All corporate networks examined by Cisco Systems are hosting malware with network penetrations going undetected for long periods, according to the latest annual report from networking equipment maker Cisco Systems.
“Most organisations, large and small, have already been compromised and don’t even know it. One hundred per cent of business networks analysed by Cisco have traffic going to websites that host malware,” the report claims.
Conducted in association with Sourcefire, which Cisco acquired in mid-2013, the report warns that the threats organisations face from cyber-crime today are many times more sophisticated than ten years’ ago. Today’s threats are more than just irritants, but are often well-funded and can cause major disruption.
“The cyber-crime network is expanding, strengthening, and, increasingly, operating like any legitimate, sophisticated business network. Today’s cyber-criminal hierarchy is like a pyramid.
“At the bottom are the non-technical opportunists and ‘crimeware-as-a-service’ users who want to make money, a statement, or both with their campaigns.

In the middle are the resellers and infrastructure maintainers-the ‘middlemen’.

At the top are the technical innovators – the major players who law enforcement seeks most, but struggles to find,” claimed the report.
Furthermore, adversaries are becoming more sophisticated and increasingly conducting in-depth surveillance before launching attacks.
“Many actors in the so-called ‘shadow economy’ also now send surveillance malware to collect information about an environment, including what security technology is deployed, so they can target their attacks.
“This pre-exploit reconnaissance is how some malware writers can be sure their malware will work. Once embedded in a network, the advanced malware they design can communicate with command-and-control servers on the outside and spread laterally across infrastructure to carry out its mission – whether it’s the theft of vital data or the disruption of critical systems.”
In terms of exploits, Oracle’s Java “continues to be the most frequently exploited target by online criminals, according to Cisco data”. Java compromises comprise more than 90 per cent of attacks, according to Cisco, due to its ubiquity, combined with Oracle’s lackadaisical attitude to issuing patches.
Cisco goes as far as to recommend simply disabling Java in the browser to prevent drive-by, browser based attacks, and comprehensive patch management. 

Leave a Reply