The Cisco 2014 Annual Security Report has been released, following months of collaboration between threat researchers and other cybersecurity experts at Cisco and Sourcefire. As promised, it provides a “warts-and-all analysis” of security news from 2013 and our perspective for the year ahead based on the hard data collected through Cisco security products and analyzed by our researchers.
Our report that the cyberthreat and risk landscape has only grown stronger and more complex over the past year is not a revelation, perhaps. But we also now assert that because the cybercrime network has become so mature, far-reaching, well-funded, and highly effective as a business operation that very little in the cyber world can—or should—be trusted without verification.
We also expect adversaries to continue designing campaigns that take advantage of users’ trust in systems, applications, and the people and businesses they know. It’s an effective strategy. How do we know? Because 100 percent of the networks analyzed by Cisco have traffic going to known malware threat sites, and there is no doubt that the vast majority of those compromises relied initially on some abuse of trust.
Read More »
Tags: 2014 annual security report, cisco annual security report, security
This blog is part two of a three-part blog series discussing how organizations can address mobile security concerns through an architectural approach to mobility.
In my first post of this three-part series, I discussed how next-gen Wi-Fi models will pave the way for secure mobility and the value of secure Wi-Fi. In this post I’d like to take the mobility conversation a bit further and outline potential risks and rewards that IT departments face when deciding to deploy mobility solutions in our Internet of Everything (IoE) landscape.
A big factor for IT to adopt a mobility strategy with new technology and solutions is weighing the practical risks versus the rewards they stand to gain. A recent ISACA survey of IT professionals offered insight into how employed consumers think and act in terms of security and mobility. The study and ISACA’s 2013 IT Risk/Reward Barometer reveal:
- Only 4% of those surveyed named the makers of their mobile phone apps as the entity they most trust with their personal data
- 90% don’t always read privacy policies before downloading apps to their devices
Most of us are familiar with the rewards of mobility, but the belief and behavior gap illustrated by the ISACA survey proves we need to better understand risks of mobility. Read More »
Tags: 2014 annual security report, architecture, Cisco, future of mobility, infrastructure, mobile device, mobile workspace, mobility, mobility security, security, wi-fi, wifi, wireless
Are you at #NRF14 this week? Join us in Booth 1954 and learn about our solutions to integrate next-gen technology into retail.
Superheroes and their super strengths have long captured our imaginations. Today, such daydreams – and abilities are getting just a bit closer to reality.
When your smartphone meets the Internet of Everything (IoE), it will make some common activities, such as shopping, a bit more super. Mobility has already assumed a central role in the retail experience, but how are increased contextual capabilities emerging across the entire customer journey?
This blog discusses how some retailers are connecting people to people and people to things, while tapping superpower abilities and making their brands and product experiences distinct.
With the superpowers of smartphones and IoE, retailers can insert themselves into crucial conversations with the customer by offering price matching, access to expanded inventories, suggestions, and shopping lists. All of these combine to keep shoppers engaged and moving along the journey – and beyond.
Read the full article: With IoE and a Smartphone, You Can Shop Like a Superhero
Tags: Cisco, CiscoMobility, connected mobile experiences, connected retail, future of mobility, Internet of Everything, IoE, mobility, network, retail, security, wi-fi, wifi, wireless
This week CES was once again held in Las Vegas with in excess of 100,000 people in attendance.
Cisco demonstrated a number of CMX and IoT related things this week.
Firstly “The Internet of Everything: On The Go”
In the Cisco booth some future thinking was applied with a concept that imagines the shopping experience with a simulated retail environment: “BigBox.” While shopping at BigBox, visitors can walk through a combination of experiences involving location-based data, video, predictive analytics, security cameras, and sensors – designed to help retailers enrich the shopping trip for their customers, and more efficiently manage their stores.
Somewhat scary for some and exciting for others, while all the time enabling retailer increase their bottom line and deliver improved and personalized shopping experience to the consumers.
The next demo “Starlight Resort” was a combination of CMX, and Small Cell capabilities in the hotel resort environment. Read More »
Tags: advertising, analytics, business, CEO, CES, CMO, cmx, connected mobile experiences, customer service, Executives, internet, IoT, lbs, location, location based services, location-based, mobile, operations, planning, retail, security, shopping, technology, thought leader, venue, wifi, wireless
In October 2013, Cisco TRAC discussed Network Time Protocol (NTP) as a possible vector for amplified distributed denial of service (DDoS) attacks. Litnet CERT has since revealed that their NTP servers were used in a denial of service (DoS) attack. Symantec also published information regarding an NTP amplification-based DDoS attack that occurred in December 2013. On December 7, 2013, a hackforums.net user posted an NTP amplification DDoS script to Pastebin. The NTP DDoS script is heavily obfuscated Perl, though the plain text at the top credits the “leaking” of the script to an individual who goes by the handle Starfall. Brian Krebs also mentioned someone going by the name Starfall as a paying user of booter.tw. They may be the same person.
Decoding the obfuscated Perl yields some interesting insights. For example, this code near the top of the script has nothing to do with the NTP DDoS functionality:
The code above downloads a program called spoof.pl from IP 220.127.116.11, then runs and erases that program while writing the text “j00 g0t 0wn3d s0n” into a hidden file. Unfortunately, we were unable to obtain a copy of the spoof.pl script, but the ominous “j00 g0t 0wn3d s0n” text indicates the purpose of the program was likely to compromise the machine of anyone who was running the obfuscated NTP DDoS script. Is there no honor among hackers?
Read More »
Tags: DDoS, distributed denial of service, dos, NTP, security