Cisco Releases 2016 Midyear Cybersecurity Report
Cisco just released its 2016 Midyear Cybersecurity Report (MCR) that, above all else, shows that businesses are not prepared for the current state and possible future of ransomware attacks.
Cisco claims that ransomware has become the most profitable malware type the computing industry has ever known. It has grown to prominence through attacks that use Adobe Flash, JBoss servers, and Windows binaries as primary vectors, all of which rely on two primary topics of concern: developers’ detection rates of new threats and end user product updates.
First, developers of computing products, which may include mobile and desktop devices as well as corporate server hardware and software, must remain vigilant with their product updates. In large part, companies try to update their software at regular intervals, but they are at the mercy of what Cisco defines as “future strains of more sophisticated ransomware.” If developers do not know new ransomware exists and how it functions then they will be powerless to stop it.
Many developers partner with other organizations such as Cisco to help get a view of what new ransomware has been created and how it functions. Cisco says it has lowered its detection time to a minimum of 13 hours, but that does not necessarily help the industry average that reportedly takes 200 days to find new threats.
Perhaps the most pervasive manner in which attackers have evaded detection is through their innovation. Attackers know that, once one style of malware has been found, software developers everywhere will seek to address that concern. Therefore, they innovate to keep their new threats alive as long as possible.
The 2016 MCR shows that attackers have begun to move from exploits of client-side applications to server-side applications. Instead of going after individual end users, they can allow multiple end users to come to them. By using Flash, for instance, the Nuclear Exploit Kit uses a central point of access such as a video or animation on a webpage, to check a user’s operating system and browser for unpatched vulnerabilities. It then downloads malicious content onto vulnerable users’ devices. This switch to server-side attacks, Cisco says, has also shown a prominent use of JBoss servers of which 10 percent worldwide were recently shown to be infected.
The report also notes that attackers have begun using Windows binaries over the last six months in greater numbers. Binaries that look benign can infect entire networks of computers. They may also make it difficult for users to find the source of infection and difficult to find a remedy. Beyond that, criminals are also covering their tracks with encryption from Transport Layer Security and anomyzing networks such as Tor. This allows attackers to cover their tracks while planting malware in various locations.
Developers must update their software when they know these vulnerabilities exist. However, developers do not carry the entire burden of responsibility. End users must also be vigilant about updating their software, especially their web browsers, to the latest versions.
Cisco reports in the MCR that the auto-updating Google Chrome browser has nearly 80 percent of users in the current or next-to-latest version. On the other hand, Microsoft Office 2013 shows only 10 percent of its user base at the latest service pack. Software of all other types likely runs the gamut of update levels, so at some level, users are putting themselves at risk. Cisco said it recommends that businesses keep pace with updates of all their systems, especially network defenses and end user devices desktop and mobile.
Edited by Peter Bernstein