dcsimg
 
 
 
 
 

11 Important Facts to Know About IT Security

 
 
By Michael Vizard  |  Posted 2014-08-12
 
 
 
 
 
 
 
 
 
  • 1 of
  • Previous
    1 - Number of Exploit Kits Drops Sharply
    Next

    Number of Exploit Kits Drops Sharply

    Law enforcement is becoming more effective, but new kits are always being developed. The number of exploit kits has dropped by 87% since the alleged creator of the widely popular Blackhole exploit kit was arrested last year.
  • Previous
    2 - Know Your Exploits
    Next

    Know Your Exploits

    Not every vulnerability translates into an actual exploit. Of the 2,528 vulnerability alerts published from January to June 2014, 28 were identified as being actively exploited.
  • Previous
    3 - Top IT Security Targets
    Next

    Top IT Security Targets

    With most attacks focused on applications, the rest of the IT environment often gets overlooked. Applications only account for 31% of the attacks; the rest are aimed elsewhere.
  • Previous
    4 - Man-in-the-Browser Attacks on the Rise
    Next

    Man-in-the-Browser Attacks on the Rise

    Nearly 94 percent of customer networks have traffic going to Websites that host malware. Domain Name System (DNS) requests for host names where the IP address to which the host name resolves are reported to be associated with the distribution of Palevo, SpyEye, and Zeus malware families that incorporate man-in-the-browser (MiTB) functionality.
  • Previous
    5 - Botnet Hide and Seek
    Next

    Botnet Hide and Seek

    Few legitimate outbound connection attempts from enterprises should seek dynamic DNS (DDNS) domains. Nearly 70% of networks were identified as issuing DNS queries for DDNS. This shows evidence of networks misused or compromised, with botnets using DDNS to alter their IP address to avoid detection/blacklist.
  • Previous
    6 - Encrypting Stolen Data
    Next

    Encrypting Stolen Data

    Hackers cover their tracks by "exfiltrating data" using encrypted channels to avoid detection. Nearly 44% of customer networks have been identified as issuing DNS requests for sites and domains with devices that provide encrypted channel services.
  • Previous
    7 - Java Still a Major Security Concern
    Next

    Java Still a Major Security Concern

    Security is one of the major reasons there has been a proliferation of programming language adoption. Java exploits rose to 93% of all indicators of compromise (as of May 2014.)
  • Previous
    8 - Spam on the Rise Again
    Next

    Spam on the Rise Again

    After a decline last year, spam is back. Spam volumes have increased to the point that spam is now at its highest level since late 2010.
  • Previous
    9 - Emerging Threat Vectors
    Next

    Emerging Threat Vectors

    Hackers are looking for the latest, weakest link. Attacks aimed at WordPress sites, POS terminals as well as social engineering tactics and "malvertising" are all on the rise.
  • Previous
    10 - Vertical Industries Under Attack
    Next

    Vertical Industries Under Attack

    Hackers are shifting to where the intellectual property is. Media and publishing led the industry verticals, posting nearly four times the median Web malware encounters. The pharmaceutical and chemical industry is now second while aviation slid into third place.
  • Previous
    11 - Vertical Industry Attacks by Geography
    Next

    Vertical Industry Attacks by Geography

    The top most affected verticals by region were media and publishing in the Americas; food and beverage in the EMEA (Europe, the Middle East and Africa) region, and insurance in APJC (Asia-Pacific, China, Japan and India).
 

When it comes to IT security, there is much to be learned simply by observing. The Cisco 2014 Midyear Security Report drives that point home—not only by noting that there has been a significant drop in the number of exploit kits available to hackers, but also by identifying patterns that hackers appear to be exploiting routinely. Based on research conducted across 16 multinational organizations with more than $4 trillion in assets, the Cisco study found that while some issues such as the security of Java remain paramount concerns, the avenues of attack are starting to shift. In particular, WordPress sites and point-of-sale (POS) systems appear to be highly vulnerable. For solution providers in the channel that spend an inordinate amount of time cleaning up after these attacks, that information can be critical. The more attacks solution providers can thwart, the more profitable they stand to be. After all, the labor and other costs associated with cleaning up after a successful IT attack can exceed the actual revenue associated with delivering the security service in the first place. Of course, to be forewarned should be enough for solution providers with security expertise to be forearmed.