Advanced Attacks Reach Unprecedented Levels, But Good Luck Fighting Them

In 2012 and 2013, there was remarkable growth in malware encounters for the agriculture and mining industry – formerly a relatively low-risk sector
In 2012 and 2013, there was remarkable growth in malware encounters for the agriculture and mining industry – formerly a relatively low-risk sector

In short, not good news all around.

According to the Cisco 2014 Annual Security Report, overall vulnerabilities and threats reached the highest level since initial tracking began in May 2000. As of Oct. 2013, cumulative annual alert totals increased 14% year-over-year from 2012.

Attacker methods include socially engineered theft of passwords and credentials, hide-in-plain-sight infiltrations, and exploitation of the trust required for economic transactions, government services and social interactions.

Interestingly, specific business sectors, such as the pharmaceutical and chemical industry and the electronics manufacturing industry, have historically had high malware encounter rates. But in 2012 and 2013, there was remarkable growth in malware encounters for the agriculture and mining industry – formerly a relatively low-risk sector. Malware encounters also continued to rise in the energy, oil and gas sectors.

Multipurpose trojans counted as the most frequently encountered web-delivered malware, at 27% of total encounters in 2013. Malicious scripts, such as exploits and iframes, formed the second most frequently encountered category at 23%. Data theft trojans such as password stealers and backdoors made up 22% of total web malware encounters. The steady decline in unique malware hosts and IP addresses – down 30% between Jan. 2013 and Sept. 2013 – suggests that malware is being concentrated in fewer hosts and fewer IP addresses.

The report indicates that 100% of a sample of 30 of the world’s largest multinational company networks generated visitor traffic to websites that host malware. And 96% of networks reviewed communicated traffic to hijacked servers. Similarly, 92% transmitted traffic to web pages without content, which typically host malicious activity.

Distributed denial-of-service (DDoS) attacks – which disrupt traffic to and from targeted websites and can paralyze ISPs – have increased in both volume and severity in the last year, the report found. Some DDoS attacks seek to conceal other nefarious activity, such as wire fraud before, during or after a noisy and distracting DDoS campaign.

Java continues to be the most frequently exploited programming language targeted by online criminals; and 99% of all mobile malware targeted Android devices. At 43.8%, Andr/Qdplugin-A was the most frequently encountered mobile malware, typically via repackaged copies of legitimate apps distributed via non-official marketplaces.

According to John Stewart, senior vice president and chief security officer for the Threat Response Intelligence and Development group at Cisco, because the cybercrime network has become so mature, far-reaching, well-funded, and highly effective as a business operation that very little in the cyber world can – or should – be trusted without verification.

“We also expect adversaries to continue designing campaigns that take advantage of users’ trust in systems, applications, and the people and businesses they know. It’s an effective strategy,” he said in a blog. “How do we know? Because 100% of the networks analyzed by Cisco have traffic going to known malware threat sites, and there is no doubt that the vast majority of those compromises relied initially on some abuse of trust.”

Three key challenges organizations will face organizations in the year ahead, he said.

“New ways of doing business, such as cloud computing and mobility, are rapidly expanding the attack surface,” he noted. “Cybercriminals have myriad inroads to the network. Quite often, they also have a very easy path from there to the ultimate destination: the data center, where high-value information resides.”

Further, companies have become the focus of targeted attacks that are hard to detect remain in networks for long periods, and amass network resources to launch attacks elsewhere.

“Even basic Internet infrastructure services—including web hosting servers, nameservers, and data centers—have become key targets for hackers who want to launch increasingly larger campaigns,” Stewart noted.

And finally, the complexity of threats and solutions is staggering. “Monitoring and managing information security has never been more difficult for security teams,” Stewart concluded. “Point-in-time solutions long-relied upon by organizations for cybersecurity are simply inadequate in today’s complex threat environment where many attacks are not only stealthy, but also relentless.”

Against this backdrop, the bad news is that there will be a shortage of more than a million security professionals across the globe in 2014, the report postulated. The sophistication of the technology and tactics used by online criminals, and their nonstop attempts to breach networks and steal data, have outpaced the ability of IT and security professionals to address these threats, simply because most organizations do not have the people or the systems to continuously monitor extended networks and detect infiltrations, and then apply protections, in a timely and effective manner.

We shouldn’t be all gloom and doom, Stewart added. “Although the Cisco Annual Security Report paints a grim picture of the current state of cybersecurity, there is hope for restoring trust in people, institutions and technologies – and that starts with empowering defenders with real-world knowledge about expanding attack surfaces,” he said. “To truly protect against all of these possible attacks, defenders must understand the attackers, their motivations and their methods – before, during and after an attack.”

What’s Hot on Infosecurity Magazine?