InfoSec professionals can’t afford to maintain the status quo when it comes to cyber defense — and they know it. However, just in case anyone forgot why they have to stay so vigilant, Cisco released their 2015 Midyear Report to remind us just how dangerous data breach vulnerabilities have become.
According to the research, attackers are continuously finding innovative ways to circumvent current cyber defense methods. With the high cost of security breaches and the considerable time it takes companies to realize an incident has occurred, adjusting defenses to threats identified by Cisco isn’t an option—it’s a necessity.
Flash Vulnerabilities Give Rise to More Powerful Exploit Kits
Remember when no one understood why Steve Jobs refused to support Adobe Flash?
As it turns out, it’s one of the biggest sources of cyber attacks in light of its widespread use and increasingly abundant vulnerabilities. In 2014, a total of 41 Flash vulnerabilities were identified, and in the first 6 months of 2015, Cisco discovered 62 known issues.
Cyber criminals are using exploit kits to take advantage of Flash vulnerabilities; these attacks take advantage of what Cisco calls the “Patching Gap,” or the time between when Adobe issues a Flash update and when users actually install it.
While this type of attack is tough to detect, even via a retrospective analysis, staying up-to-date with the latest Flash security patches is a surefire way to reduce data breach vulnerabilities across the board.
Angler exploit kits were found to have compromised about 40% of users who encountered the attack vector. Authors of Angler attacks are innovative enough to quickly identify Flash vulnerabilities and then exploit the Patching Gap.
Attacks typically begin when users are duped by what is called malvertising (malicious online advertising). These ads then drive traffic to cleverly built landing pages that take advantage of user tendencies to trust websites. The landing pages carry out attacks by delivering encrypted payloads such as Trojan Cryptowall ransomware.
Angler exploit kits showcase the sophistication of modern cyber criminals in two ways. First, authors deploy multiple IP addresses to confuse security systems. Second, these kits excel at domain shadowing, hiding malicious subdomain activity under a legitimate - but compromised, user domain.
Cyber criminals have done their research, and understand the high price you’re willing to pay to regain access to your sensitive data. These vectors make cyber crime more profitable, while also delivering advanced persistent threats (APTs) for future attacks.
Paying off a ransom doesn’t mean you’re safe from cyber criminals. As a result, air gapping and backing up files regularly is a necessary precaution.
New Threats Cause More Lethal Data Breach Vulnerabilities
Cisco identified Rombertik malware as a major threat in the first half of 2015. This attack vector isn’t just about stealing data—it’s about destroying it. It steals data and sends it to compromised servers - but its evasion techniques set it apart from other vectors.
With anti-analysis tools such as garbage code and sandbox aversion, Rombertik is a persistent threat that is capable of crippling systems if it goes undiscovered. If security professionals weren’t motivated to adapt to the changing threat landscape before, Rombertik will make them think twice.
Retro Attacks are Back and More Dangerous than Ever
Cyber attackers are experts at quickly changing existing attack vectors for swift deployment. While Microsoft Office macro attacks were dormant for a while, Cisco discovered that they’ve returned.
Now, the Dridex Trojan digs deep into systems after users fall victim to phishing scams, leaving plenty of time for criminals to steal information before detection. Want to thwart these attacks? Supplement your anti-virus solutions with defense-in-depth solutions like virus outbreak filters.
Putting an End to the “It Will Never Happen to Me” Mentality
Cisco’s Midyear Report makes it clear that today’s cyber attackers are busy honing their skills and finding new ways to circumvent common security practices. Cybersecurity teams need to implement the tips included in the report as quickly as possible to protect their organization from known data breach vulnerabilities.
Additionally, they need to start architecting a more proactive defensive strategy that will ensure greater protection against the unknown threats they’re likely to face in the future.
Recommended for you: