July 20, 2017 by Canadian Underwriter
The potential for “destruction of service” (DeOS) attacks is greatly concerning and organizations would be well-advised to adopt a proactive cyber stance in their protection efforts to combat increasingly sophisticated attackers, warns a new report from Cisco.
“Cyber incidents such as WannaCry and Nyetya show the rapid spread and wide impact of attacks that look like traditional ransomware, but are much more destructive,” the firm cautioned Thursday in releasing the Cisco 2017 Midyear Cybersecurity Report.
“These events foreshadow what Cisco is calling destruction of service attacks, which can be far more damaging, leaving businesses with no way to recover,” the company notes. “These could eliminate organizations’ back-ups and safety nets, required to restore systems and data after an attack,” it explains.
The WannaCry and Nyetya attacks show “adversaries are becoming more and more creative in how they architect their attacks,” Steve Martino, vice president and chief information security officer at Cisco, says in the statement.
“How DeOS attacks will play out and what they will look like depends on the threat actors’ core motivations and the limits of their creativity and capabilities,” the latest report adds.
“While the majority of organizations took steps to improve security following a breach, businesses across industries are in a constant race against the attackers. Security effectiveness starts with closing the obvious gaps and making security a business priority,” Martino comments in the statement.
Examining the latest threat intelligence gathered by Cisco Collective Security Intelligence, it offers data-driven industry insights and cyber security trends from the first six months of 2017, along with recommendations to improve security posture.
Cisco recommends that organizations take a proactive stance in their protection efforts, by doing the following:
Experience in the first half of the years shows that use of malware is evolving, with Cisco security researchers identifying “shifts in how adversaries are tailoring their delivery, obfuscation and evasion techniques. Specifically, Cisco saw they increasingly require victims to activate threats by clicking on links or opening files,” the statement explains.
“They are developing fileless malware that lives in memory and is harder to detect or investigate as it is wiped out when a device restarts.”
Also of concern are developments around the Internet of Things (IoT), which could put certain key industries in harm’s way if steps are not taken to “improve security posture as information technology and operational technology converge,” the statement notes.
With IoT, Cisco reports key industries are bringing more operations online, thereby increasing attack surfaces and the potential scale and impact of these threats.
IoT “continues to offer new opportunities for cyber criminals, and its security weaknesses, ripe for exploitation, will play a central role in enabling these campaigns with escalating impact,” the statement notes.
“Recent IoT botnet activity already suggests that some attackers may be laying the foundation for a wide-reaching, high-impact cyber-threat event that could potentially disrupt the Internet itself,” it continues.
The report also identifies other threats that are on the rise:
“Revenue generation is still the top objective of most threat actors,” the report notes. “However, some adversaries now have the ability – and often now, it seems, the inclination – to lock systems and destroy data as part of their attack process.”
“The dramatic increases in cyber attack frequency, complexity and size over the past year suggests that the economics of hacking have turned a corner,” the report notes.
Citing observations from Radware, the modern hacking community is benefiting from the following:
“As criminals continue to increase the sophistication and intensity of attacks, businesses across industries are challenged to keep up with even foundational cybersecurity requirements,” the statement notes.
“Malicious actors are taking advantage of that ever-expanding attack surface. The breadth and depth of recent ransomware attacks alone demonstrate how adept adversaries are at exploiting security gaps and vulnerabilities across devices and networks for maximum impact,” the report states.
“It is important for defenders to understand changes in adversaries’ tactics so that they can, in turn, adapt their security practices and educate users,” the report further advises.
Cisco’s Security Capabilities Benchmark Study – which involved surveying almost 3,000 security leaders across 13 countries – found that “across industries, security teams are increasingly overwhelmed by the volume of attacks. This leads many to become more reactive in their protection efforts,” the statement notes.
Even in the most responsive industries (such as finance and healthcare), businesses are mitigating less than 50% of attacks they know are legitimate, the findings show.
Across most industries, breaches drove at least modest security improvements in at least 90% of organizations, the survey found. That said, some industries (such as transportation) are less responsive, falling slightly more than 80%.
Other findings include the following:
“Complexity continues to hinder many organizations’ security efforts,” suggests David Ulevitch, Cisco’s senior vice president and general manager of its Security Business Group.
“To effectively reduce time to detection and limit the impact of an attack, the industry must move to a more integrated, architectural approach that increases visibility and manageability, empowering security teams to close gaps,” Ulevitch advises.