This month has seen the release of Cisco Systems’ Annual Cybersecurity Report (ACR). Compiled from a survey of 3600 chief security officers (CSOs) and security operations leaders from all over the world, the report seeks to highlight the emerging threats in the ever changing world of cybersecurity. The full report can be found here but for those of you who may not have the time to digest the full 68 page document, I’ve summarised the three main takeaways of the report:
No. 1: Malware is becoming increasingly sophisticated and having more impact
The report reveals that the evolution of malware was one of the most significant developments in cybersecurity in 2017. It reports the advent of network-based ransomware eliminating the need for a human element in launching ransomware campaigns and there’s also the issue of self-propagating malware which has the potential to take down the internet.
No. 2: Adversaries are becoming more adept at evasion—and weaponizing cloud services and other technology used for legitimate purposes
As well as developing threats that can use increasingly sophisticated sandboxing environments, cybercriminals are widening their use of encryption to evade detection. While encryption is meant enhance security, it can also be used by cybercriminals as a powerful tool to conceal command-and-control (C2) activity, giving them more time to operate and inflict damage. They are also adopting more and more C2 channels that rely on legitimate internet services such as GitHub, Dropbox and even Google. This can make malware traffic almost impossible to identify.
The report also reveals that many attackers are now launching multiple campaigns from a single domain, giving them the best return on their investment. Added to this, they’re also reusing things such as nameservers, autonomous system numbers (ASNs) and registrant email addresses.
No. 3: Cybercriminals are exploiting undefended gaps in security, many of which ste from the expanding use of cloud services and the Internet of Things.
IoT devices are being deployed more and more by businesses but they often pay little attention to the security of these systems. According to Cisco’s research, IoT devices that are unpatched and unmonitored present attackers with opportunities to infiltrate networks. Worryingly, the research suggests that many of these organisations with IoT devices are unmotivated to remedy this lack of security.
Talent International: Cybersecurity talent specialists
Here at Talent International, we’re passionate about cybersecurity and we’ve helped businesses across the globe source some of the finest talent in this field. If your business is looking for cybersecurity specialists or you’re a cybersecurity professional looking to move your career forward, get in touch with us.