Archiv für die Kategorie: News

Source:: Innovaphone

Source:: Innovaphone

By Hazel Burton Today we launch our 2019 Threats of the Year report; a look back at the major tools and tactics that cybercriminals have exploited over the past year.
Based on original research conducted for our ‘Threat of the Month‘ blog series, we look into the impact of directed attacks against specific organizations, and how we can defend ourselves against these types of attack.
We also look at non-direct attacks – the attacks that are more of a numbers game for cybercriminals. In this case they are looking to hit as many victims as possible, without regard for the organizations or individuals that they affect.
Finally, we look at the cybercriminal ‘toolkit‘. From remote access trojans, to hiding threats in encrypted traffic, we’ve seen various innovations in how cybercriminals have evaded detection this year.
As we look towards the end of the year (and decade), we also sought perspectives from Cisco Security experts looking back at 2019. When asked what one particular threat stood out this year, and to offer a New Year’s resolution for 2020 that all organizations could consider adopting, here’s what they said:
Martin Lee, Talos (Cisco Threat Intelligence)
This year will be remembered as the year when we saw that DNS data, as well as TLS certificates, could be ‘fake news‘.
Although sporadic malicious activity had previously compromised DNS data, the discovery of the Sea Turtle campaign showed that DNS information could be compromised wholesale by attackers taking over top-level registries.
Consequently, legitimate domain-validated TLS certificates were granted to the attackers – since they controlled the domain’s DNS entries, meaning that the impersonation checking within TLS connections was subverted also. Attackers could thus divert a user from accessing a legitimate system to connect them to a malicious server while presenting a valid TLS certificate to authenticate the connection.
New Year’s resolution for 2020
Enable multi-factor authentication on every system that can support it. Passwords have never been a 100 percent effective or a secure mechanism for authenticating users. You can add two-factor authentication (2-FA) to all your system accounts so that even if someone steals or cracks your password, they can’t impersonate you to gain access to valuable data.
Andrea Kaiser, Cisco Umbrella (Protecting the DNS layer)
Malspam, or malicious unwanted email is still the predominant method used to cast a wide net and get up close and personal with the most vulnerable part of a network: users.
In 2019 we saw the Emotet botnet continue to spread malicious payloads and grow its victim base, expanding its malware-as-a-service tactic. Trickbot, Qakbot, IcedID, and Gootkit all spread through malicious document attachments as some of the payloads pushed by the Emotet botnet in 2019.
Emotet added the ability to hijack email threads by injecting responses into old or ongoing conversations from users‘ email. The new response can include links or malicious attachments to download Emotet.
This is all possible due to Emotet’s ability to steal email content and mail account credentials. The initial access and further propagation of the botnet relies on the distribution of malspam. This past year showed that we need to be vigilant in looking for targeted social engineering attacks in our inboxes.
New Year’s resolution for 2020
Social engineering is a threat that can affect you regardless of it being used as a tactic of malware. It can be used in any social setting to gain sensitive information. Often times, all one needs to start the process is a tiny bit of information about a person – such as the year you graduated or the city in which you were born. That one seed of information can lead to a path to compromise your personal data. My recommendation for your New Year’s resolution is to limit the online availability of your personal information. Take a look out our Consumer Data Privacy report to learn more.
Patrick Garrity, Cisco Duo (Access/Multi-Factor Authentication Security)
For those of us in access security (endpoint and MFA), we’re concerned about exploits targeting device operating system and browser software.
This year, two major examples affected the Google Chrome browser, including a zero-day vulnerability impacting all major operating systems, including Windows, Apple’s MacOS and Linux.
The vulnerability was a ‘use-after-free‘ type, which is a memory corruption flaw that allows a threat actor to exploit modified data in the memory of a machine and escalate privileges on that machine. This means if a user opens a PDF in a compromised Chrome browser, an attacker can hijack the browser to gain access to their machine.
While Google quickly released a patch to protect against this vulnerability, it’s an important example to highlight the importance of gaining visibility into your users‘ endpoints running out-of-date software and browsers.
New Year’s Resolution for 2020
Make sure your devices are up to date by regularly obtaining visibility into the security status of your users‘ devices. Then notify users of their out-of-date software and enforce policies that require software updates before allowing access to applications. Or, block access from any device that doesn’t meet your organization’s policies or requirements.
To find out more about these and other threats of 2019, download the Cisco 2019 Threats of the Year report.
Sign up here to receive our Threat of the Month blog series.
We will be holding a Cisco Live chat on this threat report on 17th December at 9am PST. Tune in on Cisco.com or via any of our social channels – Twitter, Facebook, Youtube and our Security Community.
We encourage you to use this retrospective report in any security-focused board meetings or business planning sessions you might be holding over the next few months to guide you on planning the security tools and processes needed for 2020. You can also use it as a resource to help explain how your current security posture would perform with any such attacks, and identify any gaps.
The post A Look Back at the Major Cyber Threats of 2019 appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Ben Munroe Four million. According to the latest study, that’s the approximate number of cybersecurity jobs around the world that still need to be filled by skilled professionals. With the current cybersecurity workforce measured at 2.8 million, it would need to grow by 145 percent for us to catch up. The same study done last year indicated a shortage of nearly 3 million professionals – meaning the number has already grown by more than one million people in a year. This poses so many questions. Chief among them: Is it real?
To put this into further perspective, the entire population of the City of Los Angeles is roughly 4 million. Therefore, in order to fill our current skills gap, every single person who lives in L.A. would need to work in the cybersecurity industry (plus a few more). Four million is also greater than the entire population of many countries – including Iceland, Qatar, Jamaica, and Mongolia, just to name a few. So, yeah, it’s a large number.
Have we created too many tools that all need managing, generating more alerts than can be attended to? Is it even possible to find, train, hire, and retain such a massive number of new security professionals?
Many have suggested widening the candidate pool and providing more training to alleviate this colossal problem. While these are of course logical solutions that we should definitely be pursuing, they will never increase our workforce by 145 percent. It’s just not feasible.
So should we just give up and let the bad actors win? Absolutely not. What we need to do is focus on a new solution. Yes, people are an essential piece of the puzzle, but we also have technology and processes to augment our talent.
The Business of Complexity
Historically, the security industry has innovated like crazy to keep up with attackers (and will continue to do so). We see a problem, and we build a box.
For example, malware starting to run amok through your environment? Time to buy some anti-malware technology. Your employees getting duped by phishing attacks? Better look into anti-phishing measures! Expanding into the cloud? What’s the best cloud security solution on the market? And so on…
While innovation is necessary and wonderful, it has created unmanageable complexity for many organizations. For each new product we create, we require more people to manage it. Therefore, instead of proactively protecting your environment, you’re frantically toggling between countless security applications all day just to triage the biggest issues. Or you’re spending all your time trying to integrate disparate solutions on your own.
VC funding in the cybersecurity space totaled $5.3 billion in 2018, up 20 percent from $4.4 billion in 2017. More venture capital means more companies, means more tools, and potentially more job openings. This does not seem like it’s moving in the right direction.
According to Cisco’s 2019 CISO Benchmark Study, 79 percent of respondents find it challenging to orchestrate security alerts from multiple vendors‘ products. And almost a third of respondents said they were suffering from “cyber fatigue” – meaning they have all but given up on trying to stay ahead of malicious threats and bad actors. Yikes! So, what can we do about this challenge without adding millions of people to our workforce?
A Platform Approach to Security
At Cisco, we’re continuing to innovate our respective security technologies to keep pace with attackers. And at the same time, we’re placing greater emphasis on making these technologies more effective and easier to work with. We’re calling it our platform approach to security – because a platform supported by a dozen pillars is stronger than just the pillars themselves.
Through this platform approach, we are leveraging integration, automation, and machine learning so that our technologies are working for you – not the other way around. The technologies you purchase to secure your environment should be making things easier for you, not harder.
Yes, we offer a lot of security products, because let’s face it, there are many different types of threats out there and infinite ways for them to get in. But let’s not lose sight of the forest for the trees. At the end of the day, the goal is a seamless, holistic security platform that allows a threat to be detected in one area of the enterprise and be blocked everywhere else – from the data center, network, and cloud, to email, the web, endpoints, and everywhere in between. We want to build a system whose components talk to one another and work together as a team to thwart attackers.
The Proof Is in the Platform
We have been ramping up towards this platform with some of our previous security portfolio synergies. For example, where the Cisco AnyConnect VPN leaves off, Cisco Umbrella kicks in – protecting users whether they are on or off the network. Additionally, Cisco AMP for Endpoints stretches across the portfolio to automatically receive actionable intelligence on worldwide threats from sources like Cisco Talos, Threat Grid, and Umbrella, and to integrate with our multi-factor authentication (MFA) solution, Duo. These are just a few of the integrations that already exist among our product set.
Now, we’re taking our platform approach towards the front end to make the integrated portfolio easier to use with Cisco Defense Orchestrator (CDO) and Cisco Threat Response (CTR). Security teams can now harmonize policies for a multitude of devices – from next-generation firewalls to Meraki – through a single cloud portal using Cisco Defense Orchestrator. We’re enabling customers to maintain consistent policies across firewalls and into the cloud, starting with support for Amazon Web Services (AWS). You can learn more here.
Additionally, organizations can now leverage coordinated incident response across the entire Cisco Security platform with Cisco Threat Response (CTR), which comes free with many of our security products. CTR leverages our integrated security architecture to make threat investigations faster, simpler, and more effective.
Cisco Threat Response

Your Experience Simplified, Your Success Accelerated, Your Future Secured
How will this new approach benefit you? At a high level, we envision this platform enabling customers to:
Reduce complexity with an integrated and open platform that strengthens operations, gets out of the way, and gives you back time.
Champion innovation with a powerful, pervasive platform that keeps you safe as your business pursues what’s ahead.
Future-proof your security strategy and reduce risk with a platform you can rely on, backed by unparalleled resources and expertise.
So that’s what we’ve been up to. And we’ll keep pushing, because the journey is far from over. We’re committed to creating a platform that delivers a better security experience and protects what’s now and what’s next.
In case you missed it, we recently held a virtual summit to officially launch our security platform. Catch the replay and find additional resources here.
The post It’s Time for Security to Work as a Team appeared first on Cisco Blogs.

Source:: Cisco Security Notice