We’ve just posted the second installment of our Cisco Global Threat Report. The Cisco 3Q10 Global Threat Report covers the third quarter (July 1 -- September 30, 2010). Where most threat reports focus on a specific vector (i.e. email, Web, desktop detections, etc.), our goal is to provide threat data across a wider segment to more holistically capture high profile events impacting the enterprise.
It’s a fascinating exercise, as it involves working with multiple teams across Cisco, combing through lots of data, and then painting a cohesive picture of what’s happening where.
For example, this combined reporting enabled us to look at Stuxnet from a few different angles: the vertical and geographical impact as well as the frequency of specific exploits used by the Stuxnet worm.
We also added the Cisco Remote Management Services (RMS) team to the report this quarter. RMS helps enterprises mitigate their risk exposure by remotely monitoring, alerting, and remediating threats as they are discovered. Other contributors to the report include Cisco IPS, Cisco IronPort (email), and ScanSafe (Web).
Several contributors to the report deserve a big shout out: Tom Schoellhammer and Shiva Persaud from the IPS team, Chad Skipper and John Klein from RMS, Henry Stern and Nilesh Bhandari from IronPort, and Gregg Conklin from ScanSafe.
In addition to Stuxnet, other highlights from the report include Rustock botnet activity, changes in SQL injection, and both the email and Web impact of the “Here You Have” email worm.