Cisco Security Report 2018

 

A synopsis of of the Cisco 2018 Security Report

The full report is Available here

  • Companies weak against IOT (Internet of Things) threats. IoT = more advanced DDoS attacks
  • Increases in Dropbox, googledrive, pastebin etc for CnC (Command and Control) traffic, first done by APTs (Advanced Persistent Threats)
  • Ransomware still active, but now Self propagating across the network
  • Using supply chain hacking to distribute Trojans via legitimate software updates
  • Google lowering ranking because of no HTTPS site and displaying warnings when visiting sites. Increases the use HTTPS certs for traffic. Attackers using Encryption, cheap/free SSL Certs
  • Behavior analytics tools work well
  • IE (Internet Explorer) still being attacked
  • JavaScript use consistent and significant
  • Angler Kit went offline. Hackers moved back to the Email attack vector
  • Malicious Attachments Office 38% .Zip & .Jar 37%. PDF 14%
  • Email is still a vital channel for malware distribution
  • Urls using Subdomains and string of 50-62 letters of random chars
  • .com still most popular TLD
  • Bitly.com is the most popular URL shortener
  • Malicious payloads being delivered after the document is closed. Sandboxes not very good at Document_closed actions
  • Word docs being embedded into PDFs – this can evade Sand boxing detection
  • Use of Content-aware Sandboxes
  • Increase in DevOps ransomware hitting MongoDB
  • Attack vectors
    • Network
      • 35% TCP Syn Flood
      • 23% UDP
      • 18% ICMP
    • Application
      • 37% HTTP
      • 28% HTTPS
      • 33% DNS
  • Increase in “Burst” DDoS attacks. Attacks only lasting a few minutes with intervals of 5-15 minutes. Aimed at Time Sensitive web sites like Gambling. Manifesting themselves as TCP-SYN floods, ACK floods and UDP floods to multiple ports.
  • Increase in DDoS reflection amplification attacks
  • Loads on “Leak points” unknown endpoint connections to the Internet within organisations. Finance worst sector for it.
  • Lack of Security Staff stops companies from implementing new cyber capabilities.
  • Key capabilities defenders would add if they added staff.
    • Endpoint forensics 19%
    • Cloud Access Security Broker (CASB) 17%
    • Web app firewall 17%
    • Intrusion prevention 16%
    • Multi-factor authentication 16 %
    • Firewall 16%
  • Companies want to outsource or automate routine activities
  • Waiting 30 days to patch, no longer considered a best practice
  • Common Weakness Enumeration (CWE) Buffer overflows down 22% Input validation up 15%. Permissions, privileges and access up 18% and Information leak/disclosure up 100% and worst of all, command injection up 114%
  • Defenders should consider that Third-party software libraries are targets for hackers. updates should be delivered over a secure channel
  • Security teams should proactively audit devices, configurations in features. should ask third party vendors about update and patching processes
  • IoT patching very slow or non existent. 83% of devices have critical vulnerabilities. companies seem unmotivated to secure and patch. Companies don’t even know how many IOT Devices they have. Should determine if they are scanable, if still supported by vendors. should ensure that they get firmware updates and patched regularly
  • Attackers evolving faster than Defenders
  • 53% of attacks result in damages of >$500,000. including lost revenue, customers, opportunities and out-of -pocket costs. 30% cost <$100,000
  • mobile devices, Data in public cloud and user behavior most difficult areas to defend. Budget, interoperability and personnel cited as biggest constraints
  • Big challenge managing alerts from multiple security vendors
    • 44% of alerts not investigated
    • 34% deemed a legit alert
    • only 51% of legit alerts re-mediated
    • Main issue lack of trained staff
  • Need to be prepared for breach from a Marketing and PR perspective
  • 32% of breaches effected 50% of systems. Operations and Finance most likely to be affected
  • Malware goes up, Time to detection goes down

 

Summary
Article Name
Cisco Security Report 2018
Description
A synopsis of of the Cisco 2018 Security Report
Author
Publisher Name
OIC Solutions

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close