Cisco has released its 2014 Midyear Security Report, which examines the “weak links” in organisations that contribute to an increasingly dynamic threat landscape.
Geopolitical events are creating new trends in the cyber realm, expanding the risk landscape for businesses, governments, and other organisations and individuals.
According to the report the top five most at-risk industry verticals for mobile malware encounters during the first half of 2014 were agriculture and mining, transportation and shipping, food and beverage, government, and media and publishing across the wider Europe, Middle East, Africa, and Russia (EMEAR) region. In EMEAR, food and beverage saw the highest number of web malware encounters.
It is important for South African businesses to remember that any cyber-attack, large or small, is born from a weak link in the security chain. As a result, weak links – outdated software, bad code, abandoned digital properties, or user errors – contribute to the adversary’s ability to exploit vulnerabilities, with methods such as DNS queries, exploit kits, amplification attacks, point-of-sale (POS) system compromise, malvertising, ransomware, and infiltration of encryption protocols, social engineering and “life event” spam.
Employees play a critical part in an organisation’s security chain and they are often ignorant of security threats. According to recent local research by Cisco amongst future business leaders in South Africa, nearly two-thirds (63%) of South African employees are allowed to use their own devices to access the company server or network.
Furthermore, the vast majority (87%) of employees are allowed to use company issued computers for personal reasons and most access social media sites with these devices, and do so frequently.
This raises some major concerns for business leaders in South Africa, as they do not always have control over those devices and the websites being accessed from the devices. This increases the organisation’s risk of being exposed to further vulnerabilities and cyber-attacks.
The report also shows that focusing on only high-profile vulnerabilities rather than on high-impact, common and stealthy threats put these organisations at greater risk. By proliferating attacks against low-profile legacy applications and infrastructure with known weaknesses, malicious actors are able to escape detection as security team’s focus instead on boldface vulnerabilities, such as Heartbleed.
Globally, researchers closely examined 16 large multinational organisations, which, as of 2013, collectively controlled over R42 trillion (USD 4 trillion) in assets with revenues in excess of R3 trillion (USD 300 billion). This analysis yielded three compelling security insights tying enterprises to malicious traffic:
* Man-in-the-Browser” attacks pose a risk for enterprises: Nearly 94% of customer networks observed in 2014 have been identified as having traffic going to websites that host malware.
* Botnet hide and seek: Nearly 70% of networks were identified as issuing DNS queries for Dynamic DNS Domains. This shows evidence of networks misused or compromised with botnets using DDNS to alter their IP address to avoid detection/blacklist.
* Encrypting stolen data: Nearly 44% of customer networks observed in 2014 have been identified as issuing DNS requests for sites and domains with devices that provide encrypted channel services, used by malicious actors to cover their tracks by exfiltrating data using encrypted channels to avoid detection like VPN, SSH, SFTP, FTP, and FTPS.
The number of exploit kits has dropped by 87% since the alleged creator of the widely popular Blackhole exploit kit was arrested last year, according to Cisco security researchers. Several exploit kits observed in the first half of 2014 were trying to move in on territory once dominated by the Blackhole exploit kit, but a clear leader has yet to emerge.
Meanwhile, Java continues its dubious distinction as the programming language most exploited by malicious actors. Cisco security researchers found that Java exploits rose to 93% of all indicators of compromise (IOCs) as of May 2014, following a high point of 91% of IOCs in November 2013 as reported in the Cisco 2014 Annual Security Report.
The has also been an unusual upticks in malware within vertical markets. For the first half of 2014, worldwide the top three verticals most at risk for web malware encounters were media and publishing, pharmaceutical and chemical, and aviation.
Greg Griessel, consulting systems engineer Security Solutions at Cisco South Africa, says: “While South African companies are innovating their future using the Internet, they face unprecedented risks caused by situations out of their control – such as geopolitical events. As a result, company executives need to understand, create awareness, and manage cyber risks and weaknesses in the security chain.
“Starting from the most senior level, South African businesses must make cyber security a business process, and deploy cyber security solutions that cover the entire attack continuum – before, during, and after a cyber-attack.”