What’s your plan of attack for 2014? Have you entered the year fully armed to deal with the threats that invade the periphery of your network each day? Do you have contingency plans in place to react to the attacks that evade your defenses, usually due to malware or malicious links that surf past your DMZ like it wasn’t even there? Are your users properly trained and confident in their ability to recognize what a threat looks like?
A new year is largely a symbolic thing, but it should be a reminder and a wake-up call for all of us, to think about security, threats, and response. As the year begins anew, reports and studies start to appear, and they’re invaluable tools in the threat assessment arena, if for no other reason than to remind us to keep our guard up. The venerable folks at Cisco Systems are well-known for their annual security report, and for many of us, getting a look at the report is like Christmas all over again.
Last week, Cisco released its 2014 Annual Security Report, and if you haven’t gotten it yet, please go out and do so. It reads like an ancient tome presaging the future, with an unsettling look at what happened in 2013 and a helpful look into what we might expect in the coming year.
There are a several key themes in Cisco’s report, mainly new malware schemes, the exploitation of trust, and campaigns that target specific organizations and exploit their vulnerabilities. “Malicious actors continue to innovate ways to exploit public trust to effect harmful consequences,” the report warns, and from those words we can take away the most important theme for 2014: do not let your guard down.
Cisco reports three main findings resulting from their research:
Attacks against infrastructure are targeting significant resources across the Internet
- Malicious exploits are gaining access to web hosting servers, nameservers, and data centers. This suggests the forming of überbots that seek high-reputation and resource-rich assets
- Buffer errors are a leading threat
- Malware encounters are shifting toward electronics manufacturing, agriculture, and mining industries
Malicious actors are using trusted applications to exploit gaps in perimeter security
- Spam continues its downward trend, although the proportion of maliciously intended spam remains constant
- Java comprises 91 percent of web exploits
- “Watering hole” attacks are targeting specific industry-related websites to deliver malware
Investigations of multinational companies show evidence of internal compromise.
- Indicators of compromise suggest network penetrations may be undetected over long periods
- Threat alerts grew 14 percent year over year; new alerts (not updated alerts) are on the rise
- Ninety-nine percent of all mobile malware in 2013 targeted Android devices
The report also highlights cloud computing, recognizing that businesses need to adopt the cloud if they’re to remain competitive; but security gaps in the existing technology are quickly being exploited by cybercriminals, who are “working faster to exploit the gaps that nonintegrated point solutions simply cannot address. And they are succeeding because they have the resources to be more nimble.”
At the heart of the threat posed by modern cybercriminals is trust, and while it’s by no means a new theme, Cisco warns that we need to be perpetually vigilant. “There should be an assumption by all users, perhaps, that nothing in the cyber world can or should be trusted. And security professionals may do their organizations a service by not trusting any network traffic.”
The report points out that trust, generally, suffered a setback in 2013, due in large part to Edward Snowden’s whistleblowing. The revelations released by Snowden have helped to uncover “potential risks of both unintentional vulnerabilities and intentional “backdoors” in technology products—and whether vendors are doing enough to prevent these weaknesses and protect end users.”
Spam is not going away
We’ve all seen the reports: spam is on a decline, due in large part to the increased attack vector adopted by cybercriminals. Rather than blast email campaigns in a shotgun approach, the crooks are using a campaign-type approach, utilizing social media and SMS spam in addition to email spam. They’re also being more specific in their attacks, opting to identify the target and tailor their campaigns. Sometimes, email spam is used as a tool to obfuscate an attack in progress.
And malware is becoming far more dangerous. Cisco points out the Boston Marathon bombing in April as an example of how spammers take advantage of global events and users ripe for the picking. “Spammers prey on people’s desire for more information in the wake of a major event. When spammers give online users what they want, it’s much easier to trick them into a desired action, such as clicking an infected link.”
There’s much more in the Cisco report, and it’s highly recommended reading. If nothing else, it helps us to understand a little of what’s going on in the minds of the cybercriminals, and maybe that will help us get a leg-up on them in the coming year.