Cisco Blogs


Cisco Blog > Security

Cisco 2014 Annual Security Report: Cybercriminals Applying “Old” Techniques in New Ways

We know that as time goes on, the cybercrime network’s operations will only more closely resemble those of any legitimate, sophisticated business network. And like all enterprising businesspeople, those who are part of the “cybercriminal hierarchy”—which is discussed in the Cisco 2014 Annual Security Report and illustrated below—look to increase their profits by continually innovating new products and improving upon existing ones.

This was certainly the trend in 2013: Cisco researchers observed cybercriminals applying several tried-and-true techniques in new, bold, and highly strategic ways. The Cisco 2014 Annual Security Report examines some of these actions and our associated research in detail, including:

  • Brute-force login attempts: There was a threefold increase in the use of brute-force login attempts just in the first half of 2013. Cisco TRAC/SIO researchers discovered a hub of data with millions of username and password combinations that malicious actors were using to feed these actions. Many brute-force login attempts are being directed specifically at popular content-management system (CMS) platforms like WordPress, Joomla, and Drupal. (Read the Cisco 2014 Annual Security Report to find out why CMS platforms are favored targets—especially for adversaries trying to commandeer hosting servers in an effort to compromise the Internet’s infrastructure.)
  • Distributed denial of service (DDoS) attacks: Another oldie but goodie among cybercrime techniques, DDoS attacks have been increasing in both volume and severity since 2012. But today’s DDoS attacks aren’t just about creating disruption for businesses or making a political statement. There is evidence some attacks are now being used as smokescreens to conceal the theft of funds. The DarkSeoul attacks, examined in the Cisco 2014 Annual Security Report and a big focus for our researchers last year, are an example of this strategy. Looking ahead, we expect DDoS attacks launched through DNS amplification to be an ongoing concern. (It’s not a big leap when you consider The Open Resolver Project reports that 28 million open resolvers on the Internet pose a “significant threat.”)
  • Ransomware: In 2013, we saw many attackers moving away from traditional botnet-driven infections on PCs and increasing their use of ransomware. This includes a new type of malware in this category called Cryptolocker, which our researchers discovered last fall. Ransomware prevents normal operation of infected systems until a prescribed fee is paid. It provides a direct revenue stream for attackers—and it’s hard to track.

The Cisco 2014 Annual Security Report also notes that while the tactics used by today’s profit-oriented online criminals are only growing in sophistication, there’s a shortage of security talent to help organizations address these threats. The bottom line: Most organizations just don’t have the people or systems to monitor their networks consistently. There’s also a clear need for data scientists who can help the business understand why cybersecurity needs to be a top priority, and how security and business objectives can (and should) be aligned.

Tags: , , , , ,

Ready for the Next Phase Of The Smart Grid?

Connected GridOne of the greatest changes taking place today in the energy industry is the increased need for information from every aspect of the grid. Utilities need detailed data to meet regulatory requirements and to understand the grid’s condition on a granular level. They need to understand the grid’s condition from moment to moment – helping to cost-effectively balance load and assure reliability.

The opportunities are huge: for example, at CES Cisco CEO John Chambers announced an update to the Internet of Everything (IoE) Value Index estimating that in addition to the $14.4 trillion of value at stake globally over the next decade for private sector through IoE, there is an additional $4.6T in in value at stake for the public sector over the next decade.  The connected grid is a component of this, and it has a lot of potential.

To help realize the opportunities in a connected grid, Cisco has a Unified Field Area Network (FAN) Architecture and Distribution Automation solutions that can extend the utility communications network out to the field and substation device. They help to enable a new level of secure manageability and control on a single integrated architecture.  To learn more about these, register for and join:

Distribution Automation: The Next Phase of the Smart Grid Network

In this webinar you will learn how Cisco is helping Utilities design and deploy an end-to-end communication infrastructure that creates greater value.  Technology experts will be on hand to answer your questions on Cisco FAN Architecture, distribution automation, security and incident response, as well as the future of utilities and IoT!

Tags: , , , , , , ,

Cisco Partner Weekly Rewind – January 17, 2014

Partner-Weekly-Rewind-v2Each week, we’ll highlight the most important Cisco partner news and stories, as well as point you to important, Cisco-related partner content you may have missed along the way. Here’s what you might have missed this week:

Off the Top

While it may not have been one of our own Channels Blogs, John Monaghan posted a great blog today on what’s up next for BYOD.

The BYOD influx of personal devices into the Enterprise causes IT departments numerous challenges. John takes a look at the Cisco BYOD solution and mobile device management (MDM) and how the two must co-exist. It’s a good forecast at where the segment is going and definitely worth a look, especially with the new marketing plays for Cisco BYOD and Connect to the Cloud II. Read More »

Tags: , , , ,

Going to Cisco Live Milan? Two keynotes to check out!

heads-lloyd

Tuesday of CiscoLive Milan (#CLEUR for the Twitter among you) the keynotes will be wall to wall Rob with Rob Lloyd at 9:30 followed by Rob Soderbery at 11:15.  These should be pretty interesting and give you a good foundation to where Cisco is headed overall and specifically in our core networking.

Opening Keynote with Rob Lloyd,President of Development and Sales, Cisco

Tuesday, Jan 28, 9:30 – 10:45AM

Hear from Rob Lloyd on how Cisco and the ecosystem of Cisco’s partners are uniquely positioned to connect the unconnected with an open standard and an integrated architecture from the cloud to end devices. Rob will share his vision of the Internet of Everything and examine the industry trends and technologies that are making that vision a reality.

  Read More »

Tags: , , , , , ,

Running a Collaboration Program is More than just the Technology

“We already have program management,” is a typical statement I hear when speaking with a customer about collaboration program management.  The unfortunate truth is, most organizations do not have formal program management or know how to effectively manage a Collaboration specific Program.

Instead, when talking about program management you should ask “Why is a collaboration program different and what should I consider?”  Here are a few explanations:

There are many misconceptions about Collaboration Programs, but one of the biggest, and potentially most impactful, is that you only need to focus on the technology design and build.  I can tell you from my experience in running many programs; a successful collaboration program requires a lot more than a successful technology implementation.

I’m not going to bore you with the formal definition of a program and how it differs from a project, but I will tell you that a successful collaboration program typically includes several non-technology projects (component projects) that must be planned and managed in order for the collaboration technology to be deemed a success.  Examples include operational readiness, organizational change management, migration readiness, and more.  Many times, programs fail to identify and manage these component projects.  As a result, the collaboration program slows, business cases fail, ROI isn’t realized, adoption lags, issues arise, and satisfaction declines.

On the other hand, I have personally managed programs where these component projects were properly managed at many large enterprise, commercial, service provider, and government customers.  The positive impacts of following the Collaboration Program Management best practices were obvious and tangible.  The below metrics are some of the major documented impacts.

Steven harriett collab blog _ program management 1_17_14

The impact of “doing it right” Read More »

Tags: , , , , , ,