Cisco Blogs


Cisco Blog > Security

Cisco 2014 Midyear Security Report: Exploit Kit Creators Vying for ‘Market Leader’ Role

Even in the world of cybercrime, when a top “vendor” drops out of the market, competitors will scurry to fill the void with their own products. As reported in the Cisco 2014 Midyear Security Report, when Paunch—the alleged creator and distributor of the Blackhole exploit kit—was arrested in Russia in late 2013, other malware creators wanted to fill the gap.

“Blackhole” and its more expensive brother “Cool” were the most widely used and well-maintained exploit kits. After Paunch’s takedown, we observed that many other exploit kits, including Fiesta and Neutrino, became more active in the market. However, a clear leader has yet to emerge.

While there’s more competition in the exploit kit market, it’s not translating to a greater number of deployed kits, as Cisco research shows. In fact, the total number of active exploit kits has dropped dramatically—by 87 percent—since Paunch’s arrest.

Read More »

Tags: , , ,

Cisco 2014 Midyear Security Report: Threats – Inside and Out

Through our ongoing “Inside Out” project at Cisco, our threat researchers have the opportunity to closely examine select networks—with our customers’ permission—to identify evidence of malicious traffic. We use Domain Name System (DNS) lookups emanating from enterprise networks to create a snapshot of possible data compromises and vulnerabilities. This research yielded a significant finding that we presented in the Cisco 2014 Annual Security Report—malicious traffic was visible on 100 percent of the corporate networks we sampled, based on analysis of DNS lookups originating from inside those networks.

For the just-released Cisco 2014 Midyear Security Report, our researchers focused on the networks of 16 Cisco customers that are large multinational organizations. Their observations during the first half of 2014 yielded three compelling security insights tying these enterprises to malicious traffic:

Read More »

Tags: ,

Cisco 2014 Midyear Security Report: Exposing Weak Links to Strengthen the Security Chain

The Cisco 2014 Midyear Security Report has been released, diving into threat intelligence and cybersecurity trends for the first half of 2014.

You may be thinking, “What could have possibly changed since January?” True to form, the attacker community continues to evolve, innovate, and think up new ways to discover and exploit weak links in the security chain. Also true to form, they sometimes simply use tried and true methods to exploit some of the same old vulnerabilities that continue to present themselves. The 2014 Midyear Security Report hits on all aspects and once again illustrates that in the age of the Internet of Things, as the attack surface grows, so too grow the number of attacks, the types of attacks, and the impacts of these attacks. Read More »

Tags: , ,

Summary: Mitigating Business Risks

Organizations are rapidly moving critical data into the cloud, yet they still have serious concerns about security and other business risks. Read Bob Dimicco’s blog to learn several important steps companies can take to mitigate the risks of cloud services, such as uncovering shadow IT, assessing data security, and instituting cloud-specific employee policies.

Tags: , , ,

Far East Targeted by Drive by Download Attack

This blog was co-authored by Kevin Brooks, Alex Chiu, Joel Esler, Martin LeeEmmanuel Tacheau, Andrew Tsonchev, and Craig Williams.  

On the 21st of July, 2014, Cisco TRAC became aware that the website dwnews.com was serving malicious Adobe Flash content. This site is a Chinese language news website covering events in East Asia from a US base. The site is extremely popular, rated by Alexa’s global traffic ranking as the 1759th most visited website worldwide, and the 28th most visited in South Korea. In addition the news site also receives a substantial number of visitors from Japan, the United States and China.

This malware campaign does not appear to be tightly targeted. Twenty-seven companies across eight verticals have been affected:

Banking & Finance
Energy, Oil, and Gas
Engineering & Construction
Insurance
Legal
Manufacturing
Pharmaceutical & Chemical
Retail & Wholesale

This is indicative of the campaign acting as a drive-by attack targeting anyone attempting to view one of the affected sites.

Attack Progression

Read More »

Tags: , , , ,