The Cisco 2017 Midyear Cybersecurity Report (MCR) uncovers the rapid evolution of threats and the increasing magnitude of attacks, and forecasts potential Destruction of Service attacks, which could eliminate organizations’ backups and safety nets. Also, with the advent of the Internet of Things, key industries are bringing more operations online, increasing attack surfaces and the potential scale and impact of these threats.
Targeted attacks and APTs are most critical concerns
Cisco security researchers watched the evolution of malware during the first half of 2017 and identified shifts in how adversaries are tailoring their delivery, obfuscation and evasion techniques. Specifically, Cisco saw they increasingly require victims to activate threats by clicking on links or opening files.
They are developing fileless malware that lives in memory and is harder to detect or investigate as it is wiped out when a device restarts. Finally adversaries are relying on anonymized and decentralized infrastructure, such as a Tor proxy service, to obscure command and control activities.
Resurgence of traditional attacks
While Cisco has seen a striking decline in exploit kits, other traditional attacks are seeing a resurgence:
- Spam volumes are significantly increasing, as adversaries turn to other tried-and-true methods, like email, to distribute malware and generate revenue. Cisco threat researchers anticipate that the volume of spam with malicious attachments will continue to rise while the exploit kit landscape remains in flux.
- Cisco research sampled 300 companies over a four-month period and found that three prevalent spyware families infected 20 percent of the sample. In a corporate environment, spyware can steal user and company information, weaken the security posture of devices and increase malware infections.
- Evolutions in ransomware, such as the growth of Ransomware-as-a-Service, make it easier for criminals, regardless of skill set, to carry out these attacks. Ransomware has been grabbing headlines and reportedly brought in more than $1 billion in 2016, but this may be misdirecting some organizations, who face an even greater, underreported threat. Business email compromise (BEC), a social engineering attack in which an email is designed to trick organizations into transferring money to attackers, is becoming highly lucrative. Between October 2013 and December 2016, $5.3 billion was stolen via BEC, according to the Internet Crime Complaint Center.
Amount of loss due to BEC
“Due to poor security practices and culture in many cases it often seen to be cheaper to pay the ransom to get the data back than through internal recovery procedures. No matter how tempting it might be, if any other options exists, however challenging, companies should never negotiate or concede to criminal and pay the ransom. The danger with paying the ransom is there’s no guarantee they’ll recover the encrypted files, and by paying you are only fuelling the ransomware economy – and what now stops you being targeted again in future cyberattacks?. Also be aware that ransomware by its very nature is designed be annoying and loud, be mindful that there may also be secondary infections intent on staying hidden, looking to perform damage using other means – like data and password pilfering,” said David Kennerley, Director of Threat Research at Webroot.
Unique industries face common challenges
As criminals continue to increase the sophistication and intensity of attacks, businesses across industries are challenged to keep up with even foundational cybersecurity requirements. As Information Technology and Operational Technology converge in the Internet of Things, organizations struggle with visibility and complexity.
As part of its Security Capabilities Benchmark Study, Cisco surveyed close to 3,000 security leaders across 13 countries and found that across industries, security teams are increasingly overwhelmed by the volume of attacks. This leads many to become more reactive in their protection efforts.
- No more than two-thirds of organizations are investigating security alerts. In certain industries (such as healthcare and transportation), this number is closer to 50 percent.
- Even in the most responsive industries (such as finance and healthcare), businesses are mitigating less than 50 percent of attacks they know are legitimate.
- Breaches are a wake-up call. Across most industries, breaches drove at least modest security improvements in at least 90 percent of organizations. Some industries (such as transportation) are less responsive, falling just above 80 percent.
Revenue loss from attacks
Important findings per industry include:
Public sector – Of threats investigated, 32 percent are identified as legitimate threats, but only 47 percent of those legitimate threats are eventually remediated.
Retail – Thirty-two percent said they’d lost revenue due to attacks in the past year with about one-fourth losing customers or business opportunities.
Manufacturing – Forty percent of the manufacturing security professionals said they do not have a formal security strategy, nor do they follow standardized information security policy practices such as ISO 27001 or NIST 800-53.
Utilities – Security professionals said targeted attacks (42 percent) and advanced persistent threats, or APTs (40 percent), were the most critical security risks to their organizations.
Healthcare – Thirty-seven percent of the healthcare organizations said that targeted attacks are high-security risks to their organizations.