pixel_dreams - Fotolia
The report identifies early detection as a top priority to defend against sophisticated cyber attacks by highly motivated threat actors.
The report said there was a 66% increase in the number of Adobe Flash Player vulnerabilities reported by the Common Vulnerabilities and Exposure (CVE) system in the first half of 2015, compared with the whole of 2014.
The creators of quickly mutating Dridex campaigns have a sophisticated understanding of evading security measures, the report said. As part of their evasion tactics, attackers rapidly change the emails’ content, user agents, attachments or referrers, and launch new campaigns – forcing traditional antivirus systems to detect them anew.
Cisco security researchers found the Angler Exploit Kit represents the types of common threats that will challenge organisations as the digital economy and the internet of things (IoT) create different attack vectors and revenue opportunities for cyber attackers.
Angler is one of the most sophisticated and widely used exploit kits because of its innovative use of Flash, Java, Internet Explorer and Silverlight vulnerabilities, the report said. It excels at evading detection by employing techniques such as domain shadowing, where stolen domain account credentials are used to create subdomains directed at malicious servers, giving the attacker a huge number of web addresses to cycle through and discard after use.
Reducing detection times
With the digitisation of business and the IoT, malware and threats become even more pervasive, the report said, with many organisations taking an average of 100 to 200 days to detect malicious activity.
In contrast, Cisco claims its Advanced Malware Protection (AMP) portfolio – with retrospective analysis of attacks that make it past existing defences – can reduce time to detection to 46 hours.
“Hackers, being unencumbered, have the upper hand in agility, innovation and brazenness. We see this time and again, whether it is nation-state actors, malware, exploit kits or ransomware,” said Jason Brvenik, principal engineer, Security Business Group, Cisco.
“A purely preventive approach has proven ineffective, and we are simply too far down the road to accept a time to detection measured in hundreds of days.
Read more about threat detection
- WattsUpDoc, an embedded system security tool used to detect malware in medical devices, is now in beta testing at two major US hospitals.
- Splunk's acquisition of Caspida is aimed at extending its security analytics leadership by adding behavioural analytics to improve detection of insider threats.
- A study shows a shift in IT security spending to detection and response – but why are most organisations falling way behind the more enlightened front runners?
- When conventional security falls short, breach detection systems and other tier-two technologies can bolster your network’s defences.
"The question of what do you do when you are compromised highlights the need for organisations to invest in integrated technologies that work in concert to reduce time to detection and remediation to a matter of hours; and then they should demand their suppliers help them to reduce this metric to minutes,” he said.
Cisco said the report’s findings underscore the need for businesses to deploy integrated security systems rather than point products, work with trustworthy suppliers and enlist security services providers for guidance and assessment.
Further, the report said geopolitical experts have declared that a global cyber governance framework is needed to sustain economic growth.
Cyber risk gathers pace
Cisco security researchers found ransomware remains highly lucrative for hackers, as the criminals continue to release new variants.
Ransomware operations have matured to the point that they are completely automated and carried out through the dark web, the report said. To conceal payment transactions from law enforcement, ransoms are paid in crypto currencies, such as bitcoin.
The innovation race between adversaries and security suppliers is accelerating, the report said, placing users and organisations at increasing risk. Suppliers must be vigilant in developing integrated security systems, the report said, that help organisations be proactive and align the right people, processes and technology.
“Organisations cannot just accept that compromise is inevitable, even if it feels like it today,” said John Stewart, senior vice-president, chief security and trust officer at Cisco.
“The technology industry must up the game and provide reliable and resilient products and services, and the security industry must provide vastly improved, yet meaningfully simplified, capabilities for detecting, preventing and recovering from attacks,” he said.
According to Stewart, Cisco is aiming to take the lead in this direction in response to the fact that business strategy and security strategy are the top two issues for many organisations.
“Trust is tightly linked to security, and transparency is key – so industry-leading technology is only half the battle. We're committed to providing both: Industry-defining security capabilities and trustworthy solutions across all product lines,” he said.