October 9, 2018

Anomali Publishes Cybersecurity Report on DAX-100 Germany Companies

New Report from Anomali Labs Analyses State of Cybersecurity Across Largest German Enterprises

10 October 2018 – Nuremberg, Germany – Anomali today announced at the IT-SA Security Expo and Congress the release of the 2018 DAX 100 cybersecurity profile report. This report represents the third consecutive year in which Anomali Labs has analyzed the state of cybersecurity for the DAX 100 companies, and details ongoing suspected cyber threat activity across German enterprises.

The report, available for download, provides insights into five critical threat categories that could provide attackers with an exploitable opportunity to compromise DAX 100 enterprises and its customers:

  • Domain Squatting: DAX 100 companies have, on average, 27 suspicious domains registered against their legitimate business domain. These domains are often used in phishing campaigns. This represents a 280% increase since the 2016 report.
  • Credential Exposure: Amongst all the DAX 100 companies Anomali found a total of 604,255 breached accounts consisting of 560,941 unique email addresses and password pairs. This represents more than 600% increase in lost credentials over the 2016 report.
  • Email Security: Anomali analyzed the use of email authentication standards, including SPF, DKIM and DMARC across the DAX 100. These technologies help prevent attackers from “spoofing” or impersonating legitimate sites to deliver fraudulent email to unsuspecting recipients. Anomali found 84% adoption of SPF, 43% of DKIM and only 21% of DKIM security standards across the DAX 100.
  • Website Security: Anomali Labs analyzed the ongoing use of unencrypted HTTP protocol versus more secure HTTPS-only and HSTS protocols. Approximately 10% of sites evaluated still use HTTP, without redirecting to more secure HTTPS. At least 14% continue to use vulnerable encryption algorithms (Triple DES or RC4). Only 8% employ a Content Security Policy (CSP) header and 31% use HTTP Strict Transport Security (HSTS).
  • Dark Web Reconnaissance: Research of Deep and Dark Web communications shed light on various discussions ranging from PII disclosures, payment card fraud, and malicious insider recruitment activities. Anomali found over 50% of DAX 100 enterprises are mentioned in Deep and Dark Web communications.

“Anomali is committed to providing resources, tools and solutions to help the German market stay ahead of cybersecurity threats,” said Colby DeRodeff, founder and chief strategy officer at Anomali. “The DAX 100 report, the investment by DTCP (Deutsche Telekom Capital Partners) in our latest funding round, and the recent opening of our office in Berlin reflect our investment in this important region.”

The DAX 100 report, “Peering Over the DAX 100 Threat Horizon,” is available for download at https://www.anomali.com/resources/whitepapers/peering-over-the-dax-100-threat-horizon-anomali-labs-threat-landscape.

About Anomali

Anomali detects adversaries and tells you who they are. Organisations rely on the Anomali Threat Platform to detect threats, understand the adversary, and respond effectively. Anomali arms security teams with machine learning optimised threat intelligence and identifies hidden threats targeting their environments. Anomali enables organizations to collaborate and share threat information among trusted communities and is the most widely adopted platform for ISACs worldwide. To learn more, visit www.anomali.com and follow it on Twitter: @anomali.