The Internet of Things continues to offer new opportunities for cyber criminals, and its security weaknesses, ripe for exploitation, will play a central role in enabling these campaigns with escalating impact, warns Cisco in its latest Midyear Cyber Security Report. The report also highlights the rapid evolution of threats and the increasing magnitude of attacks, and forecasts potential 'Destruction of Service' (DeOS) attacks. Recent IoT botnet activity already suggests that some attackers may be laying the foundation for a wide-reaching, high-impact cyber-threat event that could potentially disrupt the internet itself.
Cisco security researchers watched the evolution of malware during the first half of 2017 and identified shifts in how adversaries are tailoring their delivery, obfuscation and evasion techniques. Specifically, Cisco saw they increasingly require victims to activate threats by clicking on links or opening files. They are developing fileless malware that lives in memory and is harder to detect or investigate as it is wiped out when a device restarts. Finally adversaries are relying on anonymised and decentralized infrastructure, such as a Tor proxy service, to obscure command and control activities.
Steve Martino, Vice President and Chief Information Security Officer at Cisco, commented: “As recent incidents like WannaCry and Nyetya illustrate, our adversaries are becoming more and more creative in how they architect their attacks. While the majority of organizations took steps to improve security following a breach, businesses across industries are in a constant race against the attackers. Security effectiveness starts with closing the obvious gaps and making security a business priority.”
While Cisco has seen a striking decline in exploit kits, other traditional attacks are seeing a resurgence. For example, spam volumes are significantly increasing, as adversaries turn to other tried-and-tested methods, like email, to distribute malware and generate revenue. Cisco threat researchers anticipate that the volume of spam with malicious attachments will continue to rise while the exploit kit landscape remains in flux.
Spyware and adware, often dismissed by security professionals as more nuisance than harm, are forms of malware that persist and bring risks to the enterprise. Cisco research sampled 300 companies over a four-month period and found that three prevalent spyware families infected 20% of the sample. In a corporate environment, spyware can steal user and company information, weaken the security posture of devices and increase malware infections.
Evolutions in ransomware, such as the growth of Ransomware-as-a-Service, make it easier for criminals, regardless of their own skillset, to carry out these attacks. Ransomware has been grabbing headlines and reportedly brought in more than $1 billion in 2016, but this may be misdirecting some organizations, who face an even greater, under-reported threat. Business email compromise (BEC), a social engineering attack in which an email is designed to trick organizations into transferring money to attackers, is becoming highly lucrative. Between October 2013 and December 2016, $5.3 billion was stolen via BEC, according to the Internet Crime Complaint Center.
As criminals continue to increase the sophistication and intensity of attacks, businesses across industries are challenged to keep up with even foundational cyber security requirements. As Information Technology and Operational Technology converge in the Internet of Things, organizations struggle with visibility and complexity. However, the study found that no more than two-thirds of organizations are investigating security alerts. In certain industries (such as healthcare and transportation), this number is closer to 50%. Even in the most responsive industries (such as finance and healthcare), businesses are mitigating less than 50% of attacks they know are legitimate. Across most industries, breaches drove at least modest security improvements in at least 90% of organizations.
It is findings like these, and the disruptive impact that a cyber security incident can have on an organization, that demonstrate why cyber attacks and data breaches are such major concerns for business continuity and resilience professionals. The Business Continuity Institute's latest Horizon Scan Report identified them as the top two threats to organizations with 88% and 81%, respectively, of respondents to a global survey expressing concern about the prospect of such an event occurring.