Cisco’s 2017 Midyear Cybersecurity Report draws on the company’s broad view into networks – a daily feed of more than 40 billion points of telemetry – as well as insights from security technology partners including Qualys, Radware, Rapid7, RSA and ThreatConnect.
The headline: Attacks leveraging IoT and other connected devices could rise to levels that Cisco calls “destruction of service” and result in the decimation of customers’ backups and the systems required to restore operations and data after an attack. Mobilization of IoT botnets could potentially disrupt the Internet itself.
A sampling of findings that partners will find useful when discussing security with customers include:
1. Ransomware. Now for lazy crooks, too. Cisco says that in 2016, about half of all companies suffered at least one cyber-ransom incident, either a ransomware attack (39 percent) or a ransom denial-of-service (RDoS) attack (17 percent). And, all businesses are at risk: Twenty-nine percent of SMBs reported ransomware compared with 21 percent of organizations with more than 10,000 employees. Customers may not have RDoS on their radars, but the typical ransom demand is 10 to 200 bitcoins, or about $3,600 to $70,000. Don’t pay, and the attackers may take down the target’s networks with traffic volumes typically exceeding 100 Gbps. Demands on the lower end of that bitcoin spectrum may signal a bluff; in the full report, Cisco lays out four signs that the group demanding payment may not have the means to actually launch an attack. Ransomware as a service, where unsophisticated groups buy exploits, is also on the rise. Action: Protection against encryption ransomware is a multi-pronged effort. Deflecting DDoS attacks of any sort demands preparation, including evaluating if the customer needs a DDoS mitigation service.
2. Email fraud is costly and on the rise: Business email compromises include crooks pretending to be a CEO and conning a CFO into making a wire transfer — one company was taken for $480,000, but insurance refused to cover the loss. According to the Internet Crime Complaint Center, $5.3 billion was stolen due to business email fraud between October 2013 and December 2016. In comparison, ransomware exploits took in $1 billion in 2016. Action: Cisco says combating email fraud usually requires improvements in education and business processes, as opposed to threat defense tools. For example, you might recommend that customers require employees to verify all wire transfers with the requesting employee by phone.
3. Spam volume has risen since mid-2016. Cisco’s explanation is that adversaries who had relied heavily on exploit kits to deliver ransomware are turning to spam emails, including messages containing macro-laden documents that can defeat many sandboxing technologies, if the attacker can trick a user into opening the file. Threat researchers anticipate that the volume of spam with malicious attachments will continue to rise while the exploit kit landscape remains in flux. Action: Make sure spam filtering technology is in place at the gateway. Better to keep malicious email from …