The Cisco 2015 Midyear Security Report, which analyses threat intelligence and cybersecurity trends, reveals the critical need for organisations to reduce time to detection (TTD) in order to remediate against sophisticated attacks by highly motivated threat actors.
This coincides with the decision made by the Department of Justice and Constitutional Development to release their draft Cybercrimes and Cybersecurity Bill for public comment. 2015 has seen a spate of cyber-attacks as threat actors’ ability to innovate rapidly and enhance their capacity to compromise systems and evade detection evolves. The legislative undertaking is therefore indicative of South Africa’s mental shift towards greater cybercrime awareness.
“Organisations in South Africa cannot just accept that compromise is inevitable, even if it feels like it today,” says Greg Griessel, consulting systems engineer, security solutions at Cisco SA. “The technology industry must up the game and provide reliable and resilient products and services, and the security industry must provide vastly improved, yet meaningfully simplified, capabilities for detecting, preventing, and recovering from attacks.
“This is where Cisco is leading,” Griessel adds. “We are regularly told that business strategy and security strategy are the top two issues for our customers, and they want trusted partnerships with us. Trust is tightly linked to security, and transparency is key, so industry-leading technology is only half the battle. We’re committed to providing both: industry-defining security capabilities and trustworthy solutions across all product lines. The report findings also underscore the need for businesses to deploy integrated solutions versus point products, work with trustworthy vendors, and enlist security services providers for guidance and assessment.”
The midyear report says adversaries continue to innovate as they slip into networks undetected and evade security measures.
Other key findings from the study include the following:
• Exploits of Adobe Flash vulnerabilities are increasing. They are regularly integrated into widely used exploit kits such as Angler and Nuclear. Angler continues to lead the exploit kit market in terms of overall sophistication and effectiveness. The Angler Exploit Kit represents the types of common threats that will challenge organisations as the digital economy and the Internet of Everything (IoE) create new attack vectors and monetisation opportunities for adversaries.
• Operators of crime ware, like ransomware, are hiring and funding professional development teams to help them make sure their tactics remain profitable.
• Criminals are turning to the anonymous Web network Tor and the Invisible Internet Project (I2P) to relay command-and-control communications while evading detection.
• Adversaries are once again using Microsoft Office macros to deliver malware. It’s an old tactic that fell out of favor, but it’s being taken up again as malicious actors seek new ways to thwart security protections.
• Some exploit kit authors are incorporating text from Jane Austen’s classic novel Sense and Sensibility into Web landing pages that host their exploit kits. Antivirus and other security solutions are more likely to categorise these pages as legitimate after “reading” such text.
• Malware authors are increasing their use of techniques such as sandbox detection to conceal their presence on networks.
• Spam volume is increasing in the US, China, and the Russian Federation, but remained relatively stable in other regions in the first five months of 2015.
• The security industry is paying more attention to mitigating vulnerabilities in open-source solutions.
• Continuing a trend covered in the Cisco 2015 Annual Security Report, exploits involving Java have been on the decline in the first half of 2015.