HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 2 MINUTES AGO.
You are here: Home / Network Security / Weak Links in Enterprise Security
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
Cisco: Weak Links Exist in Enterprise Security
Cisco: Weak Links Exist in Enterprise Security
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
05
2014

From outdated software and bad code to abandoned digital properties and user errors, every organization has weak links that contribute to the cyberthreat landscape. Cisco’s 2014 Midyear Security report is examining them.

These weak links are opening the door for hackers looking to exploit vulnerabilities using various methods. Among the most popular, Cisco reports, are DNS queries, exploit kits, point-of-sale system compromise, amplification attacks, ransomware, infiltration of encryption protocols, malvertising, social engineering and what’s called "life event" spam, which, as its name suggests, is connected with some major life event like a wedding or pregnancy.

John N. Stewart, Senior Vice President and Chief Security Officer at Cisco, said many companies are innovating their futures using the Internet. In order to succeed in a “rapidly emerging environment,” he continued, executive leadership needs to embrace and manage, in business terms, the associated cyber risks.

“Analyzing and understanding weaknesses within the security chain rests largely upon the ability of individual organizations, and industry, to create awareness about cyber risk at the most senior levels, including boards -- making cybersecurity a business process, not about technology,” Stewart said. “To cover the entire attack continuum -- before, during, and after an attack -- organizations today must operate security solutions that operate everywhere a threat can manifest itself."

Watch for the Man in the Browser

Cisco’s 2014 Midyear Security examines 16 large multinational organizations that collectively controlled over $4 trillion in assets with revenues in excess of $300 billion as of 2013. This results: three security insights are connecting enterprises to malicious traffic.

The first one is "man-in-the-browser" attacks. Cisco said nearly 94 percent of customer networks it identified in 2014 have been pointing traffic to Web sites that host malware. Cisco pointed to a specific strategy: issuing DNS requests for hostnames where the IP address to which the hostname resolves is reported to be associated with the distribution of Palevo, SpyEye, and Zeus malware families that incorporate man-in-the-browser functionality.

Meanwhile, there’s a lot more botnet hide and seek going on. Cisco reports nearly 70 percent of networks were identified as issuing DNS queries for Dynamic DNS Domains. According to the company, this shows evidence of networks misused or compromised with botnets using DDNS to alter their IP addresses to avoid detection/blacklist.

Why is Cisco so sure? Because few legitimate outbound connection attempts from enterprises would seek dynamic DNS domains apart from outbound Command and Control callbacks trying to disguise the locations of their botnets.

The third insight is around encrypting stolen data. Cisco reported that nearly 44 percent of the customer networks it observed in 2014 are issuing DNS requests for sites and domains with devices that offer encrypted channel services. Malicious actors use these services to cover their tracks by exfiltrating data using encrypted channels to avoid detection like VPN, SSH, SFTP, FTP, and FTPS.

Good News, Bad News

The good news is the number of exploit kits has dropped by 87 percent since the alleged creator of the widely popular Blackhole exploit kit was arrested last year, according to Cisco security researchers. But the not-so-good news is that java is still the programming language most malicious actors exploit. Cisco researchers report Java exploits rose to 93 percent of all indicators of compromise as of May 2014.

Finally, for the first six months of 2014, the pharmaceutical and chemical industry placed in the top three high-risk verticals for Web malware encounters. Media and publishing led the industry verticals posting nearly four times the median Web malware encounters. Aviation fell into third place with over twice the median Web malware encounters globally.

We turned to Chester Wisniewski, a Senior Security Advisor at security firm Sophos, to get his thoughts on the Cisco report. He told us the findings reflect what the industry has been seeing for a long time. That is, attackers are persistent, unrelenting and choose the easiest methods possible to bypass corporate defenses, primarily attacking where you aren't looking.

"The report is very biased toward only the largest of organizations though," Wisniewski said. "Small and mid-sized businesses, the vast majority, should not take comfort that this is a Fortune 50 problem. These same methods are being used against everyone from Mom and Pop pizza joints to multinational defense contractors. Everyone has something worth stealing."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN NETWORK SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
An easily avoided security lapse -- failure to use two-factor authentication on a single server -- is being blamed for the massive computer breach that hit JPMorgan Chase this past summer.

ENTERPRISE HARDWARE SPOTLIGHT
Flying under the radar just before Christmas, HP has launched a new version of its Chromebook 14, most notable for its touch screen and full high-definition display, plus more powerful specs.
© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.