The Cato CTRL SASE Threat Report reveals the trusted traffic networks must stop, as many enterprises still rely on the use of insecure protocols such as HTTP, Telnet and early versions of SMB. Credit: Shutterstock Enterprise IT managers prove to be too trusting of internal network protocols, as many organizations do not encrypt their WAN traffic, according to a new security threat report. Secure Access Service Edge (SASE) provider Cato Networks this week released the results of its Cato CTRL SASE Threat Report for Q1 2024 at the RSA Conference in San Francisco. The report summarizes findings gathered from Cato traffic flows across more than 2,200 customers during the first quarter, adding up to 1.26 trillion network flows analyzed. According to the report, many enterprises continue to run unsecured protocols across their WANs, which means when a bad actor penetrates the networks, they have fewer obstacles preventing them from seeing and compromising critical data in transit across the network. “As threat actors constantly introduce new tools, techniques, and procedures targeting organizations across all industries, cyber threat intelligence remains fragmented and isolated to point solutions,” said Etay Maor, chief security strategist at Cato Networks and founding member of Cato CTRL, in a statement. “Cato CTRL is filling the gap to provide a holistic view of enterprise threats. As the global network, Cato has granular data on every traffic flow from every endpoint communication across the Cato SASE Cloud Platform.” Hackers exploit internal network protocols Unencrypted data traversing internal networks using certain network protocols isn’t necessarily secure because it resides within the network perimeter. Bad actors can leverage less secure protocols to scan environments and identify vulnerabilities to exploit. For instance, Cato’s analysis found that 62% of environments run HTTP, a non-encrypted protocol. In addition, the report also shows that while the Secure Shell (SSH) Protocol is the most secure for accessing remote services, 54% run Telnet inside their organizations. Telnet connections are not encrypted and leave data unprotected. Nearly half (46%) use Server Message Block (SMB) v1 or v2. The SMB protocol used for file sharing and other purposes has been updated in SMB v3 to protect against vulnerabilities. Still, Cato found that many organizations continue to rely on SMB v1 and SMB v2 despite known vulnerabilities such as EternalBlue and denial of service (DoS) attacks. SMB v3 also enforces the robust AES-128-GCM encryption standard, according to the report. “The HTTP traffic analysis clearly shows that many organizations do not encrypt their WAN traffic,” the report states. “This means that if an adversary is already inside the organization’s network, they can eavesdrop on unencrypted communications that may include personally identifiable information (PII) or sensitive information such as credentials.” Access to such data could help bad actors with lateral movement, which involves methods to explore and find vulnerabilities within already penetrated networks. The lateral movement across network devices and applications can go undetected until hackers reach their ultimate target. “To stop cyberattacks, enterprises should be using house machine learning modules based on company data and threat intelligence feeds. They also need to be careful of compromised systems within their organizations. Threat actors are leveraging them to scan (mainly SMB scanning) the network for vulnerabilities,” the report states. Bad actors spoof popular shopping sites Separately, Cato’s traffic analysis report uncovered the most frequently spoofed shopping sites, which are often used in phishing and spoofing attempts so hackers can get access to personal information. These cybersquatting efforts, also known as domain squatting, use a domain name to capitalize on the reputation and recognition of a brand that belongs to someone else. By incorporating common typos or slight word differences into domain names, bad actors can pose as legitimate sites and gain access to users who mistakenly entered the typo. According to the report, Booking, Amazon, and eBay are the top three well-known brands involved in spoofing attempts. Other commonly spoofed brands include Pinterest, Google, Apple, Netflix, Microsoft, Instagram, and YouTube. Related content brandpost Sponsored by Zscaler Phishing attacks rise 58% in the year of AI AI has blurred the line between authentic and fraudulent content, making it more challenging to discern phishing schemes from legitimate web pages and digital communication. By Zscaler May 20, 2024 7 mins Machine Learning Network Security brandpost Sponsored by Zscaler New VPN risk report finds nearly half of enterprises attacked via VPN vulnerabilities As the number of high-profile security vulnerabilities associated with VPNs continues to rise, businesses should anticipate a corresponding rise in security incidents related to VPNs. By Zscaler May 20, 2024 6 mins Network Security analysis Kyndryl emphasizes genAI with Nvidia partnership, mainframe modernization tools Kyndryl will incorporate Nvidia AI technologies into its Kyndryl Bridge platform to optimize AIOps services. By Michael Cooney May 20, 2024 4 mins Mainframes Generative AI GPUs how-to Download our hybrid cloud data protection enterprise buyer’s guide From the editors of Network World, this enterprise buyer’s guide helps network and security IT staff understand the issues their organizations face around protecting corporate data in a hybrid cloud environment and how to choose the right solut By Neal Weinberg May 20, 2024 1 min Hybrid Cloud Network Security Enterprise Buyer’s Guides PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe