Thursday Dec 12, 2024
Monday, 1 August 2016 00:00 - - {{hitsCtrl.values.hits}}
The Cisco 2016 Midyear Cybersecurity Report (MCR) finds that organisations are unprepared for future strains of more sophisticated ransomware. Fragile infrastructure, poor network hygiene, and slow detection rates are providing ample time and air cover for adversaries to operate. According to the report’s findings, the struggle to constrain the operational space of attackers is the biggest challenge facing businesses and threatens the underlying foundation required for digital transformation. Other key findings in the MCR include adversaries expanding their focus to server-side attacks, evolving attack methods and increasing use of encryption to mask activity.
So far in 2016, ransomware has become the most profitable malware type in history. Cisco expects to see this trend continue with even more destructive ransomware that can spread by itself and hold entire networks, and therefore companies, hostage. New modular strains of ransomware will be able to quickly switch tactics to maximise efficiency. For example, future ransomware attacks will evade detection by being able to limit CPU usage and refrain from command-and-control actions. These new ransomware strains will spread faster and self-replicate within organisations before coordinating ransom activities.
“As organisations capitalise on new business models presented by digital transformation, security is the critical foundation. Attackers are going undetected and expanding their time to operate. To close the attackers’ windows of opportunity, customers will require more visbility into their networks and must improve activities, like patching and retiring aging infrastructure lacking in advanced security capabilities. As attackers continue to monetise their strikes and create highly profitable business models, Cisco is working with our customers to help them match and exceed their attackers’ level of sophistication, visbility and control,” said Mike Weston, Vice President, Cisco Middle East.
Visibility across the network and endpoints remains a primary challenge. On average, organisations take up to 200 days to identify new threats. Cisco’s median time to detection (TTD) continues to outpace the industry, hitting a new low of approximately 13 hours to detect previously unknown compromises for the six months ending in April 2016. This result is down from 17.5 hours for the period ending in October 2015. Faster time to detection of threats is critical to constrain attackers’ operational space and minimise damage from intrusions. This figure is based on opt-in security telemetry gathered from Cisco security products deployed worldwide.
As attackers innovate, many defenders continue to struggle with maintaining the security of their devices and systems. Unsupported and unpatched systems create additional opportunities for attackers to easily gain access, remain undetected, and maximise damage and profits. The Cisco 2016 Midyear Cybersecurity Report shows that this challenge persists on a global scale. While organisations in critical industries such as healthcare have experienced a significant uptick in attacks over the past several months, the report’s findings indicate that all vertical markets and global regions are being targeted. Clubs and organisations, charities and non-governmental organisation (NGOs), and electronics businesses have all experienced an increase in attacks in the first half of 2016. On the world stage, geopolitical concerns include regulatory complexity and contradictory cybersecurity policies by country. The need to control or access data may limit and conflict with international commerce in a sophisticated threat landscape.
Attackers operating unconstrained
For attackers, more time to operate undetected results in more profits. In the first half of 2016, Cisco reports, attacker profits have skyrocketed due to the following:
Expanding focus
Attackers are broadening their focus from client-side to server-side exploits, avoiding detection and maximising potential damage and profits.
Evolving attack methods
During the first half of 2016, adversaries continued to evolve their attack methods to capitalise on defenders’ lack of visibility.
Covering tracks
Contributing to defenders’ visibility challenges, adversaries are increasing their use of encryption as a method of masking various components of their operations.
Defenders struggle to reduce vulnerabilities, close gaps
In the face of sophisticated attacks, limited resources and aging infrastructure, defenders are struggling to keep pace with their adversaries. Data suggests defenders are less likely to address adequate network hygiene, such as patching, the more critical the technology is to business operations. For example:
In addition, Cisco found that much of their infrastructure was unsupported or operating with known vulnerabilities. This problem is systemic across vendors and endpoints. Specifically, Cisco researchers examined 103,121 Cisco devices connected to the Internet and found that:
In comparison, Cisco also looked across software infrastructure at a sample of over 3 million installations. The majority were Apache and OpenSSH with an average number of 16 known vulnerabilities, running for an average of 5.05 years.
Browser updates are the lightest-weight updates for endpoints, while enterprise applications and server-side infrastructure are harder to update and can cause business continuity problems. In essence, the more critical an application is to business operations, the less likely it is to be addressed frequently, creating gaps and opportunities for attackers.
Cisco advises simple steps to protect business environments
Cisco’s Talos researchers have observed that organisations that take just a few simple yet significant steps can greatly enhance the security of their operations, including:
(About the Report: The Cisco 2016 Midyear Cybersecurity Report examines the latest threat intelligence gathered by Cisco Collective Security Intelligence. The report provides data-driven industry insights and cybersecurity trends from the first half of the year, along with actionable recommendations to improve security posture. It is based on data from a vast footprint, amounting to a daily ingest of over 40 billion points of telemetry. Cisco researchers translate intelligence into real-time protections for our products and service offerings that are immediately delivered globally to Cisco customers.)