Assume you’ve been hacked, says Cisco

This article was originally published on Technology.Info.
As part of our continuing strategy for growth, ITProPortal has joined forces with Technology.Info to help us bring you the very best coverage we possibly can.

“All organisations should assume they’ve been hacked, or at least agree that it’s not a question of if they will be targeted for attack, but when and for how long,” say researchers in networking giant Cisco’s 2014 Annual Security Report .

Making ominous statements may be standard practice in the IT security industry, but a Cisco investigation of the corporate networks of 30 large, multinational companies found suspicious traffic activity on every single one of them.

All 30 had traffic going to websites hosting malware, while 96 per cent had traffic going to hijacked servers. A high percentage also had traffic going to suspect FTP [file transfer protocol] sites (in 88 per cent of cases); suspect VPN [virtual private network] sites (79 per cent); and to “universities in suspicious places”, potentially acting as a pivot point for malware (71 per cent).

In all 30 networks, Cisco found traffic going to military or government websites - despite the fact that the organisations in question do not typically do business with either - as well as websites in high-risk geographic areas, such as countries embargoed from doing business with the United States.

“Traffic to these sites may not be a definitive sign of a compromise, but for organisations that do not habitually do business with the government of the military, such traffic could indicate that networks are being compromised, so that criminals can use them to breach government or military websites and networks,” says the report.

The report, conducted with SourceFire, the security specialist Cisco bought last year, also finds that Java flaws were responsible for 91 per cent of all web-based exploits in 2013. Ninety-nine percent of all mobile malware discovered last year targeted Android, as did 71 per cent of all web-based attacks on mobile devices.

The majority of organisations simply don’t have the expertise or the technology in place to match the scale of the threats they face, the report finds, citing a worldwide shortage of almost one million skilled information security professionals as a major factor in organisations’ failure to adequately monitor and secure their networks.

The enemy, however, grows more powerful every day: “The cyber-crime network is expanding, strengthening, and, increasingly, operating like any legitimate, sophisticated business network. Today’s cyber-criminal hierarchy is like a pyramid,” the report states.

“At the bottom are the non-technical opportunists and ‘crimeware-as-a-service’ users who want to make money, a statement, or both, with their campaigns. In the middle are the resellers and infrastructure maintainers - the ‘middlemen’. At the top are the technical innovators - the major players who law enforcement seeks most, but struggles to find.”

Topics