blog

Cyber threat actors have gotten smarter--or lazier--depending on your perspective. It used to be fairly
common for attackers to spend days or even weeks probing targeted networks for vulnerabilities to
exploit. Once identified, they would break down traditional cybersecurity defenses around the network
perimeter and steal as much information as they could, or cause as much chaos as possible, before the
hole was patched and they were shut out.

Today, threat actors are much more subtle. Instead of trying to break down the castle walls, they simply
steal the keys and stroll through the front door. By tricking users into willfully giving up their credentials
through spear phishing, threat actors can simply remain undetected for days, weeks or even months until
the time is right to execute their mission-- to extricate data, hold systems hostage, spy on users or all of
the above.

Is this lazy or creative? Depends on who you ask, maybe it’s a generational thing.

It’s clear that traditional security architectures and philosophies don’t work anymore. In 2018, cybercrime generated $1.5 trillion in revenue for hackers, growing to $6 trillion by 2021. These statistics are even more alarming in light of the fact that organizations have more security tools in their stacks than ever before.

Menlo customers are 100% protected against a recent zero-day exploit in Google Chrome. The exploit CVE-2019-5786 is being actively used in limited attacks.