The Cisco 4Q11 Global Threat Report has been released. The report covers the period from 1 October 2011 through 31 December 2011 and features data from across Cisco Security Intelligence Operations. This quarter’s contributors were Cisco Intrusion Prevention System (IPS), Cisco IronPort, Cisco Security Research and Operations (SR&O), and Cisco ScanSafe.
Data breaches dominated security news during the first half of 2011 and companies across all industry sectors were equally impacted. Many of these breaches resulted from advanced persistent threats; others resulted from SQL injection and other brute force intrusions. In all cases, customer data and corporate intellectual property were at risk.
In the Cisco 2Q11 Global Threat Report, Cisco CSIRT Manager Gavin Reid discusses the unique challenges of APTs and network intrusions. Gavin offers real world practical advice from a frontline perspective, offering valuable pointers for tweaking and using the tools you probably already have in place.
The Cisco 1Q11 Global Threat Report has been released. The report covers the period from 1 January 2011 through 31 March 2011 and features data from Cisco Security Intelligence Operations. This quarter’s contributors includes Cisco Intrusion Prevention System (IPS), IronPort, Remote Management Services (RMS), Security Research and Operations (SR&O), and ScanSafe.
Unique Web malware increased 46% from January to March 2011. 16% of encounters were via online searches and webmail. Likejacking, where users are tricked/forced into registering a click with the Facebook “Like” button, increased from 0.54% to 6% throughout the quarter.
The Cisco 4Q10 Global Threat Report is now available for download. The report showcases data from the 4th calendar quarter (October 1, 2010 -- December 31, 2010). The report also provides a snapshot of Rustock activity for the second half of 2010, as well as the year over year Web malware encounter rates from 2007 -- 2010. Contributing teams included Cisco IPS, Remote Management Services for Security (RMS), IronPort, and ScanSafe.
Since we were writing the report in January 2011 (the 7th anniversary of the MyDoom email worm), it seemed appropriate to include some stats on old worm activity. It really underscores the cumulative problem of malware -- not only does IT need to combat the millions of new threats, but also contend with many of the old ones as well.
Highlights from the report include:
- Web malware grew by 139 percent in 2010 compared to 2009
- Search engine-related traffic resulted in approximately 8 percent of web malware encountered in 4Q10
- Rustock botnet activity peaked during the first two weeks of December
- Users flocked to BitTorrent in the wake of the WikiLeaks.org shutdown, presumably as an alternate source of leaked U.S. State Department cables
- Global spam levels decreased dramatically in the fourth quarter, following a trend that started in August 2010