Cisco: DDoS And Infrastructure Attacks Among The Biggest Threats In 2014
Meanwhile, the industry is missing almost a million cyber security professionals
The number of threats facing individuals and businesses online has grown 14 percent in a single year, according to the Annual Security Report published by Cisco.
Multipurpose Trojans proved to be the most widely-used type of malware in 2013, responsible for 27 percent of all infections, followed by malicious scripts (23 percent) and data theft Trojans (22 percent). Ninety-nine percent of all mobile malware targeted Android devices, with Andr/Qdplugin-A obtaining something of a celebrity status, since it was responsible for almost 44 percent of mobile infections.
Cisco has warned that the industry is being put under pressure by the rapid adoption of cloud technologies and the emergence of new types of networked devices as well as a worldwide cyber security skill shortage.
Bad year
The firm has been publishing the Annual Security Report for the past 13 years and predicts that in 2014 businesses will be facing increasingly sophisticated attacks from organised and well-funded cybercriminals that are a far cry from the ‘black hat’ hackers of old. Social engineering, a method used to psychologically manipulate victims in order to obtain sensitive information, is also set to be big in 2014.
According to the report, the number of security alerts issued around the world had grown 14 percent between October 2012 and October 2013. Data from Sourcefire, now a part of Cisco, indicates that Java continues to be the most frequently exploited programming language, involved in a whopping 91 percent of the so-called ‘indicators of compromise’.
The company says that the increase in the number of malware strains was mainly fuelled by the growing numbers of mobile devices and proliferation of cloud, which offered a greater “attack surface”. The arrival of new classes of devices, such as smart watches and smart glasses, is expected to expand the variety of malicious programs even further.
This year’s Consumer Electronics Show (CES) in Las Vegas featured wearable technology from Sony, Samsung, LG, Archos, Adidas, Garmin, Razer and dozens of other manufacturers. All of these devices are networked, and thus can be hacked – yet another headache for the CSO.
DDoS Threat
Cisco says that over the course of the past year, the Distributed Denial of Service (DDoS) attacks have increased in both volume and severity, and are now often used as a supporting tool, to divert attention from data theft.
“Over the past couple of years DDoS attacks have become an issue for a wide range of organisations as the spread of motivations behind them has broadened,” explains Darren Anstee, Solutions Architect Team manager at Arbor Networks. “DDoS attacks are now being used as a distraction from fraudulent activities, to disguise data exfiltration or for competitive takeout – DDoS is just one of the tools that cyber-criminals use to achieve their goals.
“To ensure protection from these threats, organisations must have multi-layered DDoS protection in place, using both cloud AND network-perimeter components.”
Meanwhile, the industry is facing a shortage of almost one million cyber security professionals, which means many smaller organisations simply don’t have resources to deal with the non-stop attempts to breach the networks and steal data.
“Although the Cisco Annual Security Report paints a grim picture of the current state of cyber security, there is hope for restoring trust in people, institutions and technologies – and that starts with empowering defenders with real-world knowledge about expanding attack surfaces,” commented John Stewart, SVP and CSO for Threat Response Intelligence and Development at Cisco.
What do you know about the towering might of Cisco? Take our quiz!