Cisco released its 2017 Mid Year Cybersecurity Report today, outlining security trends over the past six to twelve months, and providing valuable research into the antics of cyber criminal elements.As in previous Cisco annual or midyear security reports, threats and attack vectors continue to evolve, with bad actors adding new and ever-more sophisticated spins to their exploits.
The report identifies a new trend of what Cisco has coined 'DeOS' (destruction of service), where attackers destroy data under the auspices of thinly-veiled ransomware demands. This is accomplished in such a way that the attacks prevent defenders from ever restoring systems and data.
Perpetrators continue to employ new methods to evade detection by rapidly pivoting campaigns and changing attack vectors, the report states. This is accomplished using both new tools and exploit kits, while combining attack vectors with old favorites like business email compromise (BEC) and social engineering to by-pass sandbox defenses.
As expected, exploitation of IoT devices continues to grow as attackers defeat grossly inadequate security of these appliances. Compromised devices are then used in Botnet networks for IoT-driven DDoS attacks or “1-TBps DDoS” as Cisco describes them. If big enough these attacks can significantly disrupt almost the entire Internet. Furthermore, these large Botnets are increasingly being used to provide highly lucrative “DDOS-as-a-service” engagements by the hacker community.
Malware continues to develop in its sophistication and is evolving in ways that can help attackers with delivery, obfuscation, and evasion. Cisco also notes the growth of “ransomware-as-a-service” (RaaS) platforms that allow adversaries to quickly enter the lucrative ransomware market.
Overall, MttD (mean time to detection) is improving across Cisco security tools and services, down now to an average of 3.5 hours. Cisco security appliances and services are identifying known threats quickly such that attackers are under more pressure than ever to find new tactics to avoid detection.
The report also includes a new section. Cisco’s Security Capabilities Benchmark Study. This provides useful advice to customers in pinpointing how key verticals can reduce complexity in their IT environments and embrace automation.
The report concludes by highlighting the need for defenders to fully understand the risks in their environment, and to devote well-trained and practiced resources to swiftly respond to threats, in order to minimize the potential damage of an attack. Furthermore, it recommends that the community of defenders should share research and ideas across the industry so we’re not in the dark about successful security approaches.
Read or download the full report here.
