Cisco Blogs


Cisco Blog > Security

April 2014 Threat Metrics

April kicked off with a 1:292 rate of malware encounters and closed with a rate of 1:315. Highest peak day was April 20 when the rate reached 1:177. Lowest was April 4 at 1:338. The median rate of web malware encounters in April 2014 was 1:292, representing a slight improvement over the median of 1:260 requests in March but still worse than the median of 1:341 requests in February.

Apr2014rate-300x184

Read More »

Tags: , , ,

Cupcakes and Cyber Espionage

Espionage2This blog will suggest a change of strategy in how we address the threat of cyber espionage. One which leverages traditional tactics of counter-intelligence and uses a new approach different than the Lockheed Martin Cyber Kill Chain approach to security, which seeks to disrupt the chain of attack as quickly as possible. Rather than simply cut off an attack, a method of intelligence gathering before stopping the event is proposed, without leaking sensitive information. Often these same approaches can discover yet unknown activities.

Read More »

Tags: , , , , , ,

Not If, but When: The case for Advanced Malware Protection Everywhere

A recent Bloor Research Market Update on Advanced Threat Protection reminds us of something that many security vendors have long been loath to acknowledge: traditional, point-in-time technologies, like anti-virus or sandboxes, are not entirely effective when defending against complex, sophisticated attacks.

This is due to something we have said before and we will say again: malware is “the weapon of choice” for malicious actors. We know blended threats introduce malware. Our 2014 Annual Security Report notes that every Fortune 500 company that was spoken to for the report had traffic going to websites that host malware. Bloor tells us all, once again, that attack methods are becoming more complex.

To put it plainly, when it comes to networks being breached, it is not a case of if, but when.

Read More »

Tags: , , , , , , , ,

Cisco Live 2014 San Francisco: Security Technology Track

Cisco Live, May 18-24, 2014, is quickly approaching and registration is open. This is the 25th anniversary of Cisco Live and we return to the Bay Area at San Francisco’s Moscone Center. Educational sessions are organized into technology tracks to make it easy to find the topics that most interest you. With network and data security being top of mind, I’d like to highlight the Security technology track’s exciting content lineup. Read More »

Tags: , , , , , , , , , , , , , , , , , ,

March 2014 Threat Metrics

The median rate of web malware encounters in March 2014 was 1:260, compared to a median rate of 1:341 requests in February. At least some of this increased risk appears to have been a result of interest in the NCAA tournaments (aka March Madness), which kicked off during the second week of March in the United States.

Mar2014rate

In February 2014, web malware encounters from sports and video sites were in the 18 and 28 spot, respectively. During March 2014, web malware from sports- and video-related sites jumped to the number 7 and 8 spots, respectively. The presumed longer time spent viewing sports-related content may have been a factor in a 1% decrease in the total volume of web requests in March coupled with a corresponding 18% increase in terabytes received.

Mar2014catall

The ratio of unique non-malicious hosts to unique malware hosts decreased by 1%, at 1:4841 in March 2014 compared to 1:4775 in February. The ratio of unique non-malicious IP addresses to malicious unique IP addresses also dropped from 1:1351 in February 2014 to 1:1388 in March. There was also far less volatility in the rate of unique malicious IP addresses throughout March compared to February.

Mar2014hosts

Java encounters dropped from 9% of all web malware encounters in February 2014 to 6% in March. At 43% of all Java encounters, Java version 7 exploits were the most frequently encountered, with 26% targeting Java version 6, and 32% targeting other versions of Java.

 

Mar2014java

Web malware encounters from mobile devices decreased 24% from February to March 2014. In March 3.6% of all Web malware encounters resulted from mobile device browsing, compared to 4.7% in February. Conversely, web malware encounters from non-Android and non-iOS devices doubled for the period, from 0.1% in February to 0.2% in March. The cause of this increase was not due to any specific device, but rather an across-the-board increase affecting all non-Android and non-iOS devices.

Mar2014mobile

At 18%, advertising was the most common vector of mobile device encounters, followed by business-related sites at 13% and video-related sites at 11% of mobile device encounters. For comparison purposes, in February 2014, sites in the business category were the most common vector of mobile device encounters (20%), followed by advertising (13%) and personal sites (8%). Video came in fourth in February, at 7%.

Mar2014catmob

Pharmaceutical & Chemical remained at 1100% of median risk for web malware encounters in March 2014, the same rate experienced in February. Companies in the Entertainment vertical experienced an increase from 321% in February to 643% in March. The Energy, Oil & Gas vertical increased from a rate of 276% in February to 397% in March.

To assess vertical risk, we first calculate the median encounter rate for all enterprises, and then calculate the median encounter rate for all enterprises in a particular vertical, then compare the two. A rate higher than 100% is considered an increased risk.

 

Mar2014vert

Following a 73% increase from January to February, spam volumes increased another 45% in March to an average of 207 billion spam messages per day.

Mar2014spamvol

The top five global spam senders in February 2014 were the United States at 8%, followed by the Republic of Korea at 5%, Russian Federation at 3%, China at 2%, and Ukraine at 1%.

Tags: , , , , ,