Cybercriminals Aren’t Just Targeting Individuals – Protecting Your Network From Malware
The Cisco 2014 Annual Security Report highlights the top security concerns, while calling upon organizations to review their security strategy. In view of increasing threats, it suggests that users should assume that nothing in the cyber world can or should be trusted.
The report refers to campaigns that target specific organizations, groups, and industries, and the growing sophistication of cybercriminals. It points out new methods for embedding malware in networks that remain undetected for long periods, and steal data or disrupt critical systems.
Among the major findings are:
- Those with mala fide intentions are increasingly trying to access web hosting servers, nameservers, and data centers.
- Malicious actors are using trusted applications to exploit gaps in perimeter security.
- Java comprises 91%of web exploits. Vulnerabilities in Java programming language are the most frequently exploited target, according to Cisco data.
- Flash or Adobe PDF documents are also popular vectors for criminal activity.
- There is evidence of internal compromise in MNCs.
- Ninety-nine percent of all mobile malware in 2013 targeted Android devices.
Cisco plays a major role in assessing threats. Every day, it inspects 16 billion web requests (blocking 80 million) and 93 billion emails (blocking 4.5 billion); FireAMP evaluates 28 million network connects. Telemetry tools like Cisco NetFlow can monitor Java-associated traffic.
High-profit verticals, such as pharmaceutical and chemical, agriculture and mining, and electronics manufacturing, have high rates of web malware encounters, according to Cisco TRAC/SIO research. Vulnerabilities and threats reported by Cisco IntelliShield® showed steady growth in 2013.
‘Bitsquatting’, the registration of domain names that are one binary digit different from the original domain, is being used to redirect traffic to sites hosting malware or scams. Distributed denial of service (DDoS) attacks have been increasing in both volume and severity.
Being aware of the threats can help avert them, and employ tools to prevent cybercriminals from entering your network. The report seeks comprehensive examination of security models.
The Cisco Secure Development Lifecycle (CSDL) prescribes a repeatable and measurable methodology designed to build in product security at the product concept stage, minimize vulnerabilities during development, and increase resiliency of products.
The full report is available can be downloaded through the link:
http://www.cisco.com/web/offers/lp/2014-annual-security-report/index.html
Technology
