Cisco has released its 2014 Midyear Security Report, which examines the “weak links” in organizations that contribute to the Middle East’s increasingly dynamic threat landscape.
In the Middle East, geopolitical events are creating new trends in the cyber realm, expanding the risk landscape for businesses, governments, and other organizations and individuals.
Due to recent drought, floods, and unrest affecting supplies and infrastructure across the wider Europe, Middle East, Africa, and Russia (EMEAR) region, the top five most at-risk industry verticals for mobile malware encounters during the first half of 2014 were agriculture and mining, transportation and shipping, food and beverage, government, and media and publishing. In EMEAR, food and beverage saw the highest number of web malware encounters.
As a result, weak links – outdated software, bad code, abandoned digital properties, or user errors – contribute to the adversary’s ability to exploit vulnerabilities, with methods such as DNS queries, exploit kits, amplification attacks, point-of-sale (POS) system compromise, malvertising, ransomware, and infiltration of encryption protocols, social engineering and “life event” spam.
The report also shows that focusing on only high-profile vulnerabilities rather than on high-impact, common and stealthy threats put these organizations at greater risk. By proliferating attacks against low-profile legacy applications and infrastructure with known weaknesses, malicious actors are able to escape detection as security team’s focus instead on boldface vulnerabilities, such as Heartbleed.
Globally, researchers closely examined 16 large multinational organizations, which, as of 2013, collectively controlled over $4 trillion in assets with revenues in excess of $300 billion. This analysis yielded three compelling security insights tying enterprises to malicious traffic:
- “Man-in-the-Browser” attacks pose a risk for enterprises: Nearly 94% of customer networks observed in 2014 have been identified as having traffic going to websites that host malware.
- Botnet hide and seek: Nearly 70% of networks were identified as issuing DNS queries for Dynamic DNS Domains. This shows evidence of networks misused or compromised with botnets using DDNS to alter their IP address to avoid detection/blacklist.
- Encrypting stolen data: Nearly 44% of customer networks observed in 2014 have been identified as issuing DNS requests for sites and domains with devices that provide encrypted channel services, used by malicious actors to cover their tracks by exfiltrating data using encrypted channels to avoid detection like VPN, SSH, SFTP, FTP, and FTPS.
- The number of exploit kits has dropped by 87% since the alleged creator of the widely popular Blackhole exploit kit was arrested last year, according to Cisco security researchers. Several exploit kits observed in the first half of 2014 were trying to move in on territory once dominated by the Blackhole exploit kit, but a clear leader has yet to emerge.
- Java continues its dubious distinction as the programming language most exploited by malicious actors. Cisco security researchers found that Java exploits rose to 93% of all indicators of compromise (IOCs) as of May 2014, following a high point of 91% of IOCs in November 2013 as reported in the Cisco 2014 Annual Security Report.
- Unusual upticks in malware within vertical markets. For the first half of 2014, worldwide the top three verticals most at risk for web malware encounters were media and publishing, pharmaceutical and chemical, and aviation.
Eng. Osama Al Zoubi, Senior Manager, Systems Engineering – Cisco KSA, said: “While Middle East companies are innovating their future using the Internet, they face unprecedented risks caused by situations out of their control – from geopolitical events to natural disasters. As a result, company executives need to understand, create awareness, and manage cyber risks and weaknesses in the security chain. Starting from the most senior level, Middle East businesses must make cyber security a business process, and deploy cyber security solutions that cover the entire attack continuum – before, during, and after a cyber-attack.”
Wednesday, August 20- 2014 @ 9:59 UAE local time (GMT+4) Replication or redistribution in whole or in part is expressly prohibited without the prior written consent of Mediaquest FZ LLC.