Twitter Facebook Google RSS
 
National Defense > Blog > Posts > 2014 Marked by Array of New Cyber Threats, Cisco Report Says
2014 Marked by Array of New Cyber Threats, Cisco Report Says
By Stew Magnuson
 


A mid-year report on the state of cyber security warns of new, insidious ways hackers are gaining access to corporate and private computers.
 
The Cisco 2014 Midyear Security Report
said of the 16 multinational corporations surveyed, some 90 percent of their computer systems were reaching out to corrupted IP hosts on the Internet.
 
Levi Gundert, senior expert on Cisco’s threat research, analysis and communications team, said there were 1,633 software  vulnerabilities discovered in the first half of the year with 28 of them being actively exploited.
 
The pharmaceutical and chemical industries saw the biggest increase in activity, with publishing and media following. Both nation-state actors, as well as criminals, are behind these attacks, although it isn’t always clear what their motivation may be, he said. The agriculture industry in the Asia-Pacific region also saw an increase in cyber attacks.
 
“We rarely get to see the motivations behind these attacks, but we do see the immense numbers,” he said in an interview prior to the report’s release Aug. 5.
 
“Mal-vertising” is the new buzzword as hackers use popular advertising exchanges to plant malware on unsuspecting users’ computers. Companies such as Google or AdNexus place the ads in slots on popular websites.
 
“Bad guys insert advertisements that do nothing but redirect users to the exploit kit landing site,” he said. “The websites don’t control it. The advertising exchange controls it,” he said. A computer landing on such a site can be infected with malware without the user clicking on the ad, he said.

The Senate Homeland Security and Governmental Affairs permanent subcommittee on investigations released a lengthy report about mal-vertising in May. Gundert said the major news organizations didn’t report much about it.
 
“These websites may be reluctant to report on this because it makes them look bad. And it’s nothing they can control other than severing their relationship with the advertising exchanges,” he said.
 
Just as an advertiser can target a specific demographic, hackers using mal-vertising can do the same.
 
“They will pay up front for the advertising, perhaps $2,000 or more per ad run, and instruct the companies to tell the ad exchanges to serve the ads as quickly as possible, leaving little time or no time for the ad content to be inspected,” the report said. Tracing the source later is next to impossible because the ad has vanished, it added.
 
Java continues to be the software favored by those searching for vulnerabilities, he said, with 93 percent of web exploits using it. Just updating Java isn’t always possible for companies, some of which base their enterprise applications on the software. Doing so could “break” their applications, he said.
 
“In some regards, it’s a little bit tricky to fix that. The bad guys love Java because there are a lot of holes,” Gundert said.

Unfortunately, there are a host of new toolkits that allow almost anyone with criminal intent to break into computers. Exploit kits are software packages hackers can purchase for as little as $1,500. They are designed to be easy to use. All it takes are basic computer skills to create and launch malware. Blackhole was the most popular kit until its creator was arrested last fall.

Sine the arrest, “We have seen an overall decrease in the amount of traffic driven by exploit kits, but we have seen a proliferation of new families that are being branded,” he said.
 
New exploit kit creators are competing with each other on price and customer service. They have turned their enterprises into a “software as a service model.” Users can log into a control panel, see how many computers in which countries they have infected, and which applications are being exploited.
 
As for Chinese hackers, Cisco hasn’t seen any decrease in activity coming from that country, despite protests from the U.S. government and the recent indictments by the Department of Justice of five military officers for allegedly engaging in economic espionage.
 
“We haven’t seen any change or amount of traffic … it continues the way it has,” said Gundert.

Photo Credit: Thinkstock

Comments

Re: 2014 Marked by Array of New Cyber Threats, Cisco Report Says

Have researched this for 3 years now and the answer is Linux. I run Ubuntu the most secure OS for ease of use for the masses. Just type in Google (Ubuntu most secure os) and read. It has been in hacking contest and Apple and Microsoft went down and most of the time Apple fell first. Ubuntu left unscathed.
Z Max at 8/7/2014 12:16 AM

Add Comment

Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Name: *

eMail *

Comment *

Title

Attachments

Name: *


eMail *


Comment *


 

Refresh
Please enter the text displayed in the image.
The picture contains 6 characters.

Characters *

  

Legal Notice *

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

 

 

Bookmark and Share