As adversaries rapidly refine their ability to develop and deploy malware that can breach network defenses and evade detection, the security industry, as a whole, struggles to innovate at a similar pace。
This dynamic creates a significant problem for organizations investing in security products and services: They often end up choosing individual solutions to address security gaps,only to create more weak points in their threat defenses。
The Cisco 2015 Midyear Security Report examines these intersecting challenges while also providing updates on some of the most compelling threats。Using research by our experts,it provides an overview of the major threats observed in the first half of 2015.
This report also explores likely future trends and offers advice for small,midsize,and enterprise organizations that seek security solutions and services。
The report is divided into two main areas:
Threat IntelligenceThis section gives an overview of the latest threat research from Cisco。 We discuss:
- Updates on exploit kits such as Angler
- Criminals’ increasing use of macros involving Microsoft Office
- New tactics from malware authors to evade detection
- Risk of malware encounters for specific industry verticals
- Time to detection of threats
- Updates on spam,threat alerts,Java exploits,and malvertising
Analysis and Observations
In this section we cover security industry consolidation and the emerging concept of integrated threat defense。Other topics in focus include the importance of building trust and security into products and the value of engaging security services organizations in a market where skilled security talent is scarce。Lastly,we discuss how a cohesive cybergovernance framework can be a step toward sustaining business innovation and economic growth on the global stage。
Major Discoveries
Adversaries continue to innovate as they slip into networks undetected and evade security measures。
Exploits of Adobe Flash vulnerabilities are increasing。 They are regularly integrated into widely used exploit kits such as Angler and Nuclear。
Angler continues to lead the exploit kit market in terms of overall sophistication and effectiveness。
Operators of crimeware,like ransomware,are hiring and funding professional development teams to help them make sure their tactics remain profitable。
Criminals are turning to the anonymous web network Tor and the Invisible Internet Project (I2P) to relay command-and-control communications while evading detection。
Adversaries are once again using Microsoft Office macros to deliver malware。It’s an old tactic that fell out of favor,but it’s being taken up again as malicious actors seek new ways to thwart security protections。
Some exploit kit authors are incorporating text from Jane Austen’s classic novel Sense and Sensibility into web landing pages that host their exploit kits。 Antivirus and other security solutions are more likely to categorize these pages as legitimate after “reading” such text。
Malware authors are increasing their use of techniques such as sandbox detection to conceal their presence on networks。
Spam volume is increasing in the United States,China,and the Russian Federation,but remained relatively stable in other regions in the first five months of 2015.
The security industry is paying more attention to mitigating vulnerabilities in open-source solutions。
Continuing a trend covered in the Cisco 2015 Annual Security Report,exploits involving Java have been on the decline in the first half of 2015.
Introduction
The tactics developed by malware authors and online criminals have shown increasing sophistication over the past several years。Recent Cisco security reports have chronicled such innovation in the shadow economy,along with security professionals’fight to stay ahead of adversaries。What’s new is the threat actors’ growing ability to innovate rapidly and enhance their capacity to compromise systems and evade detection。In the first half of 2015,the hallmark of online attackers may be their willingness to evolve new tools and strategies—or recycle old ones—to dodge security defenses。 Through tactics such as obfuscation,they can not only slip past network defenses but also carry out their exploits long before they are detected—if ever。
Security vendors are responding with their own innovations。For example,researchers are adding support for the analysis of new file formats such as 。cab and 。chm as new attacks are detected using those formats。In addition,vendors are developing new detection engines and constantly evaluating and evolving heuristics。
Security vendors know they need to stay agile。If they or their networks let down their guard even briefly,attackers will get the upper hand。But the pace of innovation in the industry is not as rapid as it needs to be。
Many vendors are offering piecemeal or individual solutions to security problems。And buyers—that is,the organizations that purchase security tools from vendors—are eagerly looking for stopgap products,not in-depth strategic solutions。But because they are not integrating technologies and processes across the entire security footprint,their management of security tools becomes unwieldy。
Security industry consolidation and a close integration of leading technologies can help,in time,to move organizations away from taking a product-by-product approach to implementing their defenses (see page 33)。
Meanwhile,a proactive and in-depth defense strategy,of which technology is just one component, can help small,midsize,and enterprise organizations and their security teams meet the threat of criminal innovation described in this report。
······
