Cisco 3Q10 Global Threat Report

November 16, 2010 - 1 Comment

We’ve just posted the second installment of our Cisco Global Threat Report. The Cisco 3Q10 Global Threat Report covers the third quarter (July 1 – September 30, 2010).  Where most threat reports focus on a specific vector (i.e. email, Web, desktop detections, etc.), our goal is to provide threat data across a wider segment to more holistically capture high profile events impacting the enterprise.

It’s a fascinating exercise, as it involves working with multiple teams across Cisco, combing through lots of data, and then painting a cohesive picture of what’s happening where.

For example, this combined reporting enabled us to look at Stuxnet from a few different angles: the vertical and geographical impact as well as the frequency of specific exploits used by the Stuxnet worm.

We also added the Cisco Remote Management Services (RMS) team to the report this quarter.   RMS helps enterprises mitigate their risk exposure by remotely monitoring, alerting, and remediating threats as they are discovered. Other contributors to the report include Cisco IPS, Cisco IronPort (email), and ScanSafe (Web).

Several contributors to the report deserve a big shout out: Tom Schoellhammer and Shiva Persaud from the IPS team, Chad Skipper and John Klein from RMS, Henry Stern and Nilesh Bhandari from IronPort, and Gregg Conklin from ScanSafe.

In addition to Stuxnet, other highlights from the report include Rustock botnet activity, changes in SQL injection, and both the email and Web impact of the “Here You Have” email worm.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. One of the most telling portions of the report highlighted the “Here You Have” email worm which takes us back to basic Internet security efforts. It is generally the “user” within our networks that is truly our last line of defense. We haven’t seen a virus such as this in a long time and with that in mind, we need to refresh the memories of our users that the bad guys want to take us “somewhere else” by clicking on unknown hyperlinks or documents in PDF or other formats. Security awareness still is a huge factor in safeguarding our assets.