How complex attacks drive the IT security innovation race
There’s a need for organizations to reduce time to detection (TTD) in order to remediate against sophisticated attacks by highly motivated threat actors, according to the Cisco 2015 Midyear Security Report.
The report shows that new risks associated with Flash, the evolution of ransomware, and the Dridex mutating malware campaign, reinforce the need for reduced time to detection. With the digitization of business and the IoE, malware and threats become even more pervasive, which shines an unsightly light on the security industry’s estimates of 100 to 200 days for TTD.
The findings also underscore the need for businesses to deploy integrated solutions vs. point products, work with trustworthy vendors, and enlist security services providers for guidance and assessment. Further, geopolitical experts have declared that a global cyber governance framework is needed to sustain economic growth.
“The report rightly highlights the need for coherent standards across the IT security sector so that solutions can integrate and form interlocking defense meshes against inbound attacks, rather than standing as independent apps with varying capability and no ability to cross-talk, according to Sergio Galindo, general manager of GFI Software. “With the advent of the Internet of Things, coherent standards for IT security are going to be paramount to ensure compatibility and an assured level of hardened security in devices that, if compromised, could cause massive disruption or harm. Right now, we simply don’t have it,” Galindo added.
Other key findings from the study include the following:
Angler: Adversaries Darting in the Shadows Angler is currently one of the most sophisticated and widely used exploit kits because of its innovative use of Flash, Java, Internet Explorer, and Silverlight vulnerabilities. It also excels at attempting to evade detection by employing domain shadowing, as one of its technique, accounting for the lion’s share of domain shadowing activity.
Flash is back: Exploits of Adobe Flash vulnerabilities, which are integrated into Angler and Nuclear exploit kits, are on the rise. This is due to lack of automated patching, as well as consumers who fail to update immediately.
The evolution of ransomware: Ransomware remains highly lucrative for hackers as they continually release new variants. Ransomware operations have matured to the point that they are completely automated and carried out through the dark web. To conceal payment transactions from law enforcement, ransoms are paid in cryptocurrencies, such as Bitcoin.
Dridex: The creators of these quickly mutating campaigns have a sophisticated understanding of evading security measures. As part of their evasion tactics, attackers rapidly change the emails’ content, user agents, attachments, or referrers and launch new campaigns, forcing traditional antivirus systems to detect them anew.
The innovation race between adversaries and security vendors is accelerating, placing end users and organizations at increasing risk. Vendors must be vigilant in developing integrated security solutions that help organizations be proactive and align the right people, processes, and technology.
Integrated threat defense: Organizations face significant challenges with point product solutions and need to consider an integrated threat defense architecture that embeds security everywhere, and will enforce at any control point.
Services fill the gap: As the security industry addresses increased fragmentation, a dynamic threat landscape, and how to cope with a rising shortfall of skilled talent, businesses must invest in effective, sustainable and trusted security solutions and professional services.
Global cyber governance framework: Global cyber governance is not prepared to handle the emerging threat landscape or geopolitical challenges. The question of boundaries — how governments collect data about citizens and businesses and share among jurisdictions — is a significant hurdle to achieving cohesive cyber governance as worldwide cooperation is limited. A collaborative, multi-stakeholder cyber governance framework is required to sustain business innovation and economic growth on a global stage.
Trustworthy vendors: Organizations should demand that their technology vendors are transparent about and able to demonstrate the security they build into their products in order to be considered trustworthy. These organizations must carry this understanding across all aspects of product development starting with the supply chain and through the deployed life of their products. They must ask vendors to contractually back up their claims and demand better security.