Cisco Security Report 2018

A synopsis of note worthy information from the Cisco 2018 Security Report

Full report Available here

  • Companies weak again IOT threats. IoT = more advanced DDoS attacks
  • Increase in Dropbox, googledrive, pastebin etc for CnC traffic, first done by APTs
  • Still Ransomware, but now Self propograting accross the network
  • Using suply chain hacking to distribute Trojans via legit software updates
  • Google lowering ranking cos no HTTPS site and displaying warnings when visting sites. Increases the use HTTPS certs for traffic. Attackers using Encryption using cheap/free SSL Certs
  • Behaviour analytics tools work well
  • IE still being attacked
  • Javascript use consistent and significant
  • Angler went offline. Hackers moved back to Email attack vector
  • Malicious Attachments Office 38%. Zip, .jar 37%. PDF 14%
  • Email still vital channel for malware distribution
  • Urls using Subdomains and string of 50-62 letters of random chars
  • .com still most popular TLD
  • most popular URL shortener
  • Malicious payloads being delivered after the document is closed. Sandboxes not very good at Document_closed actions
  • Word docs embedded into PDFs – can evade Sandboxing detection
  • Use Content-aware Sandboxes
  • Increase in DevOps ransomware hitting MongoDB
  • Attack vectors
    • Network
      • 35% TCP Syn Flood
      • 23% UDP
      • 18% ICMP
    • Application
      • 37% HTTP
      • 28% HTTPS
      • 33% DNS
  • Increase in “Burst” DSoS attacks. Attacks only lasting a few minutes with intervals of 5-15 minutes. Aimed at Time Sensitive web sites like Gambling. Manifest themselves as TCP-SYN floods, ACK flods and UDP floods to multiple ports.
  • Increase in DDoS reflection amplification attacks
  • Loads on “Leak points” unkown endpoint connections to the Internet within organisations. Finance worst sector for it.
  • Lack of Security Staff stops companies from implementing new cyber capabilities.
  • Key capabilities defenders would add if they added staff.
    • Endpoint forensics 19%
    • Cloud Access Security Broke (CASB) 17%
    • Web app firewall 17%
    • Intrusion prevention 16%
    • Multifactor auth 16 %
    • Firewall 16%
  • Companies want to outsoure or automate routine activities
  • Waiting 30 days to patch, no longer considered best practice
  • Common Weakness Enumeration (CWE) Buffer overflows down 22% Input validation up 15%. Permissions, privileges and access up 18% and Information leak/disclosure up 100% and worst, command injection up 114%
  • Defenders should consider that Third-party software libraries are targets for hackers. updates should be delievered over a secure channel
  • Sec teams should proactively audit devices, configurations in features. should ask third pary vendors about update and patching processes
  • IoT patching very slow or non existent. 83% of devices have critical vulns. companies seem unmotivated to secure and patch. Companies don’t even know how many IOT Devices they have. Should determine if they are scannable, if still supported by vendors. should ensure that they get firmware updates and patched regularly
  • Attackers evolving faster than Defenders
  • 53% of attacks result in damages of >$500,000. including lost revenue, customers, opportunities and out-of -pocket costs. 30% cost <$100,000
  • mobile devices, Data in public cloud and user behaviour most difficult areas to defend. Budget, interoperability and personnel cited as biggest constraints
  • Big challenge managing alerts from multiple security vendors
    • 44% of alerts not investigated
    • 34% deemed a legit alert
    • only 51% of legit alerts remediated
    • Main issue lack of trained staff
  • Need to be prepared for breach from a Marketing and PR perspective
  • 32% of breaches effected 50% of systems. Operations and Finance most likely to be affected
  • Malware goes up, Time to detection goes down


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close