Arraya Insights | September 8, 2017
There’s a positive moment at the top of Cisco’s 2017 Midyear Cybersecurity Report, one which acknowledges the advances security pros have made regarding preventing and recovering from attacks. Unfortunately – and predictably – this new report isn’t all pats on the back. Instead, the conversation shifts to a number of trends observed by Cisco, each of which is working to undermine security pros’ best efforts. Before any lasting progress can be made, it seems security teams will have to find a way to account for each.
Let’s take a closer look at five of the top trends highlighted by Cisco’s researchers – and outline how cybersecurity pros can respond.
1. The rise of ‘more sinister’ motivations
Businesses have had to come to terms with the notion that cyber criminals may attempt to break in to their systems and hold data for ransom. After all, last year ransomware became a billion dollar industry for those operating on the wrong side of the law.
However, Cisco’s researchers see things taking a far darker turn with the rise of what they’re calling Destruction of Service (DeOS) attacks. While June’s Petya outbreak was initially categorized as a global ransomware scheme, it was soon discovered for what it really was: a highly sophisticated effort to lock up files and throw away the key. How exactly these assaults play out will depend on the attacker, but the basic idea is to severely and permanently disable an affected network. Besides the Petya example, another style of DeOS attack is one used in conjunction with an actual ransomware attack to disable an organization’s backups, forcing compliance with attacker demands.
However they unfold, Cisco sees this strategy as something organizations will need to keep a closer eye on. This includes leveraging a combination of solutions designed to stop threats at the door and supporting that initiative with backups either stored in the cloud or air-gapped to remain out of attacker’s clutches.
2. A low-tech approach more profitable than ransomware
As already mentioned, ransomware had a big year in 2016. Yet, it was a different attack vector which proved more profitable. Worse news: It’s easier for criminals to execute.
Business Email Compromise (BEC) has netted attackers an average of $1.7 billion per year from October 2013 to December 2016, surpassing even ransomware’s impressive yearly haul. This strategy targets financial teams, leveraging social engineering to initiate fraudulent wire transfers. Malicious actors only need a spoofed email address that appears to belong to a high-ranking company official, and a bank account to pull this con off. All they have to do is pose as a company official, demand a wire transfer, often on a tight timeline, and wait. It’s just that simple.
From a defense perspective, stopping BEC comes down to educating employees on spotting spoofed emails. For example, things like a .net account instead of the correct .com. Additionally, organizations can prevent successful BEC attacks by having a clear multistep approval process in place for all wire transfers. This will clear up the confusion attackers rely on. Finding the time for these training sessions is a must do.
3. Wolves disguised as everyday file extensions
As far as distributing malware, attackers have their preferred methods. In terms of file extensions, it’s not surprising to see a pair of business workhorses leading the way. By far, attackers’ method of choice was .zip files, which racked up just shy of 200,000 encounters. Coming in a distant second was .doc files, which numbered at over 72,000 instances. Additionally, .xls made the top five, featured in over 16,000 instances.
The lesson in this is end users need to expect risky files to be camouflaged. As such, before they open anything, users need to consider a few things. They should look for red flags such as unexpected or slightly altered email accounts. They should consider whether a request is coming totally out of left field. They should look to the message itself for misspellings or awkward phrasing. All of these context clues can keep users from clicking on a potentially dangerous attachment.
4. The dark side of the Internet of Things
Organizations are only just beginning to scratch the surface of what they can achieve through the Internet of Things (IoT) – however the fear is that so are cyber criminals. Last year saw the emergence of IoT botnets as a true Distributed Denial of Service (DDoS) attack vector. Not one but three major assaults had their origins in IoT botnets, targeting a security blogger, a hosting company, and a DNS service provider respectively. These attacks leveraged the full might of their “zombie army” of infected and commandeered IoT devices to push the attacks over the 1TBps threshold.
These attacks are particularly appealing to malicious actors for a number of reasons, including the fact that they:
- can be set up quickly – sometimes in under an hour
- grow exponentially – botnets of more than 100,000 infected devices can be spun up in 24 hours
- are hard to detect – the code only lingers on a device until it is restarted
Defending against IoT botnets is a tough proposition. One option available to organizations is to explore network segmentation as a way of way of managing the flood of traffic churned up during a DDoS attack in order to prevent a total outage.
5. Misconceptions surrounding PUAs
Potentially Unwanted Applications (PUAs) may appear to be nothing more than nuisance-ware, which explains why they’re so often overlooked, according to Cisco’s report. In reality, these applications may be spyware in disguise. Such applications are far from innocuous, giving attackers an eye inside the corporate network, swiping data, and leaving the door open for increased malware infections and other risks.
One of cyber crooks’ methods of deploying their hidden spyware comes in the form of browser extensions. Once downloaded by an unsuspecting user seeking to boost productivity, these extensions can serve as a launching point for cyber attacks. Organizations can protect themselves by adhering to security hygiene basics. Staying up-to-date on patching, requiring users to stick to secure, trusted browsers, and incorporating a defense in depth approach to security can go a long way toward keeping data safe.
Putting the Midyear Cybersecurity Report into action
Want to continue the conversation around the lessons contained in Cisco’s Midyear Cybersecurity Report? Arraya’s Cyber Security team is ready to share their expertise on how organizations can apply these lessons and more to improve their overall security posture. Our team can be reached by visiting: https://www.arrayasolutions.com/contact-us/.
You can also meet the members of our team at our upcoming security forum, Identifying, Monitoring, and Analyzing Security Threats. This event will take place on September 28th at The Hub in Conshohocken, PA and will feature multiple presentations from Arraya’s security experts, all geared toward providing attendees with practical ways to gain insight into the top threats faced by their organization – and how to respond. Attendance is free, however, registration is required and seats are limited. Reserve your spot today here.
Feel free to leave any questions or comments you have regarding this or any of our blogs on our social media pages: LinkedIn, Twitter, and Facebook. While you’re there, follow us to stay in the loop with our latest industry insights, unique learning opportunities, and company news.