Site icon TechArena

Cisco 2017 Midyear Cybersecurity Report Predicts New “Destruction of Service” Attacks, Scale and Impact of Threats Grows

cisco cybersecurity report

cisco cybersecurity report

The Cisco 2017 Midyear Cybersecurity Report (MCR) uncovers the rapid evolution of threats and the increasing magnitude of attacks, leading researchers to forecast potential ‘destruction of service’ (DeOS) attacks which could eliminate organizations’ backups and safety nets, required to restore systems and data after an attack. With the advent of the Internet of Things, key industries are bringing more operations online, increasing their attack surface and the potential scale and impact of these attacks.

Recent attacks such as WannaCry and Nyetya show the rapid spread and wide impact of attacks that look like ransomware, but are actually much more destructive. These foreshadow what Cisco is calling Destruction of Service attacks, which can be severely more damaging than traditional attacks, leaving businesses with no way to recover. The Internet of Things continues to offer new opportunities for these attackers, and its security weaknesses, ripe for exploitation, will play a central role in enabling these campaigns with escalating impact. Recent IoT Botnet activity already suggests that some attackers may be laying the foundation for a wide-reaching, high-impact attack that could potentially disrupt the Internet itself.

The good news for businesses is that since November 2015, Cisco decreased its median time-to-detection (TTD) from just over 39 hours to about 3.5 hours for the period from November 2016 to May 2017. This decrease in TTD is essential to limiting the impact of an attack and speeding recovery efforts to limit business disruptions.

Threat Landscape- What’s Hot and What’s Not

Cisco security researchers watched the evolution of malware during the first half of 2017 and identified shifts in the way adversaries are tailoring their delivery, obfuscation and evasion techniques. Specifically,

Cisco saw these adversaries increasingly requiring the victim to take action to activate a threat, such as clicking on a link or opening a file; developing fileless malware that resides completely in memory and is harder to detect or investigate as it is wiped out when a device restarts, and relying on anonymized and decentralized infrastructure, such as a Tor proxy service, to obscure command and control activities.

While Cisco has seen a striking decline in exploit kits, other traditional attacks are seeing a resurgence:

Unique Industries Face Common Challenges

As criminals continue to increase the sophistication and intensity of their attacks, businesses across a variety of industries are challenged with keeping up with even some of the foundational cybersecurity requirements.  As Information Technology and Operational Technology converge in the Internet of Things, organizations are struggling with visibility and complexity. As part of its Security Capabilities Benchmark Study, Cisco surveyed close to 3000 security leaders across 13 countries and found that across industries, security teams are increasingly overwhelmed by the volume of attacks they are fighting, which leads many to become more reactive, in their protection efforts.

Important findings per industry include:

Cisco’s Advice For Organizations

To combat today’s increasingly sophisticated attackers, organiztions must take a proactive stance in their protection efforts.  Cisco Security advises:

For the 2017 MCR, a diverse set of security technology partners were invited to share data from which we could jointly draw threat landscape conclusions. Partners that contributed to the report include Anomali, Flashpoint, Lumeta, Qualys, Radware, Rapid7, RSA, SAINT Corporation, ThreatConnect and TrapX. Cisco’s security technology partner ecosystem is a key component of our vision to bring security that is simple, open and automated to customers.

Exit mobile version