Cisco 2017 Midyear Cybersecurity Report predicts new "Destruction of Service" attacks; scale and impact of threats grow
SAN JOSE, CA--(Marketwired - Jul 20, 2017) - The Cisco® (NASDAQ: CSCO) 2017 Midyear Cybersecurity Report (MCR) uncovers the rapid evolution of threats and the increasing magnitude of attacks, and forecasts potential "destruction of service" (DeOS) attacks. These could eliminate organizations' backups and safety nets, required to restore systems and data after an attack. Also, with the advent of the Internet of Things (IoT), key industries are bringing more operations online, increasing attack surfaces and the potential scale and impact of these threats.
Recent cyber incidents such as WannaCry and Nyetya show the rapid spread and wide impact of attacks that look like traditional ransomware, but are much more destructive. These events foreshadow what Cisco is calling destruction of service attacks, which can be far more damaging, leaving businesses with no way to recover.
The Internet of Things continues to offer new opportunities for cybercriminals, and its security weaknesses, ripe for exploitation, will play a central role in enabling these campaigns with escalating impact. Recent IoT botnet activity already suggests that some attackers may be laying the foundation for a wide-reaching, high-impact cyber-threat event that could potentially disrupt the Internet itself.
Measuring effectiveness of security practices in the face of these attacks is critical. Cisco tracks progress in reducing "time to detection" (TTD), the window of time between a compromise and the detection of a threat. Faster time to detection is critical to constrain attackers' operational space and minimize damage from intrusions. Since November 2015, Cisco decreased its median time-to-detection (TTD) from just over 39 hours to about 3.5 hours for the period from November 2016 to May 2017. This figure is based on opt-in telemetry gathered from Cisco security products deployed worldwide.
Threat Landscape: What's Hot and What's Not
Cisco security researchers watched the evolution of malware during the first half of 2017 and identified shifts in how adversaries
are tailoring their delivery, obfuscation and evasion techniques. Specifically, Cisco saw they increasingly require victims to activate threats by clicking on links or opening files. They are
developing fileless malware that lives in memory and is harder to detect or investigate as it is wiped out when a device restarts. Finally adversaries are relying on anonymized and decentralized
infrastructure, such as a Tor proxy service, to obscure command and control activities.