Deficient Security Gives Cyber-Attackers Free Rein

Deficient Security Gives Cyber-Attackers Free Rein

Deficient Security Gives Cyber-Attackers Free ReinDeficient Security Gives Cyber-Attackers Free Rein

Cyber-attackers usually have ample time to damage a company’s security because of its fragile infrastructure, poor network hygiene and slow detection rates.

Ransomware Dominates MalwareRansomware Dominates Malware

Ransomware is the most profitable malware type, and businesses are the top target. During Q1 and Q2 2016, ransomware targeted both individual and enterprise users, and it became more widespread and potent.

Exploit Kits Plumb Adobe Flash VulnerabilitiesExploit Kits Plumb Adobe Flash Vulnerabilities

Cisco researchers examined Nuclear Exploit Kit and found that Adobe Flash accounts for 80% of successful exploits.

JBoss Used For Ransomware CampaignsJBoss Used For Ransomware Campaigns

JBoss-related compromises have made significant inroads in servers, leaving them vulnerable to attack.

HTTPS Traffic IncreasesHTTPS Traffic Increases

There was a fivefold increase in HTTPS traffic related to malicious activity, which can be attributed to malicious ad injectors and adware. Increased use conceals attackers’ activity on the web and expands their time to operate.

Patches Downloaded Too LatePatches Downloaded Too Late

Major vendors supply patches when vulnerabilities are announced, but many users do not download and install them in a timely matter. The gap between availability and implementation gives attackers ample time to launch exploits.

Old Vulnerabilities PersistOld Vulnerabilities Persist

An examination of infrastructure and patches to operating systems reveals that 23% of devices have vulnerabilities dating back to 2011. 16% have vulnerabilities that were first published in 2009.

Attackers Hide by Using Transport Layer SecurityAttackers Hide by Using Transport Layer Security

Transport Layer Security (TLS), the protocol for encrypting network traffic, is being used by attackers to hide what they’re doing. This makes deep-packet inspection ineffective.

Time to Detection Rates Are IntolerableTime to Detection Rates Are Intolerable

The current time to detection rate of 100 to 200 days is unacceptable. With adversaries constantly unleashing new threats, companies must move swiftly. Between December 2015 and April 2016, Cisco reduced its median TTD to 13 hours.

RecommendationsRecommendations

Institute and test an incident response plan to enable swift return to normal business operations after a ransomware attack.
Do not blindly trust HTTPS connections and SSL certificates.
Patch published vulnerabilities quickly in software and systems, including routers and switches.
Educate users about the threat of malicious browser infections.
Understand what actionable threat intelligence is.

More RecommendationsMore Recommendations

Integrate defenses by leveraging an architectural approach to security versus deploying niche products.
Measure time to detection. Insist on the fastest time available to uncover threats, then mitigate against them immediately. Include metrics in the security policy.
Protect your users everywhere they work—not just the systems they interact with and when they are on the corporate network.
Back up critical data and routinely test effectiveness to confirm that backups are not susceptible to compromise.

Karen A. Frenkel
Karen A. Frenkel
Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles