Cisco Blogs

Cisco Blog > Security

Cisco 2014 Annual Security Report: Cybercriminals Applying “Old” Techniques in New Ways

We know that as time goes on, the cybercrime network’s operations will only more closely resemble those of any legitimate, sophisticated business network. And like all enterprising businesspeople, those who are part of the “cybercriminal hierarchy”—which is discussed in the Cisco 2014 Annual Security Report and illustrated below—look to increase their profits by continually innovating new products and improving upon existing ones.

This was certainly the trend in 2013: Cisco researchers observed cybercriminals applying several tried-and-true techniques in new, bold, and highly strategic ways. The Cisco 2014 Annual Security Report examines some of these actions and our associated research in detail, including:

  • Brute-force login attempts: There was a threefold increase in the use of brute-force login attempts just in the first half of 2013. Cisco TRAC/SIO researchers discovered a hub of data with millions of username and password combinations that malicious actors were using to feed these actions. Many brute-force login attempts are being directed specifically at popular content-management system (CMS) platforms like WordPress, Joomla, and Drupal. (Read the Cisco 2014 Annual Security Report to find out why CMS platforms are favored targets—especially for adversaries trying to commandeer hosting servers in an effort to compromise the Internet’s infrastructure.)
  • Distributed denial of service (DDoS) attacks: Another oldie but goodie among cybercrime techniques, DDoS attacks have been increasing in both volume and severity since 2012. But today’s DDoS attacks aren’t just about creating disruption for businesses or making a political statement. There is evidence some attacks are now being used as smokescreens to conceal the theft of funds. The DarkSeoul attacks, examined in the Cisco 2014 Annual Security Report and a big focus for our researchers last year, are an example of this strategy. Looking ahead, we expect DDoS attacks launched through DNS amplification to be an ongoing concern. (It’s not a big leap when you consider The Open Resolver Project reports that 28 million open resolvers on the Internet pose a “significant threat.”)
  • Ransomware: In 2013, we saw many attackers moving away from traditional botnet-driven infections on PCs and increasing their use of ransomware. This includes a new type of malware in this category called Cryptolocker, which our researchers discovered last fall. Ransomware prevents normal operation of infected systems until a prescribed fee is paid. It provides a direct revenue stream for attackers—and it’s hard to track.

The Cisco 2014 Annual Security Report also notes that while the tactics used by today’s profit-oriented online criminals are only growing in sophistication, there’s a shortage of security talent to help organizations address these threats. The bottom line: Most organizations just don’t have the people or systems to monitor their networks consistently. There’s also a clear need for data scientists who can help the business understand why cybersecurity needs to be a top priority, and how security and business objectives can (and should) be aligned.

Tags: , , , , ,

Cisco Chief Security Officer on President Obama’s Data Collection Speech

“President Obama’s announcement represents one of many important steps required to address global concerns about privacy and data collection. Our customers require that privacy, security, and transparency be at the foundation of the equipment, services, and capabilities they purchase from technology companies. We remain committed to working with our customers, technology providers, and governments to deliver on the promise of a global, secure Internet.”

(Editor’s note: you can view President Obama’s speech here.)

Tags: , , ,

What Next for BYOD?

One of the interesting and challenging aspects of working in the Mobility space is the sheer pace at which the industry is moving.  I’m fortunate to work with many Customers in EMEA to help support and shape their strategy towards Mobile technology.  A great example of this has been the reaction to BYOD.

The influx of personal devices into the Enterprise caused by the BYOD trend poses numerous challenges to IT Departments.  Understandably, initial reaction was to focus on network and device level Security.

Cisco responded by introducing a BYOD Solution to remove some of the burden from IT Departments and provide them with a central point for managing many aspects of the BYOD lifecycle: onboarding, device profiling, authentication, authorization, offboarding and self-service management.

Almost at the same time, a new industry segment was created: Mobile Device Management. The intent of MDM systems is Read More »

Tags: , , , , , , , , , , , , , , , ,

Securing the Future Enterprise

This blog post is part three of a three-part series discussing how organizations can address mobile security concerns through an architectural approach to mobility. The first post discusses how next-gen Wi-Fi models will pave the way for secure mobility. The second post highlights the risks versus the rewards of mobility.

Providing corporate network access via mobile devices is nothing new to today’s IT administrators. However, the future of BYOD and mobility will change as rising generations expect and demand more seamless and secure connectivity. Recently Tab Times editor Doug Drinkwater shared a similar idea: BYOD is still in an early phase with plenty of new challenges and opportunities ahead.

In this last installment of this security and mobility series, I’ll discuss why BYOD policies will change and outline how C-level executives can leverage employees as solution drivers in order to solidify the future of mobility within their organization. Read More »

Tags: , , , , , , , , , , , , , ,

Cisco 2014 Annual Security Report: Trust Exploitation a Permanent Fixture in the Cyber World (Trustworthy Systems Can Be, Too)

The Cisco 2014 Annual Security Report has been released, following months of collaboration between threat researchers and other cybersecurity experts at Cisco and Sourcefire. As promised, it provides a “warts-and-all analysis” of security news from 2013 and our perspective for the year ahead based on the hard data collected through Cisco security products and analyzed by our researchers.

Our report that the cyberthreat and risk landscape has only grown stronger and more complex over the past year is not a revelation, perhaps. But we also now assert that because the cybercrime network has become so mature, far-reaching, well-funded, and highly effective as a business operation that very little in the cyber world can—or should—be trusted without verification.

We also expect adversaries to continue designing campaigns that take advantage of users’ trust in systems, applications, and the people and businesses they know. It’s an effective strategy. How do we know? Because 100 percent of the networks analyzed by Cisco have traffic going to known malware threat sites, and there is no doubt that the vast majority of those compromises relied initially on some abuse of trust.

Read More »

Tags: , ,