Ninety-nine percent of all mobile malware targeted Android devices while Java exploits accounted for 91 percent of Indicators of Compromise (IOCs) last year according to The Cisco 2014 Annual Security Report released today.
The report says that in 2013 overall vulnerabilities and threats reached the highest level since initial tracking began in May 2000, with an unprecedented growth of advanced attacks, while malicious traffic threats increasingly took advantage of an expanding attack surface with new techniques
Unsurprisingly, threats designed to take advantage of users' trust in systems, applications and personal networks have also reached record levels while a worldwide shortage of nearly a million skilled security professionals is impacting organisations' abilities to monitor and secure networks.
Terry Greer-King, Director of Cyber Security, UK and Ireland at Cisco, commenting to SCMagazineUK.com on the report's findings, noted that, “As the new threats get more complex, it's not enough to deploy solutions and products that purely seek to stop attacks or address only part of the problem.” Instead, a ‘before, during and after' (BDA) approach was proposed. “It's about looking at the whole continuum of security, understanding attacks before they happen, tracking events with advanced visibility, work out what's happening on the network, where it will go next, fix it and mop up afterwards.”
The report also notes how rapid growth in intelligent mobile device adoption and cloud computing are providing a greater attack surface than ever before while new classes of devices and new infrastructure architectures offer attackers opportunities to exploit unanticipated weaknesses and inadequately defended assets. These sophisticated infrastructure-scale attacks seek to gain access to strategically positioned web hosting servers, and proliferate attacks across individual assets served by these resources.
One-hundred percent of a sample of 30 of the world's largest multinational company networks generated visitor traffic to Web sites that host malware says the report. Ninety-six percent of networks reviewed communicated traffic to hijacked servers. Similarly, 92 percent transmitted traffic to Web pages without content, which typically host malicious activity.
Distributed Denial of Service (DDoS) attacks are seen to have increased in volume and severity, often used in conjuction with and to distract from other attacks such as phishing. Multipurpose Trojans were the most frequently encountered web-delivered malware, at 27 percent of total encounters in 2013. Malicious scripts, such as exploits and iframes, were second at 23 percent; data theft Trojans such as password stealers and backdoors made up 22 percent, while malware was concentrated in fewer hosts and fewer IP addresses.
Commenting on the findings, Darren Anstee, Solutions Architect Team Manager at Arbor Networks, said in a statement to SCMagazineUK.com, “Businesses of every size should be in no doubt: if they are dependent on the Internet in any way for their business continuity, they need to have appropriate security solutions and services in place to protect themselves. DDoS attacks are now being used as a distraction from fraudulent activities, to disguise data exfiltration or for competitive takeout – DDoS is just one of the tools that cyber-criminals use to achieve their goals.
“As DDoS attack size increases, so does the complexity of the hacker's toolkit, attacks now combine state-exhaustion, volumetric and application-layer methods. These multi-vector attacks cannot be dealt with by using a purely cloud or network-perimeter solution. To ensure protection from these threats, organisations must have multi-layered DDoS protection in place, using both cloud AND network-perimeter components,” says Anstee.
For Greer-King, the key advice for CISOs included identifying the key risks (eg Android rather than Apple phones as a cause for concern, and training of staff as an ongoing requirement) and prioritise resources accordingly in an integrated programme of action.