From outdated software
and bad code to abandoned digital properties and user errors, every organization has weak links that contribute to the cyberthreat landscape. Cisco’s 2014 Midyear Security report is examining them.
These weak links are opening the door for hackers looking to exploit vulnerabilities using various methods. Among the most popular, Cisco reports, are DNS queries, exploit kits, point-of-sale system compromise, amplification attacks, ransomware, infiltration of encryption protocols, malvertising, social engineering and what’s called "life event" spam, which, as its name suggests, is connected with some major life event like a wedding or pregnancy.
John N. Stewart, Senior Vice President and Chief Security Officer at Cisco, said many companies are innovating their futures using the Internet. In order to succeed in a “rapidly emerging environment,” he continued, executive leadership needs to embrace and manage, in business terms, the associated cyber risks.
“Analyzing and understanding weaknesses within the security chain rests largely upon the ability of individual organizations, and industry, to create awareness about cyber risk at the most senior levels, including boards -- making cybersecurity a business process, not about technology,” Stewart said. “To cover the entire attack continuum -- before, during, and after an attack -- organizations today must operate security solutions that operate everywhere a threat can manifest itself."
Watch for the Man in the Browser
Cisco’s 2014 Midyear Security examines 16 large multinational organizations that collectively controlled over $4 trillion in assets with revenues in excess of $300 billion as of 2013. This results: three security insights are connecting enterprises to malicious traffic.
The first one is "man-in-the-browser" attacks. Cisco said nearly 94 percent of customer networks it identified in 2014 have been pointing traffic to Web sites that host malware. Cisco pointed to a specific strategy: issuing DNS requests for hostnames where the IP address to which the hostname resolves is reported to be associated with the distribution of Palevo, SpyEye, and Zeus malware families that incorporate man-in-the-browser functionality.
Meanwhile, there’s a lot more botnet hide and seek going on. Cisco reports nearly 70 percent of networks were identified as issuing DNS queries for Dynamic DNS Domains. According to the company, this shows evidence of networks misused or compromised with botnets using DDNS to alter their IP addresses to avoid detection/blacklist.
Why is Cisco so sure? Because few legitimate outbound connection attempts from enterprises would seek dynamic DNS domains apart from outbound Command and Control callbacks trying to disguise the locations of their botnets. (continued...)