Cisco Mid-Year Security Report: Bad Guys Getting Badder

Enterprises are making security improvements, but without integrated threat defenses, the hackers are still two jumps ahead.

While enterprise and personal data security vendors are making significant headway in toughening up their products against relentless attacks from shadowy bad actors around the globe, those bad guys also are becoming more sophisticated.

Cisco Systems came out with its biannual security whitepaper report July 28, and the key message from it is this: Enterprises can make a jump ahead, but the hackers are still two jumps ahead -- and getting nastier in their fraudulent behavior.

"At a high level, we're seeing big changes in attack behavior," Craig Williams, Security Outreach Manager at Cisco Systems and one of the authors of the report, told eWEEK. "Our adversaries are becoming more agile and are adapting faster to the security industry than ever before. We're seeing this with exploit kits, ransomware and others. The reason for this, we think, is that it's so much easier to monetize malware these days.

"In years previous, bad guys would sell the accounts, a couple at a time, and now that we have things like crypto-currencies, such as Bitcoin, it's significantly easier for adversaries to monetize directly from their victims."

Hackers getting more money per victim

Bad actors also are generally getting more money per victim, Williams said. "At a minimum, ransomware is now a couple hundred dollars (to pay the ransom and get the data back). Instead of a couple hundred dollars per 1,000 users, it's a couple hundred per user," Williams said.

The main problem with enterprise and personal data security now is that users have a plethora of security products that don't interact well and that leave holes open for hackers to walk through.

"The users are left with what we call this 'sprawl of security,' meaning devices that don't communicate well and don't share intelligence," Williams said. "These allow the bad guys blind spots to hide in. Does anybody have an IPS (intrusion prevention system) or anti-malware solution that can talk to their firewall? Until we have an integrated threat defense, those problems are going to allow adversaries easier access to networks."

Current Troubling Trends

Some of the top troubling trends cited in the Cisco mid-year update include:

--Expanding use of ransomware, which is making a successful business out of holding data hostage until targeted users pay up.

--Highly-effective exploit kits such as Angler, which use vulnerabilities in Flash to compromise systems. An exploit kit is an off-the-shelf software package containing easy-to-use packaged attacks on known and unknown (zero-day) vulnerabilities. These toolkits exploit client-side vulnerabilities, typically targeting the Web browser and applications that can be accessed by the Web browser. Angler continues to lead the exploit kit market in terms of overall sophistication and effectiveness.

--Increasing creativity by malware authors, who are even going so far as to include text excerpts from classic literature like Jane Austen's novel "Sense and Sensibility" in their code efforts to throw off antivirus detection software. Antivirus and other security solutions are more likely to categorize these pages as legitimate after “reading” such text.

--Exploits of Adobe Flash vulnerabilities are increasing. They are regularly integrated into widely used exploit kits such as Angler and Nuclear., for example, has disallowed its popular browser, Firefox, from downloading new versions of Flash for these security reasons.

--Operators of crime ware, like ransomware, are hiring and funding professional development teams to help them make sure their tactics remain profitable.

--Criminals are turning to the anonymous Web network Tor and the Invisible Internet Project (I2P) to relay command-and-control communications while evading detection.

--Adversaries are once again using Microsoft Office macros to deliver malware. It's an old tactic that fell out of favor, but it's being taken up again as malicious actors seek new ways to thwart security protections.

--Malware authors are increasing their use of techniques such as sandbox detection to conceal their presence on networks.

--Spam volume is increasing in the United States, China and the Russian Federation, but remained relatively stable in other regions in the first five months of 2015.

--The security industry is paying more attention to mitigating vulnerabilities in open-source solutions.

--Continuing a trend covered in the Cisco 2015 Annual Security Report, exploits involving Java have been on the decline in the first half of 2015.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 15 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...