Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Cisco: Attackers target applications’ weak links
SECURITY

Cisco: Attackers target applications’ weak links 

This report was written by Cisco Collective Security Intelligence (CSI) security research experts and the study examines threat intelligence and cybersecurity trends for the first half of 2014.

The reports says these vulnerabilities could be anywhere between abandoned digital assets, user errors or outdated software, which contribute to exploit methods like point-of-sale compromise, malvertising, ransomware, infiltration of encryption protocols, exploit kits and social engineering.

Also, the report found that these organizations are at higher risk because the attackers target only the high-profile vulnerabilities, avoiding the common and stealthy ones. They attack weaknesses in low-profile legacy applications and escape detection because security teams focus on boldface vulnerabilities like Heartbleed.

Sixteen multinational enterprises that had a combined worth in assets of $4 trillion and revenue of more than $300 billion were studied and the research exposed malicious traffic within these organizations.

“Many companies are innovating their future using the Internet,” said John N. Stewart, SVP and CSO, Cisco, in a press release. “To succeed in this rapidly emerging environment, executive leadership needs to embrace and manage, in business terms, the associated cyber risks. Analyzing and understanding weaknesses within the security chain rests largely upon the ability of individual organizations, and industry, to create awareness about cyber risk at the most senior levels, including Boards — making cybersecurity a business process, not about technology. To cover the entire attack continuum — before, during, and after an attack — organizations today must operate security solutions that operate everywhere a threat can manifest itself.”

Findings
“Man-in-the-browser” (MiTB) attacks – Researchers discovered that almost 94 percent of customer networks surveyed have traffic that goes to malware-hosting websites. The issuing of DNS requests of certain IP addresses is associated with the distribution of Palevo, SpyEye and Zeus malware families that use MiTB attacks.

Botnet hide and seek: Almost 70 percent of networks were noted to issue DNS queries for Dynamic DNS Domains, which revealed that botnets used DDNS to compromise/misuse these networks without being detected. Enterprises seldom attempt outbound connection for dynamic DNS domains other than C&C callbacks seeking to disguise their botnet location.

Encrypting stolen data: Almost 44 percent of customer networks issued DNS queries for domains that provide encrypted channel services. Malicious actors used these to hide their tracks by data exfiltration to bypass detection such as VPN, FTP, and FTPS.

According to Cisco security researchers, after the Blackhole exploit kit’s creator was arrested last year, the incidence of exploit kits has fallen by 87 percent. During the first six months of last year, many kits were noted to move in on an ex-victim of Blackhole, but a single main culprit has not yet been detected.

Java remains the most exploited by malware. Researchers found that as of May 2014, Java exploits hiked to 93 percent. In November 2013, this was reported as 91 percent.

In the first half of this year, high-profit verticals like pharma and chemical industries fell in the top three high-risk vertical markets for malware encounters. Nearly four times, the media and publishing were in the top posting for the same. Although aviation fell into third place in this regard, globally it had more than double the malware encounters as opposed to media.

In the Americas, media and publishing were the worst-affected verticals, whereas in Africa, Europe and the Middle East, the food and beverage sectors were hit the hardest. The insurance industry of the Asia Pacific region was the most targeted, according to Cisco researchers.

To read the report, click here.

Related posts