Organizations, such as credit unions, send and receive thousands of emails, messages, and files weekly, vehicles that cybercriminals hitchhike upon – sometimes using weaponized PDFs – to infiltrate systems and steal personal information.

To combat these threats Campbell, Calif.-based cyberfraud defense firm Barracuda Networks introduced a free, global advisory platform that it said offers detailed real-time threat intelligence and security risk information to help organizations, including credit unions and banks, consumers and IT professionals remain aware of current global cyberthreats.

Barracuda Security Insight works by analyzing large volumes of global threat intelligence from several sources and presents this in the form of easy to read threat trends, detailed information on attack campaigns and an aggregated threat score.

By analyzing data collected from its endpoints globally, Barracuda Security Insight helps determine the current cybersecurity threat level based on email, network, and web traffic flows. It provides summaries and detailed views of current threat campaigns that Barracuda tracks in real-time.

Some of the recent threat trends revealed by Barracuda Insight include:

  • PDF files represent the highest volume of weaponized file types transmitted through observed attack surfaces because of their simple construction and easy transmittable abilities. PDFs scanned in the last three months showed nearly 41 million were part of an attack. PDFs often contain links to bad sites and active scripts.
  • The most sophisticated attacks with the highest efficacy ride over embedded scripts such as JavaScript and VisualBasic. Recent findings revealed that over 75 percent of these scripts are malicious with JS often embedded in HTML, or other rich document formats such as rich text format and Office. A sample of 70 million Office documents scanned in the last three months found more than 4.7 million malicious or suspicious.
  • Compressed files are an increasingly popular way for criminals to transmit disguised attacks and hide non-malware infections such as PowerShell scripts. An example of this took place in September of 2017 when Barracuda detected and blocked a massive ransomware campaign with over 27 million emails reaching customers in less than 24 hours.

Barracuda Security Insight expects these threat trends to continue with extensive use of weaponized file types to carry out massive attacks. In addition, the Equifax breach, which exposed sensitive information of some 145.5 million Americans, and other cybersecurity events have resulted in the significant loss of personally identifiable information. Barracuda anticipates an increased use of this information for both mass phishing and targeted spear phishing attacks.

“Organizations often become aware of vicious cyberattacks after the damage has already been done,” Fleming Shi, SVP of Technology at Barracuda said. “By offering a free global advisory platform like Barracuda Security Insight, we can help heighten security awareness by proactively identifying the most current threats that should be on everyone's radar. Those who use the platform can ultimately gain a better understanding of the threat landscape in real-time — an awareness that can lead to an overall improved security posture.”

Barracuda Security Insight includes real-time activity seen from the following traffic: email-borne attacks containing malicious links and attachments, malware, ransomware, and botnets; network perimeter, including zero hour vulnerability exploits, brute force attacks, DDoS, spyware, and spam; web access and browsing attacks involving ransomware, malware, and vulnerability exploits in the wild; and endpoints: such as malware, persistent spyware, botnets, ad and click fraud, IoT malware, and compromised dead apps.

Barracuda Security Insight is available via the Barracuda website and also provides an open API integration into applications from common web portals and dashboards, and digital assistants such as Alexa.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).