Cisco 2017 MCR pre­dicts DeOS

Kuwait Times - - TECHNOLOGY -

The Cisco (NAS­DAQ: CISCO) 2017 Midyear Cy­ber­se­cu­rity Re­port (MCR) un­cov­ers the rapid evo­lu­tion of threats and the in­creas­ing mag­ni­tude of at­tacks, and fore­casts po­ten­tial “de­struc­tion of ser­vice” (DeOS) at­tacks. These could elim­i­nate or­ga­ni­za­tions’ back­ups and safety nets, re­quired to re­store sys­tems and data af­ter an at­tack. Also, with the ad­vent of the In­ter­net of Things (IoT), key in­dus­tries are bring­ing more op­er­a­tions on­line, in­creas­ing at­tack sur­faces and the po­ten­tial scale and im­pact of these threats.

Re­cent cy­ber in­ci­dents such as Wan­naCry and Nyetya show the rapid spread and wide im­pact of at­tacks that look like tra­di­tional ran­somware, but are much more de­struc­tive. These events fore­shadow what Cisco is call­ing de­struc­tion of ser­vice at­tacks, which can be far more dam­ag­ing, leav­ing busi­nesses with no way to re­cover. The In­ter­net of Things con­tin­ues to of­fer new op­por­tu­ni­ties for cy­ber­crim­i­nals, and its se­cu­rity weak­nesses, ripe for ex­ploita­tion, will play a cen­tral role in en­abling these cam­paigns with es­ca­lat­ing im­pact.

Re­cent IoT bot­net ac­tiv­ity al­ready sug­gests that some at­tack­ers may be lay­ing the foun­da­tion for a wide-reach­ing, high-im­pact cy­ber-threat event that could po­ten­tially dis­rupt the In­ter­net it­self. “As re­cent in­ci­dents like Wan­naCry and Netya il­lus­trate, our ad­ver­saries are be­com­ing more and more cre­ative in how they ar­chi­tect their at­tacks. While the ma­jor­ity of or­ga­ni­za­tions took steps to im­prove se­cu­rity fol­low­ing a breach, busi­nesses across in­dus­tries are in a con­stant race against the at­tack­ers. Se­cu­rity ef­fec­tive­ness starts with clos­ing the ob­vi­ous gaps and mak­ing se­cu­rity a busi­ness pri­or­ity,” said Steve Martino, Vice Pres­i­dent and Chief In­for­ma­tion Se­cu­rity Of­fi­cer, Cisco.

Mea­sur­ing ef­fec­tive­ness of se­cu­rity prac­tices in the face of these at­tacks is crit­i­cal. Cisco tracks progress in re­duc­ing “time to de­tec­tion” (TTD), the win­dow of time be­tween a com­pro­mise and the de­tec­tion of a threat. Faster time to de­tec­tion is crit­i­cal to con­strain at­tack­ers’ op­er­a­tional space and min­i­mize dam­age from in­tru­sions. Since Novem­ber 2015, Cisco de­creased its me­dian time-to-de­tec­tion (TTD) from just over 39 hours to about 3.5 hours for the pe­riod from Novem­ber 2016 to May 2017. This fig­ure is based on opt-in teleme­try gath­ered from Cisco se­cu­rity prod­ucts de­ployed world­wide.

“Com­plex­ity con­tin­ues to hin­der many or­ga­ni­za­tions’ se­cu­rity ef­forts. It’s ob­vi­ous that the years of in­vest­ing in point prod­ucts that can’t in­te­grate is cre­at­ing huge op­por­tu­ni­ties for at­tack­ers who can eas­ily iden­tify over­looked vul­ner­a­bil­i­ties or gaps in se­cu­rity ef­forts. To ef­fec­tively re­duce Time to De­tec­tion and limit the im­pact of an at­tack, the in­dus­try must move to a more in­te­grated, ar­chi­tec­tural ap­proach that in­creases vis­i­bil­ity and man­age­abil­ity, em­pow­er­ing se­cu­rity teams to close gaps,” said Scott Man­son, Cy­ber Se­cu­rity Leader for Mid­dle East and Turkey, Cisco.

What’s hot, what’s not?

Cisco se­cu­rity re­searchers watched the evo­lu­tion of mal­ware dur­ing the first half of 2017 and iden­ti­fied shifts in how ad­ver­saries are tai­lor­ing their de­liv­ery, ob­fus­ca­tion and eva­sion tech­niques. Specif­i­cally, Cisco saw they in­creas­ingly re­quire vic­tims to ac­ti­vate threats by click­ing on links or open­ing files. They are de­vel­op­ing file less mal­ware that lives in mem­ory and is harder to de­tect or in­ves­ti­gate as it is wiped out when a de­vice restarts. Fi­nally ad­ver­saries are re­ly­ing on anonymized and de­cen­tral­ized in­fra­struc­ture, such as a Tor proxy ser­vice, to ob­scure com­mand and con­trol ac­tiv­i­ties. While Cisco has seen a strik­ing de­cline in ex­ploit kits, other tra­di­tional at­tacks are see­ing resur­gence:

Spam vol­umes are sig­nif­i­cantly in­creas­ing, as ad­ver­saries turn to other tried-and-true meth­ods, like email, to dis­trib­ute mal­ware and gen­er­ate rev­enue. Cisco threat re­searchers an­tic­i­pate that the vol­ume of spam with ma­li­cious at­tach­ments will con­tinue to rise while the ex­ploit kit land­scape re­mains in flux.

Spy­ware and ad­ware, of­ten dis­missed by se­cu­rity pro­fes­sion­als as more nui­sance than harm, are forms of mal­ware that per­sist and bring risks to the en­ter­prise. Cisco re­search sam­pled 300 com­pa­nies over a four-month pe­riod and found that three preva­lent spy­ware fam­i­lies in­fected 20 per­cent of the sam­ple. In a cor­po­rate en­vi­ron­ment, spy­ware can steal user and com­pany in­for­ma­tion, weaken the se­cu­rity pos­ture of de­vices and in­crease mal­ware in­fec­tions.

Evo­lu­tions in ran­somware, such as the growth of Ran­somware-as-a-Ser­vice, make it eas­ier for criminals, re­gard­less of skill set, to carry out these at­tacks. Ran­somware has been grab­bing head­lines and re­port­edly brought in more than $1 bil­lion in 2016, but this may be mis­di­rect­ing some or­ga­ni­za­tions, who face an even greater, un­der­re­ported threat. Busi­ness email com­pro­mise (BEC), a so­cial en­gi­neer­ing at­tack in which an email is de­signed to trick or­ga­ni­za­tions into trans­fer­ring money to at­tack­ers, is be­com­ing highly lu­cra­tive. Be­tween Oc­to­ber 2013 and De­cem­ber 2016, $5.3 bil­lion was stolen via BEC, ac­cord­ing to the In­ter­net Crime Com­plaint Cen­ter.

Com­mon Chal­lenges

As criminals con­tinue to in­crease the so­phis­ti­ca­tion and in­ten­sity of at­tacks, busi­nesses across in­dus­tries are chal­lenged to keep up with even foun­da­tional cy­ber­se­cu­rity re­quire­ments. As In­for­ma­tion Tech­nol­ogy and Op­er­a­tional Tech­nol­ogy con­verge in the In­ter­net of Things, or­ga­ni­za­tions strug­gle with vis­i­bil­ity and com­plex­ity. As part of its Se­cu­rity Ca­pa­bil­i­ties Bench­mark Study, Cisco sur­veyed close to 3,000 se­cu­rity lead­ers across 13 coun­tries and found that across in­dus­tries, se­cu­rity teams are in­creas­ingly over­whelmed by the vol­ume of at­tacks. This leads many to be­come more re­ac­tive in their pro­tec­tion ef­forts.

No more than two-thirds of or­ga­ni­za­tions are in­ves­ti­gat­ing se­cu­rity alerts. In cer­tain in­dus­tries (such as health­care and trans­porta­tion), this num­ber is closer to 50 per­cent.

Even in the most re­spon­sive in­dus­tries (such as fi­nance and health­care), busi­nesses are mit­i­gat­ing less than 50 per­cent of at­tacks they know are le­git­i­mate.

Breaches are a wake-up call. Across most in­dus­tries, breaches drove at least mod­est se­cu­rity im­prove­ments in at least 90 per­cent of or­ga­ni­za­tions. Some in­dus­tries (such as trans­porta­tion) are less re­spon­sive, fall­ing just above 80 per­cent.

Im­por­tant find­ings per in­dus­try in­clude:

Pub­lic Sec­tor- Of threats in­ves­ti­gated, 32 per­cent are iden­ti­fied as le­git­i­mate threats, but only 47 per­cent of those le­git­i­mate threats are even­tu­ally re­me­di­ated. Re­tail-Thirty-two per­cent said they’d lost rev­enue due to at­tacks in the past year with about one­fourth los­ing cus­tomers or busi­ness op­por­tu­ni­ties.

Man­u­fac­tur­ing-Forty per­cent of the man­u­fac­tur­ing se­cu­rity pro­fes­sion­als said they do not have a for­mal se­cu­rity strat­egy, nor do they fol­low stan­dard­ized in­for­ma­tion se­cu­rity pol­icy prac­tices such as ISO 27001 or NIST 800-53.

Util­i­ties-Se­cu­rity pro­fes­sion­als said tar­geted at­tacks (42 per­cent) and ad­vanced per­sis­tent threats, or APTs (40 per­cent), were the most crit­i­cal se­cu­rity risks to their or­ga­ni­za­tions.

Health­care-Thirty-seven per­cent of the health­care or­ga­ni­za­tions said that tar­geted at­tacks are high-se­cu­rity risks to their or­ga­ni­za­tions.

Ad­vice for Or­ga­ni­za­tions

To com­bat to­day’s in­creas­ingly so­phis­ti­cated at­tack­ers, or­ga­ni­za­tions must take a proac­tive stance in their pro­tec­tion ef­forts. Cisco Se­cu­rity ad­vises:

Keep­ing in­fra­struc­ture and ap­pli­ca­tions up to date, so that at­tack­ers can’t ex­ploit pub­licly known weak­nesses.

Bat­tle com­plex­ity through an in­te­grated de­fense. Limit siloed in­vest­ments.

En­gage ex­ec­u­tive lead­er­ship early to en­sure com­plete un­der­stand­ing of risks, re­wards and bud­getary con­straints.

Es­tab­lish clear met­rics. Use them to val­i­date and im­prove se­cu­rity prac­tices.

Ex­am­ine em­ployee se­cu­rity train­ing with role-based train­ing ver­sus one-size-fits-all.

Bal­ance de­fense with an ac­tive re­sponse. Don’t “set and for­get” se­cu­rity con­trols or pro­cesses.

For the 2017 MCR, a di­verse group of 10 se­cu­rity tech­nol­ogy part­ners were in­vited to share data from which to jointly draw threat land­scape con­clu­sions. Part­ners that con­trib­uted to the re­port in­clude Ano­mali, Flash­point, Lumeta, Qualys, Rad­ware, Rapid7, RSA, SAINT Cor­po­ra­tion, Threat-Con­nect and TrapX. Cisco’s se­cu­rity tech­nol­ogy part­ner ecosys­tem is a key com­po­nent of the com­pany’s vi­sion to bring se­cu­rity that is sim­ple, open and au­to­mated to cus­tomers.

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.