Anatomy of an Attack
Know your enemy.
What are the cybercrime facts for ANZ?
"$276,323 is the average cost of a cybercrime attack to a business, 33% of all businesses experienced a cybercrime"
PWC – Global Economic Crime Survey 2014
The 'threat surface' is getting larger, and more complicated
Picture the scene:
- Users are accessing your network from their own smart devices, from wherever they are.
- Your corporate apps, servers, and data are in the cloud.
- Devices that don’t even look like computers are connecting to your networks (think smart meters, thermostats, cameras...)
And to thicken the plot, you need to figure out how to get security everywhere to secure this complex infrastructure.
Businesses in 2017 simply have a lot more things to protect than five years ago. The last thing you want is to be caught out by....
In 2016, 27% of connected third-party cloud applications, introduced by employees in enterprises in 2016, posed a high security risk.
“It’s really quite simple: The more attack vectors that go unnoticed and the longer we allow attackers time to exploit our systems and infrastructure, the greater their chance for success. It’s on us to close that opportunity.”
– John N. Stewart, SVP and chief security and trust officer, Cisco
Australia is one of the world’s biggest targets for cyber attacks. Each year, at least 1 in 2 Australian businesses was hit by one or more cyber attacks. In 2016, the number of cyber-security incidents detected in Australian businesses soared 109%, compared to the global average of 38%.
Do you feel that you business is safe?
Main types of cyber attack: IOT, Ransomeware, Malware & Phishing
Here's how they work and how you can defend against them
What do you need to know?
How does it work?
Escalation of cyber attacks can cripple vital services
The escalation of ransomware and other malware events in the past year reveals that organizations are even more critically exposed, reflecting a long-held concern that “it’s not if but when” a business may fall victim to costly cyberattacks. The Cisco 2017 Annual Cybersecurity Report notes that CISOs find attacks can impact operations, reputation, and revenue. At stake is unauthorised access to networks, data and IP loss, and business shutdown. These issues are compounded for those in manufacturing, with IT and OT challenges in how businesses securely connect devices, protect plant operations, and maintain functionality and uptime. While many device manufacturers are building in cybersecurity, implementation can take years. The logical move is to segment these devices to put them out of attackers’ reach. If devices are compromised, organizations can prevent them from being used as pivot points to move through the network, and to activate incident response processes to protect the business.
Segmentation clears obstacles to securing the IoT
Organizations face two major hurdles in securing the IoT. First, most IoT devices can’t protect themselves. The resulting vulnerabilities create ample opportunities for attackers to exploit those devices and gain network access. The second complicating factor is scale, as businesses will be expected to connect billions of devices in the next few years. Network segmentation is not new. Virtual Local Area Networks (VLANs) have been in use for decades. But the sheer scale of the IoT makes creating enough VLANs impractical, if not impossible.
How confident are you in the security of your distributed assets which are connected to your network?
- Not confident
"With 50 billion connected devices by 2020, businesses must segment network for security; medical care, manufacturing, utilities are first to benefit "
– Cisco's Technology News Site
How can you prevent attacks?
The Internet of Things is altering our society. We’ll see innovations in medical care, manufacturing, and utility services, among other advances. But for the IoT to truly fulfill its promise, it must be secured.
In addition to the use of network segmentation to securely scale to meet the escalating needs of the IoT, Cisco IoT Threat Defense is built as a best-of-breed architecture, featuring a strong cast of integrated, trusted Cisco security capabilities:
This architecture provides visibility and analysis of traffic to and from IoT devices, as well as traffic entering and exiting the enterprise to detect threats and compromised hosts. It can detect anomalies, block threats, identify compromised hosts, and help mitigate user error. Additionally, it can secure remote access between sites and between organisations.
Cisco Iot Threat Defense 3D Experience
For more information about Cisco IoT Threat Defense, click here.
Explore IoT Threat Defence
Segmentation: deploy extensible, scalable security policy and gain protection against attacks and compromised IoT devices.
Visibility and analysis: analyse both your network and external traffic to detect and block threats.
Secure remote access: provide highly secure access to trusted third parties while maintaining visibility and control.
AnyConnect Secure Mobility Client
What do you need to know?
What is it?
Ransomware is malicious software, or malware, that encrypts the information on a person’s computer like documents, photos and music.
It will not release these files until the user pays a fee — or ransom — to unlock these files and get them back. Ransomware has quickly become the most profitable type of malware ever seen, on its way to becoming a $1 billion annual market. Ransomware is typically distributed through a few main avenues. These include email phishing, malvertising (malicious advertising), and exploit kits. After it is distributed, the ransomware encrypts selected files and notifies the victim of the required payment.
How it works?
1. In a typical attack, a user receives a phishing email that looks legitimate. It could appear to be from a company email address, or from someone they know.
2. Suitably promoted, the user clicks a link or downloads an attachment in the email, giving ransomware access to his or her computer and the broader company network.
"What if you could stay safer from ransomware, however it may attempt to get into your network?"
3. The ransomware encrypts files and data, locking users out of their network and bringing the target business to a grinding halt. If it's an e-commerce business, all trading ceases.
4. The company receives a message demanding a ransom to get back file access or risk losing their data forever. Attackers usually request payment in untraceable bitcoins.
5. Australian businesses pay an average ransom of $15,747 to get back their data, but individual ransoms can be much higher.
6. Even after paying the ransom, around half of the businesses targeted by ransomware experience significant downtime and data loss as a result.
How can you be affected by ransomware?
Ransomware has quickly become the most lucrative type of malware ever seen.
The FBI has said it is on way to becoming a $1 billion annual market. Cisco Talos research shows that a single ransomware campaign can generate up to $60 million annually. Ransomware is gaining so much attention it is has been featured on broadcast TV shows.
Attackers have the funds and desire to continue innovating ransomware strands that will become far more virulent. We believe that ransomware will become more capable of self-propagating, with the aim of locking up vast swaths of corporate networks. That would effectively knock corporate IT functionality back to the 1970s.
Current responses to ransomware tend to revolve around single point products. We must consider bringing a more architectural approach to bear given the various vectors it targets to gain infections. This solution overview addresses the various vectors and methods that attackers use. Defenders must secure both email and the web, block access to malicious infrastructure on the Internet, stop any ransomware files that make it all the way to an endpoint, block the commandand-control callbacks used and prevent easily lateral movement of ransomware should an infection occur.
Has your company been infected with Ransomware?
Read the Cyber Threat Response magazine to see how the cyber criminals are exploiting the breaches
How can you prevent the attack?
Cisco Ransomware Defense brings together all the necessary pieces of the Cisco security architecture to address the ransomware challenge. You can choose all the pieces or select ones that fulfill an immediate security need.
Ransomware Defense comprises:
“We have covered a great risk in the web attack vector of ransomware and greatly improved our user experience in regards to Internet connectivity.”
– Jason Hancock, Global Senior Network Engineer, Octapharma
Advanced Malware Protection can be immediately added to email security products through an easy license for static and dynamic analysis (sandboxing) of unknown attachments that traverse the Cisco Email Security gateway.
With Ransomware Defense, you can use your network as an enforcer to contain the spread of ransomware. It will not be able to propagate as easily on the network in the worst-case scenario of an infection. Cisco Security Services can provide immediate triage in the case of an outbreak. They also streamline deployments and help ensure that the solution is configured to provide the greatest possible effectiveness in your environment.
- Block ransomware from getting into the network or being downloaded onto laptops
- Contain ransomware in worst-case scenarios should it enter the network
- Shared threat intelligence across all products for a unified, concerted defense
What do you need to know?
How Malware can infiltrate a company network:
Phishing: Emails purporting to be from legitimate sources are often used to lure users into opening files or clicking links that contain malware, giving network access attackers without the computer user's knowledge.
Infected USBs: Hackers have been known to leave malware - infected USBs outside targeted company premises, often marked Private or Confidential. Human curiosity means many people will plug them into their company computer and open the files within, bypassing many security defences and letting malware loose in company network.
Drive-by-downloads: Malware infections can be caused by an action as simple as visiting a website that hosts malicious code that scans for vulnerabilities in browsers. Even respected websites aren’t necessarily safe, with attackers often inserting their code into advertisements they have bought on legitimate websites.
Join Cisco and ThreatConnect to learn how orchestration enhances malware analysis. Register now!
How does it work?
Malware can infect a computer or network in a variety of ways:
Is your endpoint security continuously monitoring and eliminating malware?
What can you do to protect your organisation?
Cisco Advanced Malware Protection (AMP) not only screens incoming traffic, but uses global cyber intelligence from Talos to identify and block malware before it tries to access your network. AMP identifies and removes malware that’s already infected a network, while retrospective security uncovers the origin of malware.
If, for example, the system detects a Microsoft Word attachment hiding malware, AMP can not only isolate, and remove the malware, but also track where that Word document was sent, to block other attacks.
AMP learns from each threat, incorporating intelligence from Talos to prevent reinfection. Suspicious programs are sandboxed – quarantined and then run in isolation to see if they contain malware.
Keep up-to-date with malware protection
Meet our security engineers and product experts who share insights of emerging malware and the threat landscape on their Security blog.
For more on AMP, click here.
What do you need to know?
How does it work?
Phishing uses fraudulent emails to trick people into giving attackers personal info or gaining system access. An estimated 68% of all emails traffic contains malicious, potentially dangerous content.
The most dangerous type is spear phishing, where emails are tailored for their targets using public information.
45% of all cyber security incidents are caused by staff clicking on attachments or links sent via emails. One click is all it takes for malicious content to infect a network and target vital company IT infrastructure.
"The average cost of a successful phishing attack to an Australian business is $23,209"
– PWC – Global Economic Crime Survey 2014
How secure is your email monitoring?
- Very secure
- Moderately secure
Request a demo with Cisco Umbrella for phishing protection
More than 100 billion corporate emails are exchanged every day. Email has become a prime vehicle for cyber attacks. Businesses need a security solution that can:
- Protect from advanced email attacks
- Provide continuous analysis and retrospective security
- Perform dynamic malware analysis
- Provide stronger network defence
- Protect from blended attacks caused by multiple threat vectors
Find out about Advanced Malware Protection for Email Security
What can you do?
- The frontline defence in repelling phishing attacks are email security applications. Cisco Email Security inspects more than 200 email attributes to determine legitimacy and block suspicious messages.
- Cisco Outbreak Filters quarantine suspicious, possibly toxic incoming and outgoing messages until they can be verified across multiple antivirus databases.
- Phishing attacks, and their origins, change constantly. Your protection needs to be dynamic and forever updating. The cyber intelligence team at Cisco’s Talos seamlessly updates Email Security every three to five minutes with the latest threats. The Talos intelligence network monitors 75 TB of web data a day, providing 1.5 million threat samples a day to Cisco security products.
Add on software:
Take a free test drive of Cisco Email Security. We're offering you a free 45-day trial.
Listen to the podcast series as our experts dive into emerging threats and industry news.