Cut down on TDD to keep cyber attacks at bay: Cisco Report

NEW DELHI: The digital economy and the Internet of Everything (IoE) are creating new attack vectors and as a result, organizations need to reduce time to detection (TTD) to ward off such attacks, a Cisco Midyear Security report says.

The Cisco 2015 Midyear Security Report, which analyzes threat intelligence and cybersecurity trends, shows that new risks associated with Flash, the evolution of ransomware, and the Dridex mutating malware campaign, reinforce the need for reduced time to detection.

The digitization of businesses are making malwares and threats becoming even more pervasive, which throws a light on the security industry’s estimates of 100 to 200 days for TTD. In contrast, the average TTD for Cisco Advanced Malware Protection (AMP), with its retrospective analysis of attacks that make it past existing defenses, is 46 hours.

The findings also underscore the need for businesses to deploy integrated solutions, point products, work with trustworthy vendors, and enlist security services providers for guidance and assessment. Further, geopolitical experts have declared that a global cyber governance framework is needed to sustain economic growth.

The key findings from the study include the following:

· Ang1ler: Adversaries Darting in the Shadows Angler is currently one of the most sophisticated and widely used exploit kits because of its innovative use of Flash, Java, Internet Explorer, and Silverlight vulnerabilities. It also excels at attempting to evade detection by employing domain shadowing, as one of its techniques, accounting for the lion’s share of domain shadowing activity.

· Flash is Back – Exploits of Adobe Flash vulnerabilities, which are integrated into Angler and Nuclear exploit kits, are on the rise. This is due to lack of automated patching, as well as consumers who fail to update immediately.

· In the first half of 2015, there has been a 66 percent increase in the number of Adobe Flash Player vulnerabilities reported by the Common Vulnerabilities and Exposure (CVE) system over all of 2014. At this rate, Flash is on pace to set an all-time record for the number of CVEs reported in 2015.

· The Evolution of Ransomware – Ransomware remains highly lucrative for hackers as they continue to release new variants. Ransomware operations have matured to the point that they are completely automated and carried out through the dark web. To conceal payment transactions from law enforcement, ransoms are paid in cryptocurrencies, such as bitcoin.

· Dridex: Campaigns on the Fly - The creators of these quickly mutating campaigns have a sophisticated understanding of evading security measures. As part of their evasion tactics, attackers rapidly change the emails’ content, user agents, attachments, or referrers and launch new campaigns, forcing traditional antivirus systems to detect them anew.

John N Stewart, Senior Vice-President, Chief Security and Trust Officer, Cisco, says: “Organizations cannot just accept that compromise is inevitable, even if it feels like it today. The technology industry must up the game and provide reliable and resilient products and services, and the security industry must provide vastly improved, yet meaningfully simplified, capabilities for detecting, preventing, and recovering from attacks. This is where we are leading. We are regularly told that business strategy and security strategy are the top two issues for our customers, and they want trusted partnerships with us. Trust is tightly linked to security, and transparency is key so industry-leading technology is only half the battle. We're committed to providing both: industry-defining security capabilities and trustworthy solutions across all product lines.”

Jason Brvenik, Principal Engineer, Security Business Group, Cisco, adds: “Hackers, being unencumbered, have the upper hand in agility, innovation and brazenness. We see this time and again, whether it is nation state actors, malware, exploit kits or ransomware. A purely preventive approach has proven ineffective, and we are simply too far down the road to accept a time to detection measured in hundreds of days. The question of ‘what do you do when you are compromised’ highlights the need for organizations to invest in integrated technologies that work in concert to reduce time to detection and remediation to a matter of hours; and then they should demand their vendors help them to reduce this metric to minutes.”