Explosive growth of advanced attacks and malicious traffic
The Cisco 2014 Annual Security Report, released today, reveals that threats designed to take advantage of users’ trust in systems, applications and personal networks have reached startling levels.
According to the report, a worldwide shortage of nearly a million skilled security professionals is impacting organizations’ abilities to monitor and secure networks, while overall vulnerabilities and threats reached their highest levels since 2000.
The report’s findings offer a vivid picture of rapidly evolving security challenges facing businesses, IT departments and individuals. Attacker methods include socially engineered theft of passwords and credentials, hide-in-plain-sight infiltrations, and exploitation of the trust required for economic transactions, government services and social interactions.
The report indicates a shortage of more than a million security professionals across the globe in 2014. The sophistication of the technology and tactics used by online criminals—and their nonstop attempts to breach networks and steal data—have outpaced the ability of IT and security professionals to address these threats.
Most organizations do not have the people or the systems to continuously monitor extended networks and detect infiltrations, and then apply protections, in a timely and effective manner.
One-hundred percent of a sample of 30 of the world’s largest multinational company networks generated visitor traffic to Web sites that host malware. Ninety-six percent of networks reviewed communicated traffic to hijacked servers. Similarly, 92 percent transmitted traffic to Web pages without content, which typically host malicious activity.
DDoS attacks, which disrupt traffic to and from targeted websites and can paralyze ISPs, have increased in both volume and severity. Some DDoS attacks seek to conceal other nefarious activity, such as wire fraud before, during or after a noisy and distracting DDoS campaign.
Multipurpose Trojans counted as the most frequently encountered web-delivered malware, at 27 percent of total encounters in 2013. Malicious scripts, such as exploits and iframes, formed the second most frequently encountered category at 23 percent.
Data theft Trojans such as password stealers and backdoors made up 22 percent of total web malware encounters. The steady decline in unique malware hosts and IP addresses—down 30 percent between Jan. 2013 and Sept. 2013—suggests that malware is being concentrated in fewer hosts and fewer IP addresses.
Java continues to be the most frequently exploited programming language targeted by online criminals. Data from Sourcefire, now a part of Cisco, shows that Java exploits make up the vast majority (91 percent) of Indicators of Compromise (IOCs).
Ninety-nine percent of all mobile malware targeted Android devices. At 43.8 percent, Andr/Qdplugin-A was the most frequently encountered mobile malware, typically via repackaged copies of legitimate apps distributed via non-official marketplaces.
Specific business sectors, such as the pharmaceutical and chemical industry and the electronics manufacturing industry, have historically had high malware encounter rates. In 2012 and 2013, there was remarkable growth in malware encounters for the agriculture and mining industry—formerly a relatively low-risk sector. Malware encounters also continued to rise in the energy, oil and gas sectors.
John N. Stewart, senior vice president, CSO, Threat Response Intelligence and Development, Cisco, said: “Although the Cisco Annual Security Report paints a grim picture of the current state of cyber security, there is hope for restoring trust in people, institutions and technologies – and that starts with empowering defenders with real-world knowledge about expanding attack surfaces. To truly protect against all of these possible attacks, defenders must understand the attackers, their motivations and their methods – before, during and after an attack.”
The complete report is available here (registration required).