Story image

Cisco reveals alarming findings from Midyear Cybersecurity Report

26 Jul 17

​The Cisco Midyear Cybersecurity Report (MCR) has been released and the findings are certainly eye-opening.

The team at Cisco uncovered a rapid evolution of threats and an increasing magnitude of attacks, forecasting potential ‘destruction of service’ (DeOS) attacks – a method that could eliminate organisations’ backups and safety nets required to restore systems and data after an attack and leaving businesses with no way to recover.

What’s more, with the rapid advent of the Internet of Things (IoT), key industries are bringing more operations online and consequently increasing attack surfaces and the potential scale and impact of these threats.

Cisco asserts the IoT is ‘ripe’ for exploitation given its security weaknesses, which means it will play a central role in enabling these campaigns with escalating impact.

According to Cisco, current IoT botnet activity already suggests that some attackers may be laying the foundation for a wide-reaching, high-impact cyber-threat event that could potentially disrupt the Internet itself.

“As recent incidents like WannaCry and Netya illustrate, our adversaries are becoming more and more creative in how they architect their attacks,” says Steve Martino, vice president and chief information security officer at Cisco.

“While the majority of organisations took steps to improve security following a breach, businesses across industries are in a constant race against the attackers. Security effectiveness starts with closing the obvious gaps and making security a business priority.”

Cisco says ‘time to detection’ (TTD) is crucial in the face of these attacks as a faster TTD can constrain attackers’ operational space and minimise damage from intrusions.

For instance, over the period from November 2016 to May 2017 Cisco decreased its median TTD from just over 39 hours to about 3.5 hours.

“Complexity continues to hinder many organisations’ security efforts. It’s obvious that the years of investing in point products that can’t integrate is creating huge opportunities for attackers who can easily identify overlooked vulnerabilities or gaps in security efforts,” says Scott Manson, cyber security leader for Middle East and Turkey  at Cisco.

“To effectively reduce TTD and limit the impact of an attack, the industry must move to a more integrated, architectural approach that increases visibility and manageability, empowering security teams to close gaps.”

The researchers at Cisco watched the evolution of malware during the first half of 2017 and identified shifts in how adversaries are tailoring their delivery, obfuscation and evasion techniques:

  • They’re increasingly requiring victims to activate threats by clicking on links on opening files
  • They are developing fileless malware that lives in memory and is harder to detect or investigate as it is wiped out when a device restarts
  • Finally, they’re relying on anonymized and decentralised infrastructure such as a Tor proxy service to obscure command and control activities

Cisco noted a striking decline in exploit kits, however, other traditional attacks are seeing a resurgence:

  • The volume of spam with malicious attachments are increasing, which Cisco expects will continue for some time while the exploit kit landscape remains in flux
  • Spyware and adware is also on the rise again – of 300 sample companies, Cisco found 20 percent were infected with three prevalent spyware families
  • Evolutions in ransomware, such as the growth of Ransomware-as-a-Service, make it easier for criminals, regardless of skill set, to carry out these attacks

There were also some interesting findings when narrowing the threats down to industry.

Within the public sector, of threats investigated 32 percent are identified as legitimate threats but only 47 percent of these threats are eventually remediated.

In retail, 32 percent said they’d lost revenue due to attacks in the past year with about a quarter losing customers or business opportunities

40 percent of manufacturing security professionals said they don’t have formal security and don’t follow standardised information security policy practices.

Meanwhile 42 percent of security professionals in Utilities and 37 percent in Healthcare said targeted attacks are high-security risks to their organisations.

In short, Cisco advises organisations to be proactive rather than reactive, taking steps like:

  • Keep infrastructure and applications up to date so that attackers can’t exploit publicly known weaknesses
  • Battle complexity through an integrated defense and limit siloed investments
  • Engage executive leadership early to ensure complete understanding of risks, rewards and budgetary constraints
  • Establish clear metrics and use them to validate and improve security practices
  • Examine employee security training with role-based training versus one-size-fits-all
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.