One of the major takeaways from the 2014 Application Usage and Threat Report (AUTR) is that attackers are masking threat activity by using traditional exploit techniques in innovative ways. Let’s take a look at how this applies to common sharing applications.
In our year-long analysis of network traffic assessments conducted globally across more than 5,500 organizations, we found that common sharing applications – such as e-mail, video, instant messaging and social media -- delivered roughly 30 percent of all observed threats, and represented roughly one-third of all applications on the network, consuming more than 25% of network bandwidth.
But these applications accounted for only about 5 percent of threat activity. Why would that be? It makes sense if we consider that entry into the network using these common sharing applications is often the first step in a multi-phased attack, in which an attacker establishes a foothold, and then uses the compromised endpoint and network credentials to move laterally within the network.
These moves are a lot like thieves robbing a house but not leaving the house the way they entered. Watch this video for a detailed analogy: