9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.976 High
EPSS
Percentile
100.0%
Threat actors are evolving, yet Cyber Threat Intelligence (CTI) remains confined to each isolated point solution. Organizations require a holistic analysis across external data, inbound and outbound threats and network activity. This will enable evaluating the true state of cybersecurity in the enterprise.
Cato’s Cyber Threat Research Lab (Cato CTRL, see more details below) has recently released its first SASE threat report, offering a comprehensive view of and insights into enterprise and network threats. This is based on Cato’s capabilities to analyze networks extensively and granularly (see report sources below).
The SASE Threat Report covers threats across a strategic, tactical and operational standpoint, utilizing the MITRE ATT&CK framework. It includes malicious and suspicious activities, as well as the applications, protocols and tools running on the networks.
The report is based on:
Cato’s data was gathered from:
The depth and breadth of these resources provides Cato with a view into enterprise security activity like no other.
Cato CTRL (Cyber Threats Research Lab) is the world’s first unique combination of top human intelligence and comprehensive network and security insights, made possible by Cato’s AI-enhanced, global SASE platform. Dozens of former military intelligence analysts, researchers, data scientists, academics, and industry-recognized security professionals analyze granular network and security insights. The result is a comprehensive and one of a kind view of the latest cyber threats and threat actors.
Cato CTRL provides the SOC with tactical data, managers with operational threat intelligence and the management and board with strategic briefings. This includes monitoring and reporting on security industry trends and events, which have also supported the analysis and creation of the SASE Threat Report.
Now let’s dive into the report itself.
The comprehensive report offers a wealth of insights and information valuable for any security or IT professional. The top findings are:
Enterprises are adopting AI tools across the board. Non-surprisingly, the most common ones were Microsoft Copilot and OpenAI ChatGPT. They were also adopting Emol, an application for recording emotions and talking with AI robots.
Hacker forums are a valuable source of intelligence information, but monitoring them is a challenge. Cato CTRL monitors such discussions, with some interesting findings:
Brands like Booking, Amazon and eBay are being spoofed for fraud and other exploitation purposes. Buyers beware.
In many enterprise networks, attackers can easily move across the network, since there are unsecured protocols across the WAN:
Rather, it’s unpatched systems and the latest vulnerabilities. Log4J (CVE-2021-44228), for example, is still one of the most used exploits.
Industries are being targeted differently. For example:
Practices differ as well. For example:
Attackers’ actions and methods might seem benign at first, but a different look shows they are actually malicious. It takes a contextual understanding of network patterns, combined with AI/ML algorithms, to monitor and detect suspicious activity.
DNS is a critical component of enterprise operations, yet Secure DNS isn’t being adopted. Why? The Cato CTRL team has some hypotheses.
To read more insights and dive deep into the existing threats, vulnerabilities, hacking communities, enterprise behavior, and more, read the entire report.
Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.976 High
EPSS
Percentile
100.0%