In its newly-released 2014 Midyear Security Report, Cisco is warning enterprises that, while they still need to focus on plugging high-profile vulnerabilities in their network defense system, they can’t afford to ignore more mundane weak links such as outdated software, flawed code, user errors, or abandoned digital properties – because doing so plays right into the hands of bad actors who are counting on slipping through these overlooked entry points to deploy malware.
The Report, which examined practices, policies, and technology at 16 large multinational enterprises, identified three low-profile attack vectors in particular that bad actors are routinely using to expose enterprises to malware and carry out their illicit agendas:
- Man-in-the-Browser (MiTB) attacks, which use a proxy Trojan to exploit browser vulnerabilities and allow bad actors to covertly modify web pages, change transactions, insert data, and perform other illicit activities. Cisco researchers found that in the first half of 2014 almost 94% of customer networks drove traffic to malware-hosted websites.
- Botnet attacks, which are using DDNS to change their IP and avoid detection by enterprises that aren’t automatically and continuously scanning outbound traffic for Command and Control sever communication. Cisco researchers found that in the first half of 2014, nearly 70% of customer networks issued DNS queries for DDNS domains.
- Encrypting stolen data via VPN, SSH, SFTP, FTP, FTPS, etc. Cisco Researchers found that in the first half of 2014 nearly 44% of customer networks issued DNS requests for websites/domains with devices that offer encrypted channel services.
Unsurprisingly, the researchers affirmed that Java remains the programming language of choice for bad actors, with Java exploits comprising a whopping 93% of all Indicators of Compromise (IOCs) for the first four months of the year.
With respect to web malware encounters, The Report also noted that the top three high-risk verticals by industry in the first half of the year were media & publishing, followed by pharmaceutical, the chemical industry, and aviation. Regionally, the most affected verticals were media & publishing in the Americas, food & beverage in EMEA, and insurance in Asia-Pacific, China, Japan, and India.
Ultimately, the takeaway for enterprises in all verticals – and not just those making the Report’s dubious list – is they need to take a deeper and clearer look at their network security system, and ensure that it’s equipped to detect both high-profile and low-profile vulnerabilities.
To help your enterprise focus its analysis and ask critical questions before a costly malware attack – rather than after – we invite you to download our free white paper, “How to Find and Remove the Attacker that Has Already Passed Through Your Traditional Defenses.”
The post Malware Exploits Network Security Weaknesses appeared first on Seculert Blog on Advanced Threats and Cyber Security.
