Across Wider Region, Geopolitical Events and Natural Disasters Expand Threat Landscape, with Agriculture and Mining as Most At-Risk Industry Vertical
DUBAI, United Arab Emirates – August 19, 2014 – Cisco has released its 2014 Midyear Security Report, which examines the “weak links” in organizations that contribute to the UAE’s increasingly dynamic threat landscape.
In the Middle East, geopolitical events are creating new trends in the cyber realm, expanding the risk landscape for businesses, governments, and other organizations and individuals.
Due to recent drought, floods, and unrest affecting supplies and infrastructure across the wider Europe, Middle East, Africa, and Russia (EMEAR) region, the top five most at-risk industry verticals for mobile malware encounters during the first half of 2014 were agriculture and mining, transportation and shipping, food and beverage, government, and media and publishing. In EMEAR, food and beverage saw the highest number of web malware encounters.
As a result, weak links –outdated software, bad code, abandoned digital properties, or user errors – contribute to the adversary’s ability to exploit vulnerabilities, with methods such as DNS queries, exploit kits, amplification attacks, point-of-sale (POS) system compromise, malvertising, ransomware, and infiltration of encryption protocols, social engineering and “life event” spam.
The report also shows that focusing on only high-profile vulnerabilities rather than on high-impact, common and stealthy threats put these organizations at greater risk. By proliferating attacks against low-profile legacy applications and infrastructure with known weaknesses, malicious actors are able to escape detection as security team’s focus instead on boldface vulnerabilities, such as Heartbleed.
Globally, researchers closely examined 16 large multinational organizations, which, as of 2013, collectively controlled over USD 4 trillion in assets with revenues in excess of USD 300 billion. This analysis yielded three compelling security insights tying enterprises to malicious traffic:
- “Man-in-the-Browser” attacks pose a risk for enterprises: Nearly 94 percent of customer networks observed in 2014 have been identified as having traffic going to websites that host malware.
- Botnet hide and seek: Nearly 70 percent of networks were identified as issuing DNS queries for Dynamic DNS Domains. This shows evidence of networks misused or compromised with botnets using DDNS to alter their IP address to avoid detection/blacklist.
- Encrypting stolen data: Nearly 44 percent of customer networks observed in 2014 have been identified as issuing DNS requests for sites and domains with devices that provide encrypted channel services, used by malicious actors to cover their tracks by exfiltrating data using encrypted channels to avoid detection like VPN, SSH, SFTP, FTP, and FTPS.
- The number of exploit kits has dropped by 87 percent since the alleged creator of the widely popular Blackhole exploit kit was arrested last year, according to Cisco security researchers. Several exploit kits observed in the first half of 2014 were trying to move in on territory once dominated by the Blackhole exploit kit, but a clear leader has yet to emerge.
- Java continues its dubious distinction as the programming language most exploited by malicious actors. Cisco security researchers found that Java exploits rose to 93 percent of all indicators of compromise (IOCs) as of May 2014, following a high point of 91 percent of IOCs in November 2013 as reported in the Cisco 2014 Annual Security Report.
- Unusual upticks in malware within vertical markets. For the first half of 2014, worldwide the top three verticals most at risk for web malware encounters were media and publishing, pharmaceutical and chemical, and aviation.
Rabih Dabboussi, General Manager for the UAE, Cisco, said:
“Widespread broadband, cloud, and mobile device take-up is enabling the UAE to be a world leader in the innovation-based economy, but inevitably with this growth will also come the expanding the cyber threat landscape. As the region embraces the era of the Internet of Everything, UAE companies must realize that security is no longer the responsibility of IT professionals alone. Mobile operators, device manufacturers, software developers and businesses all have to take up a post in this war and be on high alert for potential cyber spill over, especially with mobile malware. In order to protect the ‘weak links’ in their networks, UAE businesses will need to adopt a business-oriented cyber security approach to cover the full attack continuum.”
Cisco (NASDAQ: CSCO) is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected. For ongoing news, please go to http://thenetwork.cisco.com