US-based networking company Cisco has uncovered the rapid evolution of threats and the increasing magnitude of attacks and forecasts potential “destruction of service” (DeOS) attacks.
In its 2017 Mid-year Cyber security Report, Cisco says these DeOS attacks could eliminate organisations’ backups and safety nets required to restore systems and data after an attack.
The report provides data-driven industry insights and cyber security trends from the first half of the year, along with actionable recommendations to improve security posture. It is based on data from a vast footprint, amounting to a daily ingest of over 40 billion points of telemetry.
According to Cisco, with the advent of the Internet of things (IOT), key industries are bringing more operations online, increasing attack surfaces and the potential scale and impact of these threats.
It notes recent cyber incidents such as WannaCry and Nyetya show the rapid spread and wide impact of attacks that look like traditional ransomware, but are much more destructive.
These events foreshadow what Cisco is calling destruction of service attacks, which can be far more damaging, leaving businesses with no way to recover, the networking company says.
It adds that IOT continues to offer new opportunities for cyber criminals, and its security weaknesses, ripe for exploitation, will play a central role in enabling these campaigns with escalating impact.
Cisco believes recent IOT botnet activity already suggests some attackers may be laying the foundation for a wide-reaching, high-impact cyber threat event that could potentially disrupt the Internet.
“As recent incidents like WannaCry and Nyetya illustrate, our adversaries are becoming more and more creative in how they architect their attacks,” says Steve Martino, vice-president and chief information security officer at Cisco.
“While the majority of organisations took steps to improve security following a breach, businesses across industries are in a constant race against the attackers. Security effectiveness starts with closing the obvious gaps and making security a business priority.”
Cisco security researchers watched the evolution of malware during the first half of 2017 and identified shifts in how adversaries are tailoring their delivery, obfuscation and evasion techniques. Specifically, Cisco saw they increasingly require victims to activate threats by clicking on links or opening files.
It explains adversaries are developing “fileless” malware that lives in memory and is harder to detect or investigate as it is wiped out when a device restarts.
Finally, adversaries are relying on ‘anonymised’ and decentralised infrastructure, such as a Tor proxy service, to obscure command and control activities.
According to the report, spam volumes are significantly increasing, as adversaries turn to other tried-and-true methods, like e-mail, to distribute malware and generate revenue. Cisco threat researchers anticipate the volume of spam with malicious attachments will continue to rise while the exploit kit landscape remains in flux.
Spyware and adware, often dismissed by security professionals as more nuisance than harm, are forms of malware that persist and bring risks to the enterprise, the report states. Cisco research sampled 300 companies over a four-month period and found three prevalent spyware families infected 20% of the sample.
In a corporate environment, spyware can steal user and company information, weaken the security posture of devices and increase malware infections.
Evolutions in ransomware, such as the growth of ransomware-as-a-service, make it easier for criminals, regardless of skill set, to carry out these attacks, the company says.
Ransomware has been grabbing headlines and reportedly brought in more than $1 billion in 2016, but this may be misdirecting some organisations, which face an even greater, underreported threat, it adds.
Business e-mail compromise (BEC), a social engineering attack in which an e-mail is designed to trick organisations into transferring money to attackers, is becoming highly lucrative, Martino notes.
Between October 2013 and December 2016, $5.3 billion was stolen via BEC, according to the Internet Crime Complaint Centre.
“Complexity continues to hinder many organisations’ security efforts. It’s obvious that the years of investing in point products that can’t integrate is creating huge opportunities for attackers who can easily identify overlooked vulnerabilities or gaps in security efforts,” says David Ulevitch, senior vice-president and GM for the Security Business Group at Cisco.
“To effectively reduce time to detection and limit the impact of an attack, the industry must move to a more integrated, architectural approach that increases visibility and manageability, empowering security teams to close gaps.”
Our comments policy does not allow anonymous postings. Read the policy here