Cyber attacks have rapidly evolved and increased in magnitude over the last few years, and they are showing no signs of slowing down, according to Cisco’s Midyear Cybersecurity Report, published on July 20.
In particular, traditional attacks such as spam, spyware, adware, and ransomware, are seeing a resurgence in use and success within businesses. These tried-and-true methods, while often dismissed by security professionals, are persistent, easier to orchestrate than ever before, and pose significant risk, Cisco says.
“Spam volumes are significantly increasing, as adversaries turn to other tried-and-true methods, like email, to distribute malware and generate revenue,” it points out, adding that Cisco threat researchers anticipate that “the volume of spam with malicious attachments will continue to rise.”
And when it comes to spyware and adware, which is usually considered more of a nuisance than harmful, Cisco research found that in its sample of 300 companies over a four-month period, three prevalent spyware families infected 20 per cent of them, confirming the basic cyber attack is far from dead.
Ransomware has seen a similar influx thanks to its evolution into a “as a service” attack, which makes it easier for criminals to carry out such attacks, regardless of skill level. Ransomware brought in more than USD1 billion in 2016, Cisco reports, which is not hard to imagine considering how rapidly the recent ransomware incidents of WannaCry and Nyetya spread across the globe.
Cisco also notes that WannaCry and Nyetya foreshadow what it calls “destruction of service” (DeOS) attacks, which could “eliminate organizations’ backups and safety nets, required to restore systems and data after an attack” and can be “far more damaging [than traditional ransomware attacks], leaving businesses with no way to recover.”
“As recent incidents like WannaCry and Nyetya illustrate, our adversaries are becoming more and more creative in how they architect their attacks,” Steve Martino, vice president and chief information security officer at Cisco, says in the report. “While the majority of organizations took steps to improve security following a breach, businesses across industries are in a constant race against the attackers. Security effectiveness starts with closing the obvious gaps and making security a business priority.”
However, the report notes that an even greater and underreported threat exists: business email compromise, “a social engineering attack in which an email is designed to trick organizations into transferring money to attackers.” This “highly lucrative attack” apparently stole USD5.3 billion between October 2013 and December 2016, according to the Internet Crime Complaint Center.
Advice for organizations
Cisco offers advice in the report on how organizations can protect themselves. Beyond the basics of keeping infrastructure and applications up to date, the company suggests:
- Battle complexity through an integrated defense. Limit siloed investments.
- Engage executive leadership early to ensure complete understanding of risks, rewards and budgetary constraints.
- Establish clear metrics. Use them to validate and improve security practices.
- Examine employee security training with role-based training versus one-size-fits-all.
- Balance defense with an active response. Don’t “set and forget” security controls or processes.
“Complexity continues to hinder many organizations’ security efforts,” David Ulevitch, senior vice president and general manager, security business group at Cisco, says in the report. “It’s obvious that the years of investing in point products that can’t integrate is creating huge opportunities for attackers who can easily identify overlooked vulnerabilities or gaps in security efforts. To effectively reduce time to detection and limit the impact of an attack, the industry must move to a more integrated, architectural approach that increases visibility and manageability, empowering security teams to close gaps.”
Understanding the IOT Explosion and its Impact on Enterprise Security