Cyberattack Tracker Zeroes in on Firewall Vulnerabilities
Deutsche Telekom’s interactive, real-time map of global cyberattacks reveals the bulk of recent attacks – 27.3 million in February alone – were against the Server Message Block (SMB), aka the Common Internet File System (CIFS).
Reuven Harrison, CTO and co-founder of Tufin, a security and lifecycle management company and Fortinet solution partner, wrote in a blog that the map’s revelations are significant. This attack vector, he explains, operates across an application-layer network protocol mainly used to provide shared access to files, printers, serial ports and miscellaneous communications between nodes on a network.
With more than 226 million SMB attacks tracked in February (compared to 800,000+ against the NetBIOS services, 680,000+ on port 33434, and 600,000+ against SSH), he says, the trend underscores the fact businesses and high-end consumers are losing control over their network resources, including firewalls.
The results of this real-time, rolling analysis from Deutsche Telekom, which takes in data from almost 100 honeypot-style sensors around the world, confirms the findings of Tufin’s “Firewall Management Survey,” released in late February. Of those surveyed, says Harrison, half of businesses audit their firewalls once a year – 15 percent never audit their firewalls.
The problem controlling the firewall in many organizations – and why SMB/CIFS attacks make it through, according to Harrison, is that modern firewalls need to be regularly updated to cope with configuration changes. For instance, 70 percent of the 200 respondents in Tufin’s survey report application service disruptions up to 20 times a year due to configuration changes.
Tufin’s survey finds 94 percent of all firewall change requests are application-related, which confirms its observation that the function of firewalls has evolved to include secure application connectivity. The main problem highlighted by Deutsche Telekom’s new cyberattack service: Cybercriminals are exploiting loopholes that arise from these changes, says Harrison.
In sheer numbers, the two main sources of the attacks revealed on Deutsche Telecom’s map originate in the Russian Federation and Germany, with 2.5 million and 1.3 million, respectively. You can examine Deutsche Telecom’s interactive map by clicking here.
Fortinet’s partnership with Tufin includes Fortinet’s FortiManager, certified to interoperate with Tufin’s SecureTrack and SecureChange Workflow products. These products help security operations teams manage security policy changes, minimize risks and reduce manual, repetitive tasks through automation.
Utilizing a combination of accuracy and simplicity, Tufin enables security officers to perform reliable audits and demonstrate compliance with corporate and government standards. Tufin enhances the value of FortiGate multi-threat security appliances by enabling customers to better manage complex multi-vendor environments and streamline security operations.