July 26, 2016
The Cisco 2016 Midyear Cybersecurity Report (MCR) released today has found that organizations are unprepared for future strains of more sophisticated ransomware. Fragile infrastructure, poor network hygiene, and slow detection rates are providing ample time and air cover for adversaries to operate, the firm said.
According to the report’s findings, the struggle to constrain the operational space of attackers is the biggest challenge facing businesses and threatens the underlying foundation required for digital transformation.
Other key findings in the MCR include adversaries expanding their focus to server-side attacks, evolving attack methods and increasing use of encryption to mask activity.
So far in 2016, ransomware has become the most profitable malware type in history. Cisco expects to see this trend continue with even more destructive ransomware that can spread by itself and hold entire networks, and therefore companies, hostage. New modular strains of ransomware will be able to quickly switch tactics to maximize efficiency.
For example, future ransomware attacks will evade detection by being able to limit CPU usage and refrain from command-and-control actions. These new ransomware strains will spread faster and self-replicate within organizations before coordinating ransom activities.
IT security firm Trend Micro defines ransomware as “a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key.”
“As organizations capitalize on new business models presented by digital transformation, security is the critical foundation,” said Marty Roesch, vice president and chief architect of Cisco”s security business group.
“Attackers are going undetected and expanding their time to operate. To close the attackers’ windows of opportunity, customers will require more visibility into their networks and must improve activities, like patching and retiring aging infrastructure lacking in advanced security capabilities.”
Further information on the report is available at www.cisco.com.