Arraya Insights | August 14, 2015
The first half of the year saw security pros and cybercrooks locked in a veritable arms race according to Cisco’s 2015 Midyear Security Report. The brand new report explored the latest threats, gave updates on some old favorites of attackers and looked at the ways in which they’re adapting their methods and tools to evade detection. In addition, the report also featured analysis and observations on the security industry and its response to the evolution of its enemy.
Here are five takeaways gleaned from Cisco’s report. This info can be an essential cog in the effort to safeguard organizations’ users and infrastructures against those who are looking to do them harm.
Users fall behind on Flash patches, attackers take advantage.
From January to May of this year, there were a total of 62 vulnerabilities for Adobe Flash Player that resulted in code execution on users’ devices. This is up from the 41 which were logged during the same period in 2014. It was also the highest figure recorded over the last several years. Researchers believe this spike is being driven by two elements:
- Flash vulnerabilities are becoming more frequent components in widely-used exploit kits.
- Even though Adobe frequently pumps out updates for its tools, users are rarely quick to respond to these, creating a “patching gap.”
How to stay safe: Obviously keeping up with Flash patches is ideal. Also, examining past events to look for correlations in the present day through retrospective analysis can also help identify these types of threats.
Angler is a ruthlessly effective exploit kit.
Early in 2015, Cisco identified Angler as a top threat in the exploit kit arena and so far it has lived up to that billing. More so than any other exploit kit currently operating in the wilds of the Internet, Angler is wildly adept at getting the job done. So far, 40% of visitors who land on an Angler-controlled landing page fall victim to the kit. That’s twice the success rate of other exploit kits. Part of the reason for Angler’s efficiency is the “innovative” way it takes advantage of a wide assortment of vulnerabilities, including Flash, Java and Internet Explorer.
How to stay safe: Flash isn’t the only tool that can be turned into a gateway for cybercrooks without proper patching. IT must ensure all of these possible entry points are sealed up tight by way of the latest patches and updates.
Attackers are adding classic lit to their arsenals.
Exploit kit landing pages used to be home to collections of random text which made them more obvious to security tools and end users alike. In order to get everyone to lower their guards, many attackers have begun replacing filler text with excerpts from classic novels – like Jane Austen’s Sense & Sensibility. In other cases, more modern text, nabbed from blogs or magazines, was used to dupe visitors.
How to stay safe: As attackers get better at concealing their nefarious activities from security tools, the onus often falls on users to practice smart browsing habits. Just because a site doesn’t raise any immediate red flags, it doesn’t necessarily mean it’s safe. Users must always be cautious when clicking on links or opening attachments.
Recent innovations have made ransomware even more attractive.
Currencies like bitcoin and anonymity networks such as Tor have helped make the Internet even more faceless than it was before. With the additional levels of privacy afforded to them by these innovations, attackers can be more brazen in their efforts to hold data to ransom. This means a rise in ransomware attacks could be coming.
How to stay safe: Of course, the importance of backups can’t be overstated. The same is true for the fact that those backups should be kept securely isolated to ensure their continued safety in the event of an intrusion. IT security pros should also monitor their networks for any signs of Tor communications and cross-reference that with any other clues indicating malware. Some of that Tor traffic may be legit, however, it may also be a sign something isn’t right.
Microsoft macro attacks are hip again.
Exploiting macros in Microsoft Office used to be big business for attackers, until those macros were turned off by default. However, everything comes back in style eventually and it seems exploiting macros has made its return. Attackers have found renewed success with this strategy by adding a social engineering component to it. They’ll send out an attachment which purports to be a crucial business document. Sometimes instructions are included so users know how to re-enable macros on their machines. Once that’s done, attackers may be able to gain access to a wealth of sensitive info. Another part of the trick to these new macro campaigns is that they’re short. By the time security solutions recognize a threat, the attackers have amended the email and file to help them avoid detection in future attacks.
How to stay safe: Cisco recommends a multi-tiered, defense-in-depth approach to security to combat these new incarnations of macro-attacks. This strategy can help to slow down the attack timeline, giving companies and their defenses more time to get their feet under them and properly respond.
Increased security, peace of mind
Having the latest and greatest tools is only part of the equation in today’s security climate. The remaining work includes keeping those tools tuned and updated against the fluid nature of attackers while also giving end users the know-how to handle their own roles. That wouldn’t be an easy task if it was the only thing on IT’s plate. When the full scope of what’s expected of IT is considered, it’s no wonder IT can struggle to keep pace.
That’s where having a partner like Arraya Solutions can help. Arraya has the knowledge required to match organizations with the right solution to meet their unique needs. From there, Arraya can also aid in the deployment and management of the solution throughout its lifecycle, saving IT time while still guaranteeing its peace of mind.
Have more questions? Ready to set up an appointment? Visit us at www.ArrayaSolutions.com today to get started. Also, be sure to follow us on Twitter, @ArrayaSolutions, to stay on top of the latest company and tech industry news.