The digital economy and the Internet of Everything (IoE) are inspiring new attack vectors and monetization schemes for cybercriminals that organizations will need to defend against, according to a new report from networking solutions vendor Cisco Systems.
Cisco’s 2015 Midyear Security Report looks at current threat intelligence and security trends, and says organizations need to cut their time to detection of threats if they’re going to defend against increasingly sophisticated attacks from very motivated attackers. Emblematic of these emerging threats is the Angler Exploit Kit, which the report said represents the sort of threat that will become increasingly common as IoE and the digital economy open new attack vectors.
“Hackers, being unencumbered, have the upper hand in agility, innovation and brazenness. We see this time and again, whether it is nation state actors, malware, exploit kits or ransomware,” said Jason Brvenik, principal engineer for Cisco’s security business group, in a statement. “A purely preventive approach has proven ineffective, and we are simply too far down the road to accept a time to detection measured in hundreds of days. The question of ‘what do you do when you are compromised’ highlights the need for organizations to invest in integrated technologies that work in concert to reduce time to detection and remediation to a matter of hours; and then they should demand their vendors help them to reduce this metric to minutes.”
The top emerging threat, Angler, is described as a very sophisticated and widely used exploit kit that makes innovative use of vulnerabilities in Flash, Java, Internet Explorer and Silverlight. It evades detection by using domain shadowing, among other techniques.
Cisco researchers also noted a return of exploits targeting Adobe Flash exploits, including Angler and another exploit kit, Nuclear. A lack of automated patching is worsening the vulnerability. Researchers found Adobe Flash Player vulnerabilities rose by 66 per cent in 2015.
Ransomware is also evolving, said researchers, maturing to the point where ransomware operations are completely automated in the dark web with payments concealed through payment in cryptocurrencies like Bitcoin.
With an accelerating arms race between cybercriminals and security vendors putting end users more at risk, Cisco said security vendors need to be more diligent in developing integrated security solutions that align people, processes and technology. And companies should demand security vendors be transparent about their capabilities and contractually back up their security claims.
“Organizations cannot just accept that compromise is inevitable, even if it feels like it today. The technology industry must up the game and provide reliable and resilient products and services, and the security industry must provide vastly improved, yet meaningfully simplified, capabilities for detecting, preventing, and recovering from attacks. This is where we are leading,” said John N. Stewart, senior vice president, chief security and trust officer for Cisco, in a statement. “We are regularly told that business strategy and security strategy are the top two issues for our customers, and they want trusted partnerships with us. Trust is tightly linked to security, and transparency is key so industry-leading technology is only half the battle. We’re committed to providing both: industry-defining security capabilities and trustworthy solutions across all product lines.”