Story image

Cisco reveals alarming findings from Midyear Cybersecurity Report

26 Jul 2017

​The Cisco Midyear Cybersecurity Report (MCR) has been released and the findings are certainly eye-opening.

The team at Cisco uncovered a rapid evolution of threats and an increasing magnitude of attacks, forecasting potential ‘destruction of service’ (DeOS) attacks – a method that could eliminate organisations’ backups and safety nets required to restore systems and data after an attack and leaving businesses with no way to recover.

What’s more, with the rapid advent of the Internet of Things (IoT), key industries are bringing more operations online and consequently increasing attack surfaces and the potential scale and impact of these threats.

Cisco asserts the IoT is ‘ripe’ for exploitation given its security weaknesses, which means it will play a central role in enabling these campaigns with escalating impact.

According to Cisco, current IoT botnet activity already suggests that some attackers may be laying the foundation for a wide-reaching, high-impact cyber-threat event that could potentially disrupt the Internet itself.

“As recent incidents like WannaCry and Netya illustrate, our adversaries are becoming more and more creative in how they architect their attacks,” says Steve Martino, vice president and chief information security officer at Cisco.

“While the majority of organisations took steps to improve security following a breach, businesses across industries are in a constant race against the attackers. Security effectiveness starts with closing the obvious gaps and making security a business priority.”

Cisco says ‘time to detection’ (TTD) is crucial in the face of these attacks as a faster TTD can constrain attackers’ operational space and minimise damage from intrusions.

For instance, over the period from November 2016 to May 2017 Cisco decreased its median TTD from just over 39 hours to about 3.5 hours.

“Complexity continues to hinder many organisations’ security efforts. It’s obvious that the years of investing in point products that can’t integrate is creating huge opportunities for attackers who can easily identify overlooked vulnerabilities or gaps in security efforts,” says Scott Manson, cyber security leader for Middle East and Turkey  at Cisco.

“To effectively reduce TTD and limit the impact of an attack, the industry must move to a more integrated, architectural approach that increases visibility and manageability, empowering security teams to close gaps.”

The researchers at Cisco watched the evolution of malware during the first half of 2017 and identified shifts in how adversaries are tailoring their delivery, obfuscation and evasion techniques:

  • They’re increasingly requiring victims to activate threats by clicking on links on opening files
  • They are developing fileless malware that lives in memory and is harder to detect or investigate as it is wiped out when a device restarts
  • Finally, they’re relying on anonymized and decentralised infrastructure such as a Tor proxy service to obscure command and control activities

Cisco noted a striking decline in exploit kits, however, other traditional attacks are seeing a resurgence:

  • The volume of spam with malicious attachments are increasing, which Cisco expects will continue for some time while the exploit kit landscape remains in flux
  • Spyware and adware is also on the rise again – of 300 sample companies, Cisco found 20 percent were infected with three prevalent spyware families
  • Evolutions in ransomware, such as the growth of Ransomware-as-a-Service, make it easier for criminals, regardless of skill set, to carry out these attacks

There were also some interesting findings when narrowing the threats down to industry.

Within the public sector, of threats investigated 32 percent are identified as legitimate threats but only 47 percent of these threats are eventually remediated.

In retail, 32 percent said they’d lost revenue due to attacks in the past year with about a quarter losing customers or business opportunities

40 percent of manufacturing security professionals said they don’t have formal security and don’t follow standardised information security policy practices.

Meanwhile 42 percent of security professionals in Utilities and 37 percent in Healthcare said targeted attacks are high-security risks to their organisations.

In short, Cisco advises organisations to be proactive rather than reactive, taking steps like:

  • Keep infrastructure and applications up to date so that attackers can’t exploit publicly known weaknesses
  • Battle complexity through an integrated defense and limit siloed investments
  • Engage executive leadership early to ensure complete understanding of risks, rewards and budgetary constraints
  • Establish clear metrics and use them to validate and improve security practices
  • Examine employee security training with role-based training versus one-size-fits-all
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.