Interviews

Cyber report

by Mark Rowe

Spam volumes are significantly increasing, as adversaries turn to other tried-and-true methods, like email, to distribute malware and generate revenue. That’s among the findings in the network product company Cisco’s 2017 Midyear Cybersecurity Report (MCR).

That said, the Internet of Things continues to offer new opportunities for cyber-criminals, and its security weaknesses, ripe for exploitation, will play a central role, according to the study. Recent IoT botnet activity already suggests that some attackers may be laying the foundation for a wide-reaching, high-impact cyber-threat event that could potentially disrupt the internet itself, the research warns.

Cisco security researchers watched the evolution of malware during the first half of 2017 and identified shifts in how adversaries are tailoring their delivery, obfuscation and evasion techniques. Specifically, researchers saw they increasingly require victims to activate threats by clicking on links or opening files. They are developing fileless malware that lives in memory and is harder to detect or investigate as it is wiped out when a device restarts. And attackers are relying on anonymized infrastructure, such as a Tor proxy service, to obscure their command and control.

Evolutions in ransomware, such as the growth of Ransomware-as-a-Service, make it easier for criminals, regardless of computer skills (or lack if them), to carry out these attacks. Business email compromise (BEC), a social engineering attack in which an email is designed to trick organisations into transferring money to attackers, is becoming highly lucrative.

Steve Martino, Vice President and Chief Information Security Officer at Cisco, said: “As recent incidents like WannaCry and Nyetya illustrate, our adversaries are becoming more and more creative in how they architect their attacks. While the majority of organizations took steps to improve security following a breach, businesses across industries are in a constant race against the attackers. Security effectiveness starts with closing the obvious gaps and making security a business priority.” For a Youtube video of Martino, visit https://www.youtube.com/watch?v=7q34x-H1XsM.

Key industries need to improve security posture, the firm says. Even in the most responsive industries (such as finance and healthcare), businesses are mitigating less than half of attacks they know are legitimate. Breaches are described as a wake-up call. Across most industries, breaches drove at least modest security improvements in at least 90 percent of organisations. Some industries (such as transport) are said to be less responsive.

To request a copy of the report visit the Cisco website.

Comments

Sean Newman, Director at Corero Network Security, said: “Cisco’s reports of increasing concerns around the extent to which the IoT will likely be leveraged for cyber-attacks in the near future, should leave online organisations in no doubt that having automated, proactive DDoS protection in place is more of a requirement than ever, to ensure an effective mitigation against extensive service disruptions or a smokescreen for more complex multi-vector attacks.”

Rob Norris, VP Head of Enterprise and Cyber Security, at Fujitsu EMEIA said: “Cybercriminals are relentless and the potential of ‘destruction of service’ (DeOS) attacks poses an irrecoverable threat to businesses. The cyber risks in today’s technology-driven world are fierce and the financial damage incurred by hacks are noticeably stark for businesses that fail to prepare; just this week Ashley Madison was forced to pay out $11m, while the reputational damage following the hack in 2015 was incurred long ago. It’s evident from previous attacks that breaches can have a serious and long term impact on companies’ value, while the introduction of GDPR will add potentially crippling financial penalties into the mix. The elimination of a business’s entire system takes cyber threats one step further. Organisations won’t just be damaged financially and reputationally but could have absolutely no route to recovery.

“Cybersecurity is the single most alarming threat to businesses across Europe with recent incidents such as WannaCry and Petya only reinforcing the need for a robust cybersecurity strategy. Engagement must start from the top: the C-suite must understand the risks, ensure their organisation is well prepared and develop a comprehensive plan. Time must also be taken to actively test existing networks, spot and quickly address any blind spots in the system and educate the entire workforce on best practice. As technology such as Internet of Things, artificial intelligence and big data becomes integral to business operations, all staff will have to remain prepared for the increasing potential of cyberattacks. Cybercriminals are becoming smarter and naivety is no longer an option in a world where cyber threats could potentially halt your business in its tracks.”

And David Kennerley, Director of Threat Research at the cyber-security product company Webroot, said: “Ransomware as a service is without a doubt one of the biggest threats facing organisations across industries today, and protection against ransomware is currently a question of economics.

“Due to poor security practices and culture in many cases it often seen to be cheaper to pay the ransom to get the data back than through internal recovery procedures. No matter how tempting it might be, if any other options exists, however challenging, companies should never negotiate or concede to criminal and pay the ransom. The danger with paying the ransom is there’s no guarantee they’ll recover the encrypted files, and by paying you are only fuelling the ransomware economy – and what now stops you being targeted again in future cyberattacks? Also be aware that ransomware by its very nature is designed be annoying and loud, be mindful that there may also be secondary infections intent on staying hidden, looking to perform damage using other means – like data and password pilfering.”

“Organisations and individuals need to ensure that firstly, adequate defences are in place. And secondly, valuable data is always backed up so systems can be restored if need be. It also goes without saying that organisations should test their disaster recovery plan (DRP) regularly. This will help them understand the time it will take to restore systems to a useable state and what data is likely to be lost due to back up schedules.”

Related News

  • Interviews

    IAI chair

    by Mark Rowe

    A year ago, Jo Milne-Rowe, pictured, National Sales Manager at the electronic and mechanical lock company Codelocks, was appointed as the national…

  • Interviews

    Countering drone risk

    by Mark Rowe

    Unmanned Aerial Vehicles (UAVs), or drones as they are more frequently described are everywhere and growing in number. Ten million drones in…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing