Attackers are expanding their tactics and becoming harder to detect, users are increasingly being targeted and are unknowingly aiding the attacks, and defenders think their security is optimized even though that may not be the case, according to the “Cisco 2015 Annual Security Report.”
Surveying 1,738 CISOs and SecOps managers for its Cisco Security Capabilities Benchmark Study, which is included in the report, roughly 40 percent of respondents said they are using patching and configuration to prevent breaches, and only 10 percent said they are running the latest version of Internet Explorer, yet 90 percent feel “confident” in their security efforts and 75 percent see their security tools as very or extremely effective.
John Stewart, chief security and trust officer with Cisco, told SCMagazine.com that the numbers speak on the separation between “believing everything is fine” when all is quiet, and then realizing “nothing is fine” when something invariably does happen.
Jason Brvenik, principal engineer of the security business group at Cisco, told SCMagazine.com that defenders are not making it harder for attackers. Focusing on the Internet Explorer data point, he said that one answer may be in automatically updating browsers such as Chrome, which has 64 percent of users running the latest version.
Considering that 56 percent of devices indexed use versions of OpenSSL more than 50 months old – meaning they are vulnerable to the critical Heartbleed bug – keeping software up-to-date may be more important now than ever.
“We saw a 34 percent drop in exploits in Java,” Brvenik said. “Java has become more secure. Attackers have noted this, so we saw a rise in the exploit of Silverlight consequently.” According to the report, the volume of Silverlight attacks has increased 228 percent since December 2012.
The report shows a 250 percent increase in spam volume from January 2014 to November 2014 – notably snowshoe spam, an emerging threat that involves sending low volumes of spam from a large set of IP addresses in order to avoid detection.
The attackers are also concealing their activities by using flash malwarethat interacts with JavaScript, which makes threats more challengingto detect and tougher to analyze. Additionally, users may not be aware that they have been affected by malvertising, which spiked in 2014, particularly in the second half of the year.
In the report, Cisco outlined a set of security principals to help organizations better understand and respond to today's cyber challenges. These include security working with existing architecture, security being transparent, and security enabling visibility.
