Learn how hybrid work is fueling ransomware attacks and what to do about it.
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Vinay Pidathala | Mar 08, 2021
Share this article
The year 2020 was a very tough one for enterprises for many reasons. Perhaps one of the biggest reasons was that COVID-19 forced businesses and other organizations to make an almost overnight transition to remote work. On the other hand, cyber attackers had a great year. Remote work and the shift to the cloud have resulted in a greatly increased attack surface area that attackers have capitalized on.
In 2020 we saw a resurgence of ransomware attacks, increase credential phishing campaigns and new and novel attacks targeting cloud assets and resources. Browsers have become even more powerful and are increasingly being used to access new applications and cloud resources, which also increases their importance in cybersecurity.
While we continue to see new and novel types of attacks, one attack technique that has persisted is the use of web browser exploits to compromise endpoint systems. While we do not see a lot of exploit kits these days, we are seeing more sophisticated attackers that continue to use this infection vector by developing zero days.
The following table provides a list of all the zero days that attackers actively exploited in the wild throughout 2020. As the table below shows, there is a shift in trend with attackers developing more zero days for Chrome. This is primarily due to two reasons:
In the Wild Exploitation
After Google fixed five flaws in Chrome in a span of a month, we published a blog that showed a significant number of customers were still running old versions of the browser.
In this blog we are providing insights into patch lag – the time taken by enterprises to patch their browsers.
Looking at the Chrome browser update cycle across our global customer base, we can see this patch lag. The following image is data collected from our global platform across four months, November 2020 through February 2021. It clearly shows the adoption of Chrome updates after they are released. For context the following are the release dates of the Chrome versions in the chart below:
From the graph, we can see that while Chrome 87 was released on November 17, it took at least a month for customers to start updating their browsers. December was when Chrome 87 saw adoption rates of close to 84 percent. We see the same trend going into January 2021. Chrome 88 was released on January 19, 2021, and we are now seeing a considerable increase in Chrome updates. This quicker adoption for Chrome 88 might be attributed to the recent SolarWinds breach, with customers being more vigilant with updates.
We noticed that across our customer base, there were some early adopters of these updates and they are consistent in their patching cycle. The same set of customers who were early adopters of Chrome 87, also updated quickly to Chrome 88.
Across our global customer base, we saw that the following verticals were early adopters of browser updates:
North America and Singapore were the regions that had the most customers updating as soon as the patch was released.
The need to protect the customer before and after a browser patch is released is critically important. That’s where Menlo’s cloud security platform with Isolation Core solution fits in. Rather than relying on each customer to install patches immediately, the patch buffer provided by the platform significantly mitigates the web exploit class of attacks by providing organizations with the time they need to implement patches across multiple types of devices so users can stay safe and work without worry. Menlo’s cloud security platform with an Isolation Core protects customers by providing that browser patch buffer.
If you’re looking for more information about threats and vulnerabilities, be sure to read our Menlo Labs blogs. While you’re there, sign up for email updates. You can also hear about what to watch out for in 2021—watch our webinar “The Good, the Bad, and the Ugly: How Security Will Change in 2021” to learn how you can protect your users, data, applications, and systems from increasingly sophisticated threats.
Posted by Vinay Pidathala on Mar 08, 2021
Tagged with Cloud Security, Menlo Labs, RBI, Remote Working
Threat Trends & Research
To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.