Internet of Everything opens new attack vectors for cybercriminals: Cisco

The digital economy and the Internet of Everything (IoE) are inspiring new attack vectors and monetization schemes for cybercriminals that organizations will need to defend against, according to a new report from networking solutions vendor Cisco Systems.

Cisco’s 2015 Midyear Security Report looks at current threat intelligence and security trends, and says organizations need to cut their time to detection of threats if they’re going to defend against increasingly sophisticated attacks from very motivated attackers. Emblematic of these emerging threats is the Angler Exploit Kit, which the report said represents the sort of threat that will become increasingly common as IoE and the digital economy open new attack vectors.

“Hackers, being unencumbered, have the upper hand in agility, innovation and brazenness. We see this time and again, whether it is nation state actors, malware, exploit kits or ransomware,” said  Jason Brvenik, principal engineer for Cisco’s security business group, in a statement. “A purely preventive approach has proven ineffective, and we are simply too far down the road to accept a time to detection measured in hundreds of days. The question of ‘what do you do when you are compromised’ highlights the need for organizations to invest in integrated technologies that work in concert to reduce time to detection and remediation to a matter of hours; and then they should demand their vendors help them to reduce this metric to minutes.”

The top emerging threat, Angler, is described as a very sophisticated and widely used exploit kit that makes innovative use of vulnerabilities in Flash, Java, Internet Explorer and Silverlight. It evades detection by using domain shadowing, among other techniques.

Cisco researchers also noted a return of exploits targeting Adobe Flash exploits, including Angler and another exploit kit, Nuclear. A lack of automated patching is worsening the vulnerability. Researchers found Adobe Flash Player vulnerabilities rose by 66 per cent in 2015.

Ransomware is also evolving, said researchers, maturing to the point where ransomware operations are completely automated in the dark web with payments concealed through payment in cryptocurrencies like Bitcoin.

With an accelerating arms race between cybercriminals and security vendors putting end users more at risk, Cisco said security vendors need to be more diligent in developing integrated security solutions that align people, processes and technology. And companies should demand security vendors be transparent about their capabilities and contractually back up their security claims.

“Organizations cannot just accept that compromise is inevitable, even if it feels like it today. The technology industry must up the game and provide reliable and resilient products and services, and the security industry must provide vastly improved, yet meaningfully simplified, capabilities for detecting, preventing, and recovering from attacks. This is where we are leading,” said John N. Stewart, senior vice president, chief security and trust officer for Cisco, in a statement. “We are regularly told that business strategy and security strategy are the top two issues for our customers, and they want trusted partnerships with us. Trust is tightly linked to security, and transparency is key so industry-leading technology is only half the battle. We’re committed to providing both: industry-defining security capabilities and trustworthy solutions across all product lines.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Jeff Jedras
Jeff Jedras
Jeff Jedras is a technology journalist with IT World Canada and a member of the IT Business team. He began his career in technology journalism in the late 1990s, covering the Ottawa technology sector for Silicon Valley North and the Ottawa Business Journal. He later covered the technology scene in Vancouver before joining IT World Canada in Toronto in 2005, covering enterprise IT for ComputerWorld Canada and the channel for Computer Dealer News. His writing has also appeared in the Vancouver Sun & the Ottawa Citizen.

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.