The Cisco Report sums up its findings into four main points presented below:
- Cybercrime Trend Spotlight: Ransomware
Ransomware is the most profitable attack to date, with as many as 90,000 victims targeted every 24 hours. Ransomware's victims are quite diverse and include most major industries, such as academic institutions, healthcare, law enforcement and even the federal government.
Vulnerabilities in applications, like JBoss, are providing attackers new vectors to launch campaigns such as ransomware. Cisco has also observed increasing incidences of hackers using self-propagating malware that replicates itself within local, remote, network and USB drives.
To quickly resume business operations, victims may relent and pay the ransom, usually in the form of bitcoins that average between $300 per victim. Even when the ransom is paid, there is no guarantee that the data will be decrypted, or that decrypted data has not been compromised in some form.
- Time to Operate
Traditionally, hackers have favored client-side attacks that rely on the unsuspecting victims performing a normally harmless action. This may include opening an email containing malicious malware disguised as a PDF, starting up an instant messaging application or running an FTP client while connected to an FTP server.
Exploit kits are readily available helping to spread malware and ransomware and continue to penetrate vulnerabilities within Adobe Flash. Exploit kit makers can simply reverse-engineer the latest patch updates to detect new vulnerabilities and evade security defenses.
Attackers are also increasingly resorting to server-side attacks that directly target web browsers, web servers and database servers by injecting scripts in HTML pages or manipulating SSI.
- Time to Secure
The gap between attack activity, time to detection and solution implementation is critical. In their report, Cisco researchers detail the growing use of HTTPS in malicious campaigns, as well as bad actors’ use of Transport Layer Security (TLS) to encrypt their communications. Thanks to the latest cybersecurity solutions, the timeframe between penetration and security implementation has reduced even as the frequency of attacks has gone up. The latest patch is usually available the minute a new vulnerability is made public, but even so, many users don’t download the patch immediately, if at all. This lag time provides ample opportunity for hackers to continue to exploit public, well-known vulnerabilities.
Cybersecurity vendors are remedying this through features like auto-patch updates. Per one estimate by Cisco, roughly 75% to 80% of users have the latest patch or are only one patch behind the latest update.
- Global Perspective and Security Recommendations
Hackers routinely shift their tactics. This much is clear: no matter what your industry or geographical location, you are vulnerable. To combat the growing threats, the federal government has imposed stricter measures that, while well intended, have often lead to privacy concerns and increased compliance requirements that are often contradictory to one another. Many IT experts argue that over regulation makes us less secure.
Ultimately, all organizations need to proactively adopt the best protections and not depend on a government agency or outside regulating body to tell them to do so.
Improving Your Organizations Security Outlook
While the outlook may seem dire, there are inroads being made against cyberattacks. Organizations who take measures to limit an attacker's time to operate by upgrading aging infrastructure and instituting new security and detection techniques are stopping more attacks before they can penetrate.
Even with progress being made, it never hurts to have an experienced security professional guide you through the maze of security risks, and ensure you’re protected. OneNeck IT Solutions will work with you to build a stronger foundation for your infrastructure that will harden your security and increase your visibility to potential attacks.