Cyber War Is Hell: Cisco Posts Grim Email Crime Forecast

There are two main takeaways in Cisco’s “2017 Midyear Cybersecurity Report:” 

  1. Criminals are moving toward Destruction of Service attacks.
  2. Email has returned as the medium of choice for hackers.

Let's look at the worst first. Now we’re not trying to scare you, but the recent WannaCry and Nyetya attacks foreshadow what Cisco calls Destruction of Service.

These invasions are more damaging than traditional attacks, for they leave businesses with no way to recover, as Cisco puts it.   

One contributing factor is the Internet of Things, and related botnet activity.

But the threat is bigger than financial harm to companies. The end game is a massive attack that could “bring down the Internet itself,” Cisco predicts.

That’s a lot to absorb, so let’s retreat to the slightly less stressful world of email. 

Cisco saw a change in delivery tactics, from exploit kits to email. Spam volumes are rising, and will continue to do so. And bad actors increasingly require the victim to take action — say, by clicking on a link or opening a file.



That’s all it takes to activate “fileless malware” that resides completely in memory. This malware is harder to detect because it is wiped out when the device restarts, relying on anonymized and decentralized infrastructure, Cisco says. 

Meanwhile, ransomeware has been developing apace. Internet felons now rely on Ransomware-as-a-Service, a tool that can used “regardless of skillset,” Cisco notes. 

The threats are almost too numerous to mention.

One is the “business email compromise,” an under-reported social engineering attack that tricks companies into transferring money to the attacker. It’s a lucrative “threat vector,” Cisco says 

Then there’s spyware and adware. Once seen as a nuisance, these forms of malware can facilitate theft of information and wipe out a company  Of 300 firms studied by Cisco in a four-month period, 20% were infected by three spyware families.

Worse, many industries are unprepared for high-tech breaches. Only two-thirds investigate security alerts, and in industries like health care and transportation, the number is roughly half.

The good news? Cyber breaches drove at least modest security improvements in 90% of the affected companies. But again, some industries are less responsive.

Here are some findings by industry:

  • Public Sector — Cisco investigated threats and found that 32% of them are genuine. However, only 47% of those were squelched.
  • Retail — Of the companies studied, 32% lost revenue from attacks in the past year, and roughly 25% lost customers or business opportunities.
  • Manufacturing — Of the security professionals polled in this field, 40% lack a formal security strategy, and they do not follow standard security practices.
  • Utilities — Security professionals are up against targeted attacks and advanced persistent threats (APTs). (40 percent) were the most critical security risks to their organizations.
  • Healthcare — Perhaps the most sensitive area. Yet 37% see targeted attacks as high-security risks. 

What to do? Cisco recommends that you: 

  • Keep your infrastructure and applications up to date, the goal being to prevent attackers from exploit known weaknesses
  • Develop an integrated defense, so as to fight complexity. Avoid siloed investments.
  • Involve your corporate leadership as soon as possible. Make sure they understand the risks and rewards, in line with budgetary constraints.
  • Provide role-based security training for employees 

Keep your security processes top of mind.

Steve Martino, vice president and chief information security officer for Cisco, sums it up: "As recent incidents like WannaCry and Nyetya illustrate, our adversaries are becoming more and more creative in how they architect their attacks,” he states. “While the majority of organizations took steps to improve security following a breach, businesses across industries are in a constant race against the attackers.”

The only recourse is to make security a business priority, Martino concludes.  

Next story loading loading..