A ransomware infection is only the beginning of your malware problems: Cisco

Ransomware is increasingly being used as a 'canary in a coal mine' by attackers who are testing victims' defences in preparation for more insidious targeted attacks later on, the head of Cisco's regional security practice has warned as the company's latest cybersecurity report warns businesses to improve their detection capabilities and security hygiene or risk immolation by online attackers.

The Cisco 2016 Midyear Cybersecurity Report warned that a “highly vulnerable hodgepodge of web browsers, applications, and infrastructure has created a fragile foundation” for security. The problem was compounded, the report warned, because businesses become less likely to upgrade the more complex their network infrastructure becomes.

With businesses falling well behind the curve in applying patches to cover vulnerabilities – Internet devices had 28 known vulnerabilities each on average, with 885,918 of 3 million observed Apache httpd server installs for example, noted to have vulnerabilities.

Cisco's security team highlighted concerns that an increase in vulnerabilities involving cryptography and authorisation “are signs that treat actors are now seeking to tamper with secure connections” – often undetected, with studied organisations taking an average of 200 days to detect malware infections; Cisco claimed its median time to detection (TTD) was 13 hours in the six months through April.

The firm's analysis of ransomware actors highlighted the “resilient” attacks they had created, noting that “innovators in the space... took their malware to an entirely new level of effectiveness when they began using cryptographically sound file encryption.” Indeed, ever more-resourceful attackers were proving themselves highly resilient and flexible at adapting attacks to be ever more effective.

This, ANZ general manager of security Anthony Stitt said in a statement, created interplay between ransomware and malware strains that used similar vectors of attack and used ransomware to test victims' defences before launching follow-up stealth attacks.

“If a business or individual is having problems with ransomware, this is sending the message that their IT environment is vulnerable and being exploited,” Stitt said. “Once inside, threats are able to move around unseen for hundreds of days at a time. Practically every major breach is an example of this, which is demonstrative of the need for organisations to dramatically improve their ability to find 'in-progress' problems before they escalate.” “'Point-in-time' solutions just don't cut it anymore; visibility and control are crucial for organisations, whether it be before, during or after attacks.”

Government guidance The report flagged “regulatory complexity and contradictory cybersecurity policies” at the national level as causing problems for international commerce, with “unconstrained” attackers sending profits from malware activities skyrocketing thanks to an expanding focus for attacks, evolving attack methods, and success in using encryption to obscure their operations from discovery.

Ransomware remains the most financially successful style of malware attack – a recent CyberArk study pegged losses to ransomware at $US325m last year alone – attackers are successfully monetising new aspects of the malware ecosystem, with adware recently found to be providing a modest profit for its purveyors.

This success is also creating ethical issues for victims – especially Australian businesses that may be inadvertently funding organised crime in deciding to accept ransomware as a cost of doing business. “Poorly protected devices and software open up operational space to adversaries,” the report warned. “It's up to you to eliminate it. Priority must be placed on reducing unconstrained operational space and making adversary presence known.”

Join the CSO newsletter!

Error: Please check your email address.

Tags hackersANZciscoCyberArkTTDencryptionIT environmentransomwaremalwareransomware attackscyber security

More about ApacheCiscoCyberArk

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts