The Verizon report was packed full of interesting (and somewhat scary) findings. One of the items that struck me as interesting is the section discussing attack vectors (page 20).

“In approximately four of 10 hacking-related breaches, an attacker gained unauthorized access to the victim via one of the many types of remote access and management software. Rather than for internal usage, most of these connections were provisioned to third parties in order to remotely administer systems. As discussed extensively in this and previous reports, the ultimate attacker is not typically the third party (although that certainly happens). More often, an external entity compromises the partner and then uses trusted connections to access the victim. From the victim’s perspective the attacker appears to be an authorized third party, making this scenario particularly problematic. This is especially so when trusted access is coupled with default credentials.”

Why is it interesting to me? Because our own analysis of the application traffic in 63 enterprises found that remote desktop applications are being used not only by IT and support – but also by employees who want to access their home machine – or someone else’s - while they are at work. Overall we found that 95% of the companies who participated in the analysis had remote control applications present. Not surprising really. What is surprising is [1] the breadth of application variants (24 different remote access control applications) and [2] the high rate of SSH usage (89% out of 63).

Read more about the findings here. http://blog.paloaltonetworks.com/?p=162