the winxnet blog Blog Header Image

Cisco Midyear Cybersecurity Report and What It Means

Posted on 8/7/2017 1:45:32 PM by Dr. Eugene Slobodzian
Category: Security & Compliance



The Cisco 2017 Midyear Cybersecurity Report (MCR), released in July, uncovers the increasing magnitude of attacks and forecasts potential ‘destruction of service’ (DeOS) attacks.

This report states that the DeOS attacks could eliminate organizations’ backup solutions and other safety nets that restore data after an attack.  This will continue to be more of an issue as the Internet of Things (IoT) continues to evolve and industries are bringing more operations online, increasing attack surfaces and the potential impact of these threats.

The recent cyber security attacks, such as WannaCry and Petya, seem like traditional ransomware attacks but are much more destructive. These incidents foreshadow what Cisco is calling destruction of service attacks, which will leave organizations extremely vulnerable with no way to recover from attacks.

Cisco security researchers watched the evolution of malware for the first half of 2017 and identified shifts in hacking trends. For example, hackers are now more frequently requiring victims to activate threats by clicking on links or opening files. Hackers are also developing file-less malware that lives in memory and is much harder to detect or investigate as it is wiped out when a device restarts.

Here are a few other trends and changes researchers noticed:

  1. Spam: Spam volumes are significantly increasing to distribute malware and generate revenue. Cisco researchers predict that the number of malicious attachments will continue to rise.

  2. Spyware: Cisco research sampled 300 companies over a four-month period and found that three prevalent spyware families infected 20 percent of the sample. In a business environment, spyware can steak user and company information, weaken security, and increase malware infections.

  3. Ransomware: Ransomware attacks have been making headlines and reportedly brought in over $1 billion in 2016. Business email compromise (BEC) is a social engineering attack in which an email is designed to trick organizations to transfer money to attackers and is becoming more lucrative. The Internet Crime Compliant Center states that between October 2013 and December 2016, $5.3 billion was stolen via BEC.

If you have questions and are interested in learning how your business can stay secure, then it’s time for a serious conversation with our experts.