Cisco’s Midyear Security Report Warns of Lower-Profile Threats

Cisco released its 2014 midyear cyber security report at Black Hat U.S. The report examines “weak links” in organizations that contribute to the threat landscape, such as outdated software, bad code, abandoned digital properties or user errors. These weak links enable exploits through methods such as DNS queries, exploit kits, amplification attacks and ransomware, among other examples.

The report examines threat intelligence and cybersecurity trends for the first half of 2014, looking at 16 large multinational organizations with more than $4 trillion in assets and revenues in excess of $300 billion. The big takeaway is that companies should not focus on high-profile vulnerabilities only, neglecting to tie loose ends throughout the IT stack.

Focusing in boldface vulnerabilities like the much-publicized Heartbleed allows malicious actors to escape detection in attacks against low-profile legacy applications and infrastructure with known weaknesses.

Java remains the programming language most exploited by malicious actors. Java exploits rose to 93 percent of all Indicators of Compromise (IOCs) as of May 2014, up from 91 percent in November 2013.

The report says there is an unusual uptick in malware within vertical markets. For the first half of 2014, media and publishing led the industry verticals, followed by pharmaceutical and chemical industry and aviation. The top most affected verticals by region were media and publishing in the Americas, food and beverage in EMEA and insurance in Asia-Pacific, China, Japan and India.

The report names three main security insights tying enterprises to malicious traffic:

  • Man In The Browser attacks: Nearly 94 percent of customer networks observed in 2014 have traffic going to websites hosting malware. Issuing DNS requests for hostnames where the IP address to which the hostname resolves is reported to be associated with the distribution of Palevo, SpyEye and Zeus malware families that incorporate man-in-the-browser (MiTB) functionality.
  •  Botnet hide and seek: Nearly 70 percent of networks-issued DNS queries for Dynamic DNS domans. This shows evidence of networks misused or compromised with botnets using DDNS to alter IP address to avoid detection and blacklisting. Few legitimate outbound connection attempts from enterprises would seek dynamic DNS domains outside of malicious intent.
  • Encrypting stolen data: Nearly 44 percent of observed customer networks in 2014 were identified as issuing DNS requests for sites and domains with devices that provide encrypted channel services, used by malicious actors to cover their tracks by exfiltrating data using encrypted channels to avoid detection like VPN, SSH, SFTP, FTP and FTPS.

On a positive note, the number of exploit kits has dropped by 87 percent since the alleged creator of the widely popular Blackhole exploit kit was arrested last year. No clear leader has yet to emerge among several observed exploit kits.

The full report is available through supplying contact information here.

Get Daily Email News from DCK!
Subscribe now and get our special report, "The World's Most Unique Data Centers."

Enter your email to receive messages about offerings by Penton, its brands, affiliates and/or third-party partners, consistent with Penton's Privacy Policy.

About the Author

Jason Verge is an Editor/Industry Analyst on the Data Center Knowledge team with a strong background in the data center and Web hosting industries. In the past he’s covered all things Internet Infrastructure, including cloud (IaaS, PaaS and SaaS), mass market hosting, managed hosting, enterprise IT spending trends and M&A. He writes about a range of topics at DCK, with an emphasis on cloud hosting.

Add Your Comments

  • (will not be published)