Cisco’s Mid-Year Cybersecurity Report reveals that cybercriminals generate roughly $34 million a year targeting companies by spreading huge amounts of powerful ransomware. The security firm adds that ransomware attacks have become extremely profitable and enterprises are on the top of the black list.
“Defenders are not protecting systems in a way that matches how attackers do their work. Although defenders have evolved their strategies and tools for fighting online criminals, attackers are still permitted far too much unconstrained time to operate.” – Cisco wrote – “Lack of visibility is the problem, leaving users open to attacks. Security professionals’ reliance on point solutions and a “triage” approach—trying to stop attacks here and there, instead of looking holistically at security challenges—is playing to attackers’ strengths.”
Cisco`s report emphasizes on some critical points:
- Adobe Flash vulnerabilities are still being leveraged by Exploit kits, which have been of huge help for ransomware to become so dangerous. According to Cisco`s researchers, 80% of the successful Nuclear exploit kit`s attacks were against Flash.
- JBoss software application vulnerabilities are also opening door for crooks to spread ransomware. The number of JBoss compromises has notably risen within server, exposing them to easy attacks.
- There is a non-stopping process of improvement in ransomware distribution techniques to ensure profit generation and impact maximization.
- In the course of seven months Cisco analysts detected that malicious activity in HTTPS traffic has increased by 500%. Crooks use HTTPS traffic encryption to expand their time to operate and hide their web activity.
- Malware samples reveal that crooks are trying to conceal their activity by using Transport Layer Security traffic encryption. What concerns experts about these case, though, is that the deep-packed inspection is useless as a security tool.
- The majority of users fails to download and install the patches on time, even though they are available almost at the same time vulnerabilities are found. This tricky gap provides the attackers with plenty of time to run their exploits.
- The security firm created a sample set of Cisco devices which can show the ages of known vulnerabilities which are still running. 23% of them run vulnerabilities which appeared in 2011 and 16% – even in 2009. The reason Cisco did this was to show organizations what not properly maintaining aging infrastructure or patching vulnerable operating systems can lead to.
- Cybercriminals have become more and more creative when it comes to breaking security defenses. A recent example includes the Nuclear exploit kit which, instead of dropping different pieces of ransomware, was detected to be spreading the Tor software. This is a smart move considering that Tor is used for anonymous communication and the payload which has been dropped is very difficult to track as unidentified.
The report also stresses on some helpful tips companies should no neglect but use to improve their security systems:
- Develop and test an after attack plan which will make sure the business will be back on track as soon as possible even if it have been hit by ransomware.
- Be a little more cautious when it comes to SSL certificates and HTTPS connections.
- Release patches for announced vulnerabilities as soon as possible, including for routers and switches that are the components of critical Internet infrastructure.
- Periodically inform and update users about cyber threats.
In a blog, Cisco strongly advised all users to systematically back up their data, to use patches and to upgrade aging infrastructure systems on regular bases. The firm also add that in order to avoid outside movement and distribution users should employ password management and segmentation, to upgrade aging infrastructure systems.
“We expect the next wave of ransomware to be even more pervasive and resilient. Organizations and end users should prepare now by backing up critical data and confirming that those backups will not be susceptible to compromise. They must also ensure that their backup data can, in fact, be restored quickly following an attack. For enterprises, restoration can be a major undertaking; therefore, being proactive about identifying potential bottlenecks is essential. Organizations should also confirm that known vulnerabilities in their Internet infrastructure and systems have been patched,” Cisco wrote.
Cisco researchers alarm that, based on trends, a strong wave of a new “self-propagating” ransomware is expected. Users are recommended to take precautions on time because, as countless examples have show, when cybercriminals spot a gap in which nothing is happening they use it and come up with unthinkable ways to take advantage of both users and networks.