• Skip to primary navigation
  • Skip to main content
site logo
  • About
    • Approach
    • Partnerships
    • Mission
    • Leadership
    • Awards
    • Arraya Cares
  • Solutions
    • Solutions

    • Hybrid Infrastructure
      • Hyperconverged
      • Infrastructure as a Service
      • Servers, Storage, and Virtualization
      • Data Protection
      • Disaster Recovery & Business Continuity
    • Apps & Data
      • AI
      • Automation
      • Customizations
      • Visualizations & Integrations
      • Migrations
    • Network
      • Enterprise Networks
      • Wireless Connectivity
      • Cloud Networking Solutions
      • IoT
    • Cybersecurity
      • Endpoint Security
      • Network Security
      • Cloud Security
      • Application Security
    • Modern Workplace
      • Microsoft Licensing
      • Productivity & Collaboration
      • Modern Endpoint Deployment & Management
      • Microsoft Compliance & Risk
      • Backup
      • Cloud
  • Services
    • Services

    • Managed Services
      • Service Desk
      • Outsourced IT
      • Managed Security
      • Managed NOC
      • Arraya Adaptive Management for Microsoft Technologies
      • ADEPT: Arraya's White Label Program
    • Advisory Services
      • Assessments
      • Strategy
      • vCTO
      • vCISO
      • Enterprise Architecture
    • Staffing
      • Infrastructure Engineering
      • Security & Compliance
      • Application & Software
    • Professional Services
      • Project Management 
      • Systems Integration 
      • Mergers & Acquisitions
      • Knowledge & Skills Transfer 
  • Industries
    • Education
    • Finance
    • Healthcare
    • Legal
    • Manufacturing
    • Software and Services
  • Insights
    • News
    • Blog
    • Events
    • Videos
    • Case studies
  • Careers
  • CSP Login
search icon
Contact Us

Cisco’s Midyear Security Report Shines Light on Emerging Threats

The first half of the year saw security pros and cybercrooks locked in a veritable arms race according to Cisco’s 2015 Midyear Security Report. The brand new report explored the latest threats, gave Digital Securityupdates on some old favorites of attackers and looked at the ways in which they’re adapting their methods and tools to evade detection. In addition, the report also featured analysis and observations on the security industry and its response to the evolution of its enemy.

Here are five takeaways gleaned from Cisco’s report. This info can be an essential cog in the effort to safeguard organizations’ users and infrastructures against those who are looking to do them harm.

Users fall behind on Flash patches, attackers take advantage.

From January to May of this year, there were a total of 62 vulnerabilities for Adobe Flash Player that resulted in code execution on users’ devices. This is up from the 41 which were logged during the same period in 2014. It was also the highest figure recorded over the last several years. Researchers believe this spike is being driven by two elements:

  • Flash vulnerabilities are becoming more frequent components in widely-used exploit kits.
  • Even though Adobe frequently pumps out updates for its tools, users are rarely quick to respond to these, creating a “patching gap.”

How to stay safe: Obviously keeping up with Flash patches is ideal. Also, examining past events to look for correlations in the present day through retrospective analysis can also help identify these types of threats.

Angler is a ruthlessly effective exploit kit.

Early in 2015, Cisco identified Angler as a top threat in the exploit kit arena and so far it has lived up to that billing. More so than any other exploit kit currently operating in the wilds of the Internet, Angler is wildly adept at getting the job done. So far, 40% of visitors who land on an Angler-controlled landing page fall victim to the kit. That’s twice the success rate of other exploit kits. Part of the reason for Angler’s efficiency is the “innovative” way it takes advantage of a wide assortment of vulnerabilities, including Flash, Java and Internet Explorer.

How to stay safe: Flash isn’t the only tool that can be turned into a gateway for cybercrooks without proper patching. IT must ensure all of these possible entry points are sealed up tight by way of the latest patches and updates.

Attackers are adding classic lit to their arsenals.

Exploit kit landing pages used to be home to collections of random text which made them more obvious to security tools and end users alike. In order to get everyone to lower their guards, many attackers have begun replacing filler text with excerpts from classic novels – like Jane Austen’s Sense & Sensibility. In other cases, more modern text, nabbed from blogs or magazines, was used to dupe visitors.

How to stay safe: As attackers get better at concealing their nefarious activities from security tools, the onus often falls on users to practice smart browsing habits. Just because a site doesn’t raise any immediate red flags, it doesn’t necessarily mean it’s safe. Users must always be cautious when clicking on links or opening attachments.

Recent innovations have made ransomware even more attractive.

Currencies like bitcoin and anonymity networks such as Tor have helped make the Internet even more faceless than it was before. With the additional levels of privacy afforded to them by these innovations, attackers can be more brazen in their efforts to hold data to ransom. This means a rise in ransomware attacks could be coming.

How to stay safe: Of course, the importance of backups can’t be overstated. The same is true for the fact that those backups should be kept securely isolated to ensure their continued safety in the event of an intrusion. IT security pros should also monitor their networks for any signs of Tor communications and cross-reference that with any other clues indicating malware. Some of that Tor traffic may be legit, however, it may also be a sign something isn’t right.

Microsoft macro attacks are hip again.

Exploiting macros in Microsoft Office used to be big business for attackers, until those macros were turned off by default. However, everything comes back in style eventually and it seems exploiting macros has made its return. Attackers have found renewed success with this strategy by adding a social engineering component to it. They’ll send out an attachment which purports to be a crucial business document. Sometimes instructions are included so users know how to re-enable macros on their machines. Once that’s done, attackers may be able to gain access to a wealth of sensitive info. Another part of the trick to these new macro campaigns is that they’re short. By the time security solutions recognize a threat, the attackers have amended the email and file to help them avoid detection in future attacks.

How to stay safe: Cisco recommends a multi-tiered, defense-in-depth approach to security to combat these new incarnations of macro-attacks. This strategy can help to slow down the attack timeline, giving companies and their defenses more time to get their feet under them and properly respond.

Increased security, peace of mind

Having the latest and greatest tools is only part of the equation in today’s security climate. The remaining work includes keeping those tools tuned and updated against the fluid nature of attackers while also giving end users the know-how to handle their own roles. That wouldn’t be an easy task if it was the only thing on IT’s plate. When the full scope of what’s expected of IT is considered, it’s no wonder IT can struggle to keep pace.

That’s where having a partner like Arraya Solutions can help. Arraya has the knowledge required to match organizations with the right solution to meet their unique needs. From there, Arraya can also aid in the deployment and management of the solution throughout its lifecycle, saving IT time while still guaranteeing its peace of mind.

Have more questions? Ready to set up an appointment? Visit us at www.ArrayaSolutions.com today to get started. Also, be sure to follow us on Twitter, @ArrayaSolutions, to stay on top of the latest company and tech industry news.

Arraya Insights
Back to Top
Arraya Solutions logo

We combine technological expertise and personal service to educate and empower our customers to solve their individual IT challenges.

518 Township Line Road
Suite 250, Blue Bell, PA 19422

p: (866) 229-6234     f: (610) 684-8655
e: info@arrayasolutions.com

  • Careers
  • Privacy Policy
  • Contact Us

© 2025 Arraya Solutions. All rights reserved.

Facebook Twitter YouTube LinkedIn
Manage Cookie Consent
We use cookies to enhance your experience. By selecting “Accept,” you agree to our cookie policy.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}