Welcome!

@CloudExpo Authors: Mehdi Daoudi, Elizabeth White, Astadia CloudGPS, Christoph Schell, Yeshim Deniz

News Feed Item

Cisco Annual Security Report Documents Unprecedented Growth of Advanced Attacks and Malicious Traffic

Threats Take Advantage of Expanding Attack Surface With New Techniques

SAN JOSE, CA -- (Marketwired) -- 01/16/14 -- Cisco (NASDAQ: CSCO) -- The Cisco 2014 Annual Security Report, released today, reveals that threats designed to take advantage of users' trust in systems, applications and personal networks have reached startling levels. According to the report, a worldwide shortage of nearly a million skilled security professionals is impacting organizations' abilities to monitor and secure networks, while overall vulnerabilities and threats reached their highest levels since 2000.

The report's findings offer a vivid picture of rapidly evolving security challenges facing businesses, IT departments and individuals. Attacker methods include socially engineered theft of passwords and credentials, hide-in-plain-sight infiltrations, and exploitation of the trust required for economic transactions, government services and social interactions.

Report Highlights

  • Increased sophistication and proliferation of the threat landscape. Simple attacks that caused containable damage have given way to organized cybercrime operations that are sophisticated, well-funded, and capable of significant economic and reputational damage to public and private sector victims.

  • Increased complexity of threats and solutions due to rapid growth in intelligent mobile device adoption and cloud computing provide a greater attack surface than ever before. New classes of devices and new infrastructure architectures offer attackers opportunities to exploit unanticipated weaknesses and inadequately defended assets.

  • Cybercriminals have learned that harnessing the power of Internet infrastructure yields far more benefits than simply gaining access to individual computers or devices. These infrastructure-scale attacks seek to gain access to strategically positioned web hosting servers, nameservers and data centers -- with the goal of proliferating attacks across legions of individual assets served by these resources. By targeting Internet infrastructure, attackers undermine trust in everything connected to or enabled by it.

Key Findings

  • Overall vulnerabilities and threats reached the highest level since initial tracking began in May 2000. As of Oct. 2013, cumulative annual alert totals increased 14 percent year-over-year from 2012.

  • The report indicates a shortage of more than a million security professionals across the globe in 2014. The sophistication of the technology and tactics used by online criminals -- and their nonstop attempts to breach networks and steal data -- have outpaced the ability of IT and security professionals to address these threats. Most organizations do not have the people or the systems to continuously monitor extended networks and detect infiltrations, and then apply protections, in a timely and effective manner.

  • One-hundred percent of a sample of 30 of the world's largest multinational company networks generated visitor traffic to Web sites that host malware. Ninety-six percent of networks reviewed communicated traffic to hijacked servers. Similarly, 92 percent transmitted traffic to Web pages without content, which typically host malicious activity.

  • Distributed Denial of Service (DDoS) attacks -- which disrupt traffic to and from targeted websites and can paralyze ISPs -- have increased in both volume and severity. Some DDoS attacks seek to conceal other nefarious activity, such as wire fraud before, during or after a noisy and distracting DDoS campaign.

  • Multipurpose Trojans counted as the most frequently encountered web-delivered malware, at 27 percent of total encounters in 2013. Malicious scripts, such as exploits and iframes, formed the second most frequently encountered category at 23 percent. Data theft Trojans such as password stealers and backdoors made up 22 percent of total web malware encounters. The steady decline in unique malware hosts and IP addresses -- down 30 percent between Jan. 2013 and Sept. 2013 -- suggests that malware is being concentrated in fewer hosts and fewer IP addresses.

  • Java continues to be the most frequently exploited programming language targeted by online criminals. Data from Sourcefire, now a part of Cisco, shows that Java exploits make up the vast majority (91 percent) of Indicators of Compromise (IOCs).

  • Ninety-nine percent of all mobile malware targeted Android devices. At 43.8 percent, Andr/Qdplugin-A was the most frequently encountered mobile malware, typically via repackaged copies of legitimate apps distributed via non-official marketplaces.

  • Specific business sectors, such as the pharmaceutical and chemical industry and the electronics manufacturing industry, have historically had high malware encounter rates. In 2012 and 2013, there was remarkable growth in malware encounters for the agriculture and mining industry -- formerly a relatively low-risk sector. Malware encounters also continued to rise in the energy, oil and gas sectors.

Supporting Quote

  • John N. Stewart, senior vice president, chief security officer, Threat Response Intelligence and Development, Cisco, said: "Although the Cisco Annual Security Report paints a grim picture of the current state of cyber security, there is hope for restoring trust in people, institutions and technologies -- and that starts with empowering defenders with real-world knowledge about expanding attack surfaces. To truly protect against all of these possible attacks, defenders must understand the attackers, their motivations and their methods -- before, during and after an attack."

Supporting Resources

About the Report
The 2014 Cisco Annual Security Report highlights the most important security trends of the year and provides tips and guidance to keep enterprise technology environments more secure. Cisco stays ahead of and shares the latest threats by using real-time threat intelligence from Cisco Security Intelligence Operations (SIO), and this year's report also incorporate's Sourcefire telemetry. Cisco SIO is the world's largest cloud-based security ecosystem, using more than 75 terabits of live data feeds from deployed Cisco email, web, firewall and intrusion prevention system (IPS) solutions.

About Cisco
Cisco (NASDAQ: CSCO) is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected. For ongoing news, please go to http://thenetwork.cisco.com.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

RSS Feed for Cisco: http://newsroom.cisco.com/rss-feeds

Add to Digg Bookmark with del.icio.us Add to Newsvine

Press Relations:
Doron Aronson
Cisco
408-424-3762
doaronso@cisco.com

Analyst Relations:
Trevor Bratton
Cisco
949-823-1212
trbratto@cisco.com

Investor Relations Contact:
John Choi
Cisco
408-526-6651
johnchoi@cisco.com

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

@CloudExpo Stories
There is a huge demand for responsive, real-time mobile and web experiences, but current architectural patterns do not easily accommodate applications that respond to events in real time. Common solutions using message queues or HTTP long-polling quickly lead to resiliency, scalability and development velocity challenges. In his session at 21st Cloud Expo, Ryland Degnan, a Senior Software Engineer on the Netflix Edge Platform team, will discuss how by leveraging a reactive stream-based protocol,...
"We are an IT services solution provider and we sell software to support those solutions. Our focus and key areas are around security, enterprise monitoring, and continuous delivery optimization," noted John Balsavage, President of A&I Solutions, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
SYS-CON Events announced today that Calligo, an innovative cloud service provider offering mid-sized companies the highest levels of data privacy and security, has been named "Bronze Sponsor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Calligo offers unparalleled application performance guarantees, commercial flexibility and a personalised support service from its globally located cloud plat...
As enterprise cloud becomes the norm, businesses and government programs must address compounded regulatory compliance related to data privacy and information protection. The most recent, Controlled Unclassified Information and the EU’s GDPR have board level implications and companies still struggle with demonstrating due diligence. Developers and DevOps leaders, as part of the pre-planning process and the associated supply chain, could benefit from updating their code libraries and design by in...
"Peak 10 is a hybrid infrastructure provider across the nation. We are in the thick of things when it comes to hybrid IT," explained Michael Fuhrman, Chief Technology Officer at Peak 10, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We were founded in 2003 and the way we were founded was about good backup and good disaster recovery for our clients, and for the last 20 years we've been pretty consistent with that," noted Marc Malafronte, Territory Manager at StorageCraft, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
DevOps at Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to w...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
"The Striim platform is a full end-to-end streaming integration and analytics platform that is middleware that covers a lot of different use cases," explained Steve Wilkes, Founder and CTO at Striim, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We are focused on SAP running in the clouds, to make this super easy because we believe in the tremendous value of those powerful worlds - SAP and the cloud," explained Frank Stienhans, CTO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We are still a relatively small software house and we are focusing on certain industries like FinTech, med tech, energy and utilities. We help our customers with their digital transformation," noted Piotr Stawinski, Founder and CEO of EARP Integration, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"DivvyCloud as a company set out to help customers automate solutions to the most common cloud problems," noted Jeremy Snyder, VP of Business Development at DivvyCloud, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
DX World EXPO, LLC., a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the time for a truly global DX event, to bring together the leading minds from the technology world in a conversation about Digital Transformation," he said in making the announcement.
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
Kubernetes is an open source system for automating deployment, scaling, and management of containerized applications. Kubernetes was originally built by Google, leveraging years of experience with managing container workloads, and is now a Cloud Native Compute Foundation (CNCF) project. Kubernetes has been widely adopted by the community, supported on all major public and private cloud providers, and is gaining rapid adoption in enterprises. However, Kubernetes may seem intimidating and complex ...
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
SYS-CON Events announced today that Datera, that offers a radically new data management architecture, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera is transforming the traditional datacenter model through modern cloud simplicity. The technology industry is at another major inflection point. The rise of mobile, the Internet of Things, data storage and Big...
"We focus on SAP workloads because they are among the most powerful but somewhat challenging workloads out there to take into public cloud," explained Swen Conrad, CEO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"MobiDev is a Ukraine-based software development company. We do mobile development, and we're specialists in that. But we do full stack software development for entrepreneurs, for emerging companies, and for enterprise ventures," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We've been engaging with a lot of customers including Panasonic, we've been involved with Cisco and now we're working with the U.S. government - the Department of Homeland Security," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.