The Internet of Things (IoT) continues to offer new opportunities for cyber criminals, with its security weaknesses – many of them ripe for exploitation – playing a central role in enabling criminal campaigns to exert an escalating impact. That’s the stark warning issued by Cisco in its latest Mid-Year Cyber Security Report.
The in-depth report highlights the rapid evolution of threats and the increasing magnitude of cyber-centric episodes, while also proceeding to forecast potential Destruction of Service attacks. Recent IoT botnet activity already suggests that some attackers may be laying the foundations for a wide-reaching, high-impact cyber threat event that could potentially disrupt the Internet itself.
Cisco’s security researchers watched the evolution of malware during the first half of 2017 and identified shifts in how adversaries are tailoring their delivery, obfuscation and evasion techniques. Specifically, Cisco saw that they increasingly require victims to activate threats by clicking on links or opening files. Criminals are now developing file-less malware that lives in a system’s memory and is harder to detect or investigate as it’s wiped out when a device re-starts. Finally, adversaries are relying on anonymised and decentralised infrastructure – such as a Tor proxy service – to obscure Command and Control activities.
Steve Martino, vice-president and Chief Information Security Officer at Cisco, commented: “As recent incidents like WannaCry and Nyetya illustrate, our adversaries are becoming more and more creative in how they architect their attacks. While the majority of organisations will take steps to improve their security posture following a breach, businesses across industries are in a constant race against the attackers. Security effectiveness starts with closing the obvious gaps and making security a business priority.”
While Cisco has seen a striking decline in exploit kits, other traditional attacks are witnessing a resurgence. For example, spam volumes are significantly increasing as adversaries turn to other tried-and-tested methods, among them e-mail, to distribute malware and generate revenue. Cisco’s threat researchers anticipate that the volume of spam with malicious attachments will continue to rise while the exploit kit landscape remains in a state of flux.
Spyware and adware
Often dismissed by security professionals as more of a nuisance than being harmful, spyware and adware are forms of malware that persist and bring risks to the enterprise.
Cisco’s researchers sampled 300 companies over a four-month period and found that three prevalent spyware families infected 20% of the sample. In a corporate environment, spyware can steal user and company information, weaken the security posture of devices and increase malware infections.
Evolutions in ransomware, such as the growth of Ransomware-as-a-Service, make it easier for criminals – regardless of their own skill set – to carry out these attacks. Ransomware has certainly been grabbing headlines and reportedly brought in more than $1 billion in 2016, but this may be misdirecting some organisations who face an even greater, under-reported threat.
Business e-mail compromise (BEC), a social engineering attack in which an e-mail is designed to trick organisations into transferring money to the attackers, is becoming highly lucrative. Between October 2013 and December last year, $5.3 billion was stolen via BEC. That’s according to the Internet Crime Complaint Centre.
Foundational cyber security requirements
As criminals continue to increase the sophistication and intensity of their attacks, businesses across industries are challenged to keep up with even foundational cyber security requirements. As Information Technology and Operational Technology converge in the IoT, organisations struggle with visibility and complexity. However, the Cisco study found that no more than two-thirds of organisations are investigating security alerts.
In certain industries (such as healthcare and transportation), this number is closer to 50%. Even in the most responsive industries (among them finance and healthcare), businesses are mitigating less than 50% of attacks they know to be legitimate. Across most industries, breaches drove at least modest security improvements in at least 90% of those organisations questioned as part of the study.
It’s findings like these, and the disruptive impact that a cyber security incident can have on an organisation, that demonstrate precisely why cyber attacks and data breaches are such major concerns for today’s business continuity and resilience professionals.