The Cisco report includes many global findings, but they are all united by one fact: the world of cyber attacks is complex and changeable. As new attack strategies emerge, new defense strategies emerge in response to them, covering “unlocked doors”. And this, in turn, gives life to developing new or refining old attack strategies that pose a real threat to any business and its potential profits.
Weak security tools and the inflexibility of large corporation-level businesses leave huge holes in the protection of the network as a whole. However, this does not mean that IT departments need to change strategy every year. Rather, you should follow the trends and be aware of which threats are the most dangerous at the moment. At the same time, we should not forget about the traditional threats, because history really tends to repeat itself.
All of these findings highlight changes in the world of cybersecurity — the main damage is caused by new methods of attack, which are gaining popularity, including BEC. At the same time, the growth of cloud and other technologies from the category of IoT opens up completely new directions. Although hackers continue to use traditional methods, while companies forget that they still need to defend themselves against them - this is especially true for email-spam.
At the same time, Cisco noted that protection practices have improved significantly lately. For example, automatic updates have become the standard for the functioning of modern systems - even mobile versions. It may annoy us that Microsoft forces us to upgrade to Windows 10, or that Apple tirelessly reminds us of the need to install the latest version of iOS, but this is all for our own safety. With so fast updates, cybercriminals simply shift the focus back to email and virus technology. And they can be considered habitual traditional threats, although the methods of their application are modified.
Old techniques are combined with new attack formats. The modern way of extorting money for disabling virus programs is based on a long-known technique: packaging malicious files into email messages. He is flavored with the hope that someone will simply download and open them, without thinking twice, whether it is worth it.
Researchers from Cisco note that the growth in spam has been correlated with a decline in activity of hackers using exploit whales to launch attacks. As a rule, such a policy was convenient for penetration through the already known security holes.
For example, the popular Flash player for sites was well-known for its security jambs, and now mainstream web browsers have limited its use for this very reason. Constant updates and reduction in the prevalence of Flash technology has made it a less popular tool for gaining access to user resources among hackers. Instead, they turned to email.
Having done the simplest homework in “social intelligence”, the fraudsters are trying to ensure that the victim opens the Vordovskiy document without suspicion, allegedly from his best friend and gives access to his entire system.
A Cisco report also warns that spam is not the only way to use phishing scams. Disguising corporate correspondence fraud (BEC) is an even bigger headache than using ransom-oriented viral attachments.
The BEC campaign is carried out using email messages sent to the company's employees responsible for financial calculations. As a rule, fraudsters conduct preliminary training and study the company's hierarchy - for example, they use social networks to build a potential management chain. A scam letter instructing a remittance to a prospective business partner or paying the seller may look like a message from the CEO or from another top manager.
Of course, all this requires careful efforts and preparation, and the fraudster often models the situation of urgency so that the victim does not have time to double-check the information. According to a Cisco report, the targets of such attacks are most often large targets - such as Google or Facebook - and they are really vulnerable in this sense, despite the development of sufficiently mature protection strategies, including against this type of fraud. Although the most successful are attacks on the SMB segment, since such companies, as a rule, do not formalize the communication processes between employees.
Cisco also notes that because fraudulent emails use true social information, they do not contain any suspicious attachments. And so it is easy to bypass the standard protection barriers. And, on average, they create $ 1.7 billion in losses for businesses annually.
E-mail - this is really the grandfather of modern technology. And even if there are still opportunities for successful attacks, then there is every chance that hackers will also be successful in the case of the latest technologies. Unless the attitude to the security problem as a whole changes.
For example, the emerging technologies IoT already contain a traditional flaw: the developers are thinking about protection last. Most of the IoT services just leave the front door unlocked, and although I literally just entered the market, the IoT-based botnets are right there. In 2016, a significant part of cyber attacks was accomplished through integrated devices turned into botnets.
Such DDoS attacks use an army of unified IoT devices (similar to a network of infected computers) to overload and collapse corporate networks. In its report, Cisco analyzes in detail the activities of the three most famous botnets: Mirai, BrickerBot, and Hajime.
Similarly with cloud technology. A Cisco report shows that 60% of users never log out of cloud service interfaces. This does not matter, but for hackers it is downright neon sign "Welcome" and the possibility of unauthorized access to services.
Source: https://habr.com/ru/post/337442/