Fragile infrastructure, poor network hygiene, and slow detection rates are providing ample time and cover for hackers to operate
So far in 2016, ransomware has become the most profitable malware type in history, said a report from Cisco. The US-based network security giant Cisco expects to see this trend continue with even more destructive ransomware that can spread by itself and hold entire networks, and therefore companies, hostage.
According to the Cisco 2016 Midyear Cybersecurity Report (MCR), new modular strains of ransomware will be able to quickly switch tactics to maximise efficiency. For example, future ransomware attacks will evade detection by being able to limit CPU usage and refrain from command-and-control actions. These new ransomware strains will spread faster and self-replicate within organisations before coordinating ransom activities.
The report also finds that organisations are unprepared for future strains of more sophisticated ransomware. Fragile infrastructure, poor network hygiene, and slow detection rates are providing ample time and air cover for adversaries to operate. According to the report’s findings, the struggle to constrain the operational space of attackers is the biggest challenge facing businesses and threatens the underlying foundation required for digital transformation.
Other key findings in the Midyear Cybersecurity Report include adversaries expanding their focus to server-side attacks, evolving attack methods and increasing use of encryption to mask activity. On the security challenge, report says, visibility across the network and endpoints remains a primary challenge. On average, organisations take up to 200 days to identify new threats.
As attackers innovate, many defenders continue to struggle with maintaining the security of their devices and systems. Unsupported and unpatched systems create additional opportunities for attackers to easily gain access, remain undetected, and maximise damage and profits. The report shows that this challenge persists on a global scale. While organisations in critical industries such as healthcare have experienced a significant uptick in attacks over the past several months, the report’s findings indicate that all vertical markets and global regions are being targeted.
The report claims that in the first half of 2016, clubs and organisations, charities and non-governmental organisation (NGOs), and electronics businesses have all experienced an increase in attacks. The finding also says that on the world stage, geopolitical concerns include regulatory complexity and contradictory cybersecurity policies by country and the need to control or access data may limit and conflict with international commerce in a sophisticated threat landscape.
“As organisations capitalise on new business models presented by digital transformation, security is the critical foundation. Attackers are going undetected and expanding their time to operate. To close the attackers’ windows of opportunity, customers will require more visbility into their networks and must improve activities, like patching and retiring aging infrastructure lacking in advanced security capabilities,” said Marty Roesch, vice president and chief architect, security business group, Cisco in a statement.
The Cisco 2016 Midyear Cybersecurity Report examines the latest threat intelligence gathered by Cisco collective security intelligence. The report provides data-driven industry insights and cybersecurity trends from the first half of the year, along with actionable recommendations to improve security posture.