive and diverse data set, our threat analysis can uncover patterns that signal malicious behavior.
This analysis is based on an aggregated data set of overall percentages and month-on-month trends, by the number of endpoints that have attempted to visit certain websites flagged as malicious and the total number of times malicious sites were visited. Together, they give us a unique perspective on global DNS traffic, which helps us identify trends and defend against potential threats.
Interested in learning more about threat trends specific to your industry? Check out Part 2 of our threat blog series.
