Despite the efforts made to improve cybersecurity at many organizations, there are too many systems with aging infrastructure and vulnerabilities that leave companies at risk, with ransomware one of the most sinister threats, according to a new Cisco report.
Ransomware is a top concern because it’s become an area of intense focus for cybercriminals due to its effectiveness at generating revenue. Once a cybercriminal hacks into a company’s files and encrypts them, victims have little option but to pay the asking price for the code to decrypt their files. Ransomware is becoming more ominous as new versions are continually being developed.
“The landscape is simple. Attackers can move at will. They’re shifting their tactics all the time. Defenders have a number of processes they have to go through,” said Jason Brvenik, principal engineer with Cisco’s security business group, discussing the Cisco 2016 Midyear Cybersecurity Report.
Cisco used data from its customers to create the report, since there are more than 16 billion web requests that go through the Cisco system daily, with nearly 20 billion threats blocked daily, and with more than 1.5 million unique malware samples daily, which works out to 17 new pieces of malware every second, Brvenik said.
Brvenik has the following recommendations for companies wanting to improve security:
Improve network hygiene – Improve aging infrastructure to limit vulnerabilities.
Integrate defenses – Use machine learning techniques combined with novel data views.
Measure time to detection – Find out how long an attacker can live in your network before they are found.
Protect your users everywhere they are – Protect users whether they’re on a laptop, a smartphone, or another device. Don’t just protect networks but protect users. They are the target.
The next step in the evolution of malware will be ransomware 2.0, which Brvenik said “will start replicating on its own and demand higher ransoms. You’ll come in Monday morning and 30% of your machines and 50% of your servers will be encrypted. That’s really a nightmare scenario.”
Ransomware campaigns started out primarily through email and malicious advertising, but now some attackers are using network and server-side vulnerabilities as well. Self-propagating ransomware will be the next step to create ransomware 2.0, and companies need to take steps to prepare and protect their company’s network, Brvenik said.
New modular strains of ransomware will be able to quickly switch tactics to maximize efficiency. For example, future ransomware attacks will evade detection by being able to limit CPU usage and refrain from command-and-control actions. These new ransomware strains will spread faster and self-replicate within organizations before coordinating ransom activities, according to the report.
The report detailed one widespread campaign that appeared to target the healthcare industry earlier this year. It used the Samas/Samsam/MSIL.B/C (“SamSam”) ransomware variant, which was distributed through compromised servers. The attackers used the servers to move laterally through the network and compromise additional machines, which were then held for ransom, according to the report.
JexBoxx, an open source tool for testing and exploiting JBoss application services, had been used to allow the attackers to gain access to networks in the targeted companies. Once the attackers had access to the network, they encrypted multiple Windows systems using SamSam.
Overall, in all aspects of cybersecurity, there are too many companies with vulnerabilities that haven’t been addressed. Out of 103,121 Cisco devices connected to the internet that were studied for the report, each device on average was running 28 known vulnerabilities. The devices were actively running known vulnerabilities for an average of 5.64 years, and more than 9 percent had known vulnerabilities older than 10 years, according to the report.
“In April, Cisco estimated that 10% of all JBoss servers worldwide were compromised. And they were compromised using readily available tools and old vulnerabilities. Adobe Flash is still a favorite. It gives a viable attack surface for them. And we see Microsoft Silverlight vulnerabilities. This means to us that people are opportunizing those that work for them,” Brvenik said.
Brevik noted that the nature of the attack is also likely to change, focusing on service-oriented technologies and systems, with teams ready to attack and try to compromise systems. Advertising is a viable model for attack.
“We saw a 300% increase in the use of HTTPS with malware over the past four months. Ad injection is the biggest contributor. Adversaries are using HTTPS traffic to expand time to operate. That’s the attacker opportunity as it exists today,” he said.
It’s no longer reasonable to expect to block 100% of threats, but being able to detect the threat fast, and limit the time the attacker is in your system is key to minimizing the damage. In December 2014, the median time before an attack was detected was 50 hours. In April 2016, it dipped to a median of 13 hours for the previous six months, Brvenik said.
“It is a living number as defenses improve and attackers change. This is good. It says that for the customers that have these systems, when they are compromised, they’re now down to 13 hours as a median time to detect it. I wouldn’t leave the door to my house open for 13 hours; and that’s what you’re doing when you leave your door open to attackers for 13 hours.”
Industries that previously thought they were immune because their business was of little interest to attackers are wrong.
“No industry is safe,” Brvenik said. “Assuming that what you do is of no interest to attackers is not a good way to think of it.”
Ransomware 2.0 is Coming and It’s a Major Threat was last modified: January 26th, 2017 by Austin Campbell
Donna Martin – IS Supervisor, Nucor Steel Tuscaloosa, Inc.
I just wanted to let you know what a great job Randy did when he came to our site last week for our exchange upgrade. He really showed his professionalism and knowledge and was great at solving any unforeseen issues that arose. I would welcome him to our plant anytime! Thanks for the great job. It made the upgrade seamless and was one of the easiest upgrades we have ever done.
Donna Martin - IS Supervisor
Nucor Steel Tuscaloosa, Inc.
Ben Rogers – Carolina Neurosurgery & Spine Assoc.
I wanted to take the time to let you know how valued your organization is to ours… I feel we have a powerhouse team for our network vendor.
Carolina Neurosurgery & Spine Assoc.
Richard Barnette – Shelco
AT-NET did great work in understanding our goals for implementation and coordinating resources to complete the project in a way that exceeded our expectations by finishing on time and on budget.
Richard Haberkern – Telespial Systems
Thank you very much for helping my company on its path to success. Your timely and courteous response to our technical issues has helped us a great deal, especially during tough economic times.
Richie Griffin – Griffin Home Health Care
I just wanted to take an opportunity to let you know that Rhyne is an asset to your company as far as I am concerned. Each and every time he has come out he has been attentive to detail, very knowledgeable and a pleasure to work with. He is, by far, the best tech that we have worked with and we appreciate his help.
Griffin Home Health Care
Connie Brendle – Magla Products, LLC
Just wanted to send a quick note to THANK you both for your help last week. Everything must be running without problems, I haven’t heard anything from the north today! That’s a good thing. Thanks so much for your patience and your quick response in getting us the hardware and software that we needed.
Magla Products, LLC
Jim Davidson – Acryness
We were really impressed with Randy – he understood our sensitivity to the issue and did his best to get us up and running as fast as possible, something we really appreciated.
Amy Macari – Carolina Premier Bank
I just wanted to let you know that things are going very well at the branch. Randy has done an amazing job of getting everyone up and running. It is always a pleasure to work with you and your staff and I am truly appreciative of all of the time and effort that has been put in especially over this past week and last weekend.
Carolina Premier Bank
Tim Kipp – Wikoff Color Corp.
I would like to say we really appreciate Patrick’s dedication and hard work. He is very knowledgeable, thorough, and professional. He is an asset to your company and ours. His result’s have been fast, furious, and accurate. Thank you again for making Patrick available to us during this transition.
Wikoff Color Corp.
Dave Kirkland – Nucor Steel
Joel and Randall are today’s heroes! We successfully rolled out and synched everything this morning!!! Woot….woot!! Thank you for your support! You guys rock!