Evolving methods. Server-side attacks. Increasing use of encryption to evade detection. These are only a few of the threats from hackers that enterprise IT departments are having to contend with in 2016. But things are about to get even worse, and most companies are unprepared to face attacks of the future, according to a new report by Cisco.
A perfect storm of fragile infrastructures, poor network hygiene, and slow detection rates are providing malicious hackers with the perfect environments in which to operate while leaving most organizations unprepared for future strains of more sophisticated ransomware, according to the company’s 2016 Midyear Cybersecurity Report (MCR).
Spotlight on Ransomware
The MCR examines the latest threat intelligence gathered by Cisco Collective Security Intelligence. The report covers cybersecurity trends from the first half of the year, along with recommendations as to how organizations can improve security.
This year, the MCR’s “Cybercrime Spotlight” is focused squarely on ransomware. Ransomware is a type of malware that locks victims’ computers or encrypts their data, and then demands ransom to return control of the affected devices or files to the users. Ransomware is now the most profitable type of malware in history, according to the report.
Cisco said this trend will continue with even more destructive ransomware that can spread by itself and hold entire networks, and therefore companies, hostage. New modular strains of ransomware will be able to quickly switch tactics to maximize efficiency, the company added.
For example, future ransomware attacks will evade detection by limiting CPU usage and refrain from command-and-control actions. These new ransomware strains will also spread faster and self-replicate within organizations before coordinating ransom activities.
Undetected, Unprotected
One of the biggest challenges enterprises face in responding to threats from malware is the amount of time between when attacks begin and when they’re first detected by the organizations, a period known as “time to detection” (TTD). Companies are taking up to 200 days on average to detect attacks, giving hackers plenty of time and space in which to operate, according to Cisco.
“Attackers are going undetected and expanding their time to operate,” said Marty Roesch, vice president and chief architect, Security Business Group, Cisco, in a statement. “To close the attackers’ windows of opportunity, customers will require more visibility into their networks and must improve activities, like patching and retiring aging infrastructure lacking in advanced security capabilities.”
More time to operate translates to more profits for attackers, Roesch said. In fact, profits for hackers skyrocketed in the first half of the year, in part because attackers are broadening their focus to include server-side exploits in addition to client-side exploits, according to the MCR.
Cisco said it is witnessing a new trend in ransomware attacks exploiting server vulnerabilities, particularly JBoss servers. As many as 10 percent of Internet-connected JBoss servers worldwide have been compromised, according to Cisco. Many of the JBoss vulnerabilities used to compromise these systems were identified five years ago, meaning that basic patching and vendor updates could have easily prevented such attacks.
Hackers are also adapting their attack methods, with Windows Binary exploits becoming the top Web attack method over the last six months. This method provides a strong foothold into network infrastructures and makes these attacks harder to identify and remove.
Good (Digital) Housekeeping
Malicious actors are also being more careful to cover their tracks. Cryptocurrency, Transport Layer Security, and the Tor browser have all become more commonly used by hackers in the last six months.
One of the biggest problems is that enterprises aren’t patching or updating critical applications, according to Cisco. The more critical applications are to business operations, the less likely they will be patched regularly, making them some of the most vulnerable points of network infrastructures.
Still, there are plenty of actions companies can take to better protect themselves. Better network hygiene, including consistently monitoring network activity, deploying patches and upgrades in a timely manner, compartmentalization, and defenses at the network’s edge, are all crucial elements of a secure network.
Cisco said companies should also work to integrate their network defenses with each other, back up critical data, and measure their TTD to ensure they are addressing threats as quickly as possible.