As we all know, the threat landscape is always changing. The evolution of attack behaviors with the increasing number of attacks is extremely troubling for IT professionals. Attack strategies not only have a large impact with the ability to spread, it is now becoming extremely difficult to recover from such attacks. As cyber criminals find new ways to evade detection, innovation continues to escalate the effectiveness of their attacks. As Destruction of service (DeOS) attacks become the new strategy, cyber criminals are seeking new ways to eliminate the “safety-net” that organizations rely on to restore their systems and data following cyber incidents.
Cisco recently released their 2017 Midyear Cyber Security Report that covers recent trends within attack behaviors, vulnerabilities and security challenges. Cisco and their team of partners find that “we must raise our warning flag even higher. Our security experts are becoming increasingly concerned about the accelerating pace of change -and yes, sophistication – in the global cyber threat landscape.”
Below are some of the top findings of the Midyear report and how organizations can handle these attacks and vulnerabilities now and in the future:
Exploits are down
Cisco found that exploits are down, but not likely completely out of the threat landscape. “In 2016, three leading exploit kits- Angler, Nuclear, and Neutrino – abruptly vanished from the treat landscape. Angler and Nuclear have not returned. Neutrino’s disappearance was only temporary: the exploit kit is still active but resurfaces only for short periods.” These changes in exploit kit attack strategies present opportunities for new and smaller strategies to surface and make their mark.
Spyware – it’s as bad as it sounds
Spyware is software that is installed on a device without the end user’s knowledge and can obtain information about another’s computer activity by transmitting data covertly from a hard drive. Cisco states that “much of today’s advertising software online known as potentially unwanted applications (PUAs) is spyware.” In the end, spyware is nothing more than malware. In the corporate arena, spyware can cause many risks. For example, steal user and corporate critical information, weaken security posture of devices by modifying device configurations and settings, installing new and unwanted software, and can increase malware infections. Through Cisco’s research, they found that three spyware families affected more than 20 percent of the companies in their sample: Hola, RelevantKnowledge, and DNSCharger/DNS Unlocker. They are rampant infections and not usually seen as a huge critical security risk. Spyware infections must be taken seriously throughout organizations because of the risk of stolen corporate information.
BEC – Business Email Compromise
Ransomware has been grabbing most of the attention recently with attacks like WannaCry and Petya. However, a threat like business email compromise is starting to make a lot of noise. A partner of Cisco has studied BEC and “has determined that it’s currently the most lucrative and profitable method to extract large amounts of money from organizations.” A BEC campaign involves impersonation of employees through email. The impersonator will email financial employees who have access to send funds by wire transfer. Cyber criminals will do research on organizational hierarchies to figure out who is in charge. They will make the emails out from top executives and ask for a certain amount of funds to be wired – and normally these funds will end up in the bank accounts of cyber criminals. Because BEC don’t contain malware or links, they can sometimes get through threat defense tools.
IoT is only just emerging
The Internet of Things (IoT) has showed companies the ease of business collaboration and innovation. However, as IoT quickly grows, the security risks are too growing in parallel. The IoT movement has made great strides to innovate common devices and products to make them more efficient and congruent with our everyday lives, but they still are lacking visibility. Many are still not aware of what IoT devices are connected to their network. Cyber criminals quickly saw an open door and are exploiting security weaknesses yet addressed in IoT devices. They can use these to move laterally across networks quietly and with ease.
As we overview these methods that cyber criminals are using to compromise users and infiltrate systems, it is important for defenders to understand changes in tactics so they can, in turn, adapt their security practices and educate users. Cisco has found that, since 2015 the overall time to detection trend have been downward – from just over 39 hours at the start of research to about 3.5 hours. While this shows that we are detecting threats quicker, it also shows that attackers are attempting to re-try old attacks methods. This only concretes the fact that cyber criminals are under even more pressure to evolve their threats to evade detection and devise new techniques.
Check back next week for our second part of this three-part evaluation of the 2017 Cisco midyear report. Next week we will be discussing recent vulnerability trends that threat actors are using to penetrate organizations’ systems and data.
It’s time to finally say, Happy Holidays! While the holiday season is for spending time with your family, eating way too much, and spreading the holiday cheer, it also signifies that the year is coming to an end. And, we’ve all heard the cliché saying, new year new me, right? Well, as you might have … Continue reading “New Connections: An Introduction to Magna5”
In the recent Solarwinds MSP Cyber Preparedness Survey, Solarwinds surveyed 400 Small- to Medium-Sized Enterprises. This survey investigated the cyber security preparedness, experiences and failings of these organizations to better understand what we can be doing to better protect critical information. The headlines of all the attacks this year are enough to scare people to … Continue reading “7 Pitfalls That Are Hindering Your Cyber Security”
FOR IMMEDIATE RELEASE Contact: Anne Clarrissimeaux Communications Manager Magna5 email@example.com 214-552-0910 MAGNA5 ACQUIRES NETSERVE365 Fourth acquisition in 18 months strengthens PaaS, IaaS, UCaaS services portfolio with addition of award-winning network and server monitoring and management, cloud hosting and managed IT security services Pittsburgh (November 16, 2017) – Magna5, a portfolio company of NewSpring … Continue reading “Magna5 Acquires NetServe365”