Spam volumes are significantly increasing, as adversaries turn to other tried-and-true methods, like email, to distribute malware and generate revenue. That’s among the findings in the network product company Cisco’s 2017 Midyear Cybersecurity Report (MCR).
That said, the Internet of Things continues to offer new opportunities for cyber-criminals, and its security weaknesses, ripe for exploitation, will play a central role, according to the study. Recent IoT botnet activity already suggests that some attackers may be laying the foundation for a wide-reaching, high-impact cyber-threat event that could potentially disrupt the internet itself, the research warns.
Cisco security researchers watched the evolution of malware during the first half of 2017 and identified shifts in how adversaries are tailoring their delivery, obfuscation and evasion techniques. Specifically, researchers saw they increasingly require victims to activate threats by clicking on links or opening files. They are developing fileless malware that lives in memory and is harder to detect or investigate as it is wiped out when a device restarts. And attackers are relying on anonymized infrastructure, such as a Tor proxy service, to obscure their command and control.
Evolutions in ransomware, such as the growth of Ransomware-as-a-Service, make it easier for criminals, regardless of computer skills (or lack if them), to carry out these attacks. Business email compromise (BEC), a social engineering attack in which an email is designed to trick organisations into transferring money to attackers, is becoming highly lucrative.
Steve Martino, Vice President and Chief Information Security Officer at Cisco, said: “As recent incidents like WannaCry and Nyetya illustrate, our adversaries are becoming more and more creative in how they architect their attacks. While the majority of organizations took steps to improve security following a breach, businesses across industries are in a constant race against the attackers. Security effectiveness starts with closing the obvious gaps and making security a business priority.” For a Youtube video of Martino, visit https://www.youtube.com/watch?v=7q34x-H1XsM.
Key industries need to improve security posture, the firm says. Even in the most responsive industries (such as finance and healthcare), businesses are mitigating less than half of attacks they know are legitimate. Breaches are described as a wake-up call. Across most industries, breaches drove at least modest security improvements in at least 90 percent of organisations. Some industries (such as transport) are said to be less responsive.
To request a copy of the report visit the Cisco website.
David Kennerley, Director of Threat Research at the cyber-security product company Webroot, said: “Ransomware as a service is without a doubt one of the biggest threats facing organisations across industries today, and protection against ransomware is currently a question of economics.
“Due to poor security practices and culture in many cases it often seen to be cheaper to pay the ransom to get the data back than through internal recovery procedures. No matter how tempting it might be, if any other options exists, however challenging, companies should never negotiate or concede to criminal and pay the ransom. The danger with paying the ransom is there’s no guarantee they’ll recover the encrypted files, and by paying you are only fuelling the ransomware economy – and what now stops you being targeted again in future cyberattacks? Also be aware that ransomware by its very nature is designed be annoying and loud, be mindful that there may also be secondary infections intent on staying hidden, looking to perform damage using other means – like data and password pilfering.”
“Organisations and individuals need to ensure that firstly, adequate defences are in place. And secondly, valuable data is always backed up so systems can be restored if need be. It also goes without saying that organisations should test their disaster recovery plan (DRP) regularly. This will help them understand the time it will take to restore systems to a useable state and what data is likely to be lost due to back up schedules.”