Cisco raises alarm on rise, sophistication of cyber attacks
GROWTH profile of cyber attacks may continue to be on the increase, until concerted efforts are put in place by government, private sector and individuals to check the menace, especially in emerging markets, including Nigeria.
Going by Cisco’s Midyear Security Report, which analyzed threat intelligence and cybersecurity trends, beyond the coming together of both the public and private sector against this menace, it revealed the critical need for organizations to reduce time to detection (TTD) in order to remediate against sophisticated cyber attacks by highly motivated threat actors.
The report covered two main areas of threat intelligence and analysis and observations. According to Cisco, the threat intelligence gives an overview of the latest threat research where criminals’are increasing use of macros involving Microsoft Office; malware, spam messages to exploit unsuspecting victims.
The analysis and observations part focusses on security industry consolidation and the emerging concept of integrated threat defense. The report discusses how a cohesive cyber-governance framework can be a step toward sustaining business innovation and economic growth on the global stage.
It disclosed that adversaries continue to innovate as they slip into networks undetected and evade security measures. The study also observed that exploits of Adobe Flash vulnerabilities are increasing. It stressed that they are regularly integrated into widely used exploit kits such as angler and nuclear.
The Angler Exploit Kit represented the types of common threats that will challenge organizations as the digital economy and the Internet of Everything (IoE) create new attack vectors and monetization opportunities for adversaries.
It noted that operators of crime ware, like ransomware, are hiring and funding professional development teams to help them make sure their tactics remain profitable.
Accordingly, it said that criminals are turning to the anonymous web network Tor and the Invisible Internet Project (I2P) to relay command-and-control communications while evading detection. “Adversaries are once again using Microsoft Office macros to deliver malware.
It’s an old tactic that fell out of favor, but it’s being taken up again as malicious actors seek new ways to thwart security protections. Some exploit kit authors are incorporating text from Jane Austen’s classic novel Sense and Sensibility into web landing pages that host their exploit kits.
Antivirus and other security solutions are more likely to categorize these pages as legitimate after “reading” such text. “Malware authors are increasing their use of techniques such as sandbox detection to conceal their presence on networks”, it stated.
While calling for action, the report observed that the innovation race between adversaries and security vendors is accelerating, placing end users and organizations at increasing risk.
It advised that vendors must be vigilant in developing integrated security solutions that help organizations be proactive and align the right people, processes, and technology.
According to the General Manager, Cisco Nigeria, Ghana, Liberia and Sierra Leone, Dare Ogunlade, “Organizations in Nigeria cannot just accept that compromise is inevitable, even if it feels like it today.
The technology industry must up the game and provide reliable and resilient products and services, and the security industry must provide vastly improved, yet meaningfully simplified, capabilities for detecting, preventing, and recovering from attacks.
This is where Cisco is leading.” Ogunlade said Cisco regularly told that business strategy and security strategy are the top two issues for our customers, and they want trusted partnerships with us.
According to him, trust is tightly linked to security, and transparency is key so industry-leading technology is only half the battle. ‘We’re committed to providing both: industry-defining security capabilities and trustworthy solutions across all product lines.
The report findings also underscore the need for businesses to deploy integrated solutions vs. point products, work with trustworthy vendors, and enlist security services providers for guidance and assessment.”