February 23, 2018
The economic cost of cybercrime to the world came close to $600 billion now, or 0.8% of global GDP. Quick adoption of new technologies by cybercriminals, among other things, leads to the evolution of cybercrime. The most recent Cisco study covers how cybercrime evolves in response to increasing encryption, and how the rise of AI can address modern cyberthreats.
In its latest annual cybersecurity report, Cisco presents data and analysis from Cisco threat researchers and several of its technology partners about attacker behavior observed over the past 12 to 18 months.
The topics examined in the report align with three general themes
1. Adversaries are taking malware to unprecedented levels of sophistication and impact.
The evolution of malware was one of the most significant developments in the attack landscape in 2017. The advent of network-based ransomware crypto-worms eliminates the need for the human element in launching ransomware campaigns.
2. Adversaries are becoming more adept at evasion – and weaponizing cloud services and other technology used for legitimate purposes.
In addition to developing threats that can elude increasingly sophisticated sandboxing environments, malicious actors are widening their embrace of encryption to evade detection. Encryption is meant to enhance security, but it also provides malicious actors with a powerful tool to conceal command-and-control (C2) activity, affording them more time to operate and inflict damage.
Cybercriminals are also adopting C2 channels that rely on legitimate Internet services like Google, Dropbox, and GitHub. The practice makes malware traffic almost impossible to identify.
Also, many attackers are now launching multiple campaigns from a single domain to get the best return on their investments. They are also reusing infrastructure resources, such as registrant email addresses, autonomous system numbers (ASNs), and nameservers.
3. Adversaries are exploiting undefended gaps in security, many of which stem from the expanding Internet of Things (IoT) and use of cloud services.
Defenders are deploying IoT devices at a rapid pace but often pay scant attention to the security of these systems. Unpatched and unmonitored IoT devices present attackers with opportunities to infiltrate networks. Organizations with IoT devices susceptible to attack also seem unmotivated to speed remediation. Worse, these organizations probably have many more vulnerable IoT devices in their IT environments that they don’t even know about.
Meanwhile, IoT botnets are expanding along with the IoT and becoming more mature and automated. As they grow, attackers are using them to launch more advanced distributed-denial-of-service (DDoS) attacks. Attackers are also taking advantage of the fact that security teams are having difficulty defending both IoT and cloud environments.
Major findings of the study
Burst attacks grow in complexity, frequency, and duration. In one study, 42% of the organizations experienced this type of DDoS attack in 2017. In most cases, the recurring bursts lasted only a few minutes.
Many new domains tied to spam campaigns: In most of the malicious domains analyzed for the study, about 60% were associated with spam campaigns.
Security is seen as a key benefit of hosting networks in the cloud. The use of on-premises and public cloud infrastructure is growing.
Insider threats: A few rogue users can have a big impact. Just 0.5% of users were flagged for suspicious downloads. On average, those suspicious users were each responsible for 5200 document downloads.
More OT and IoT attacks are on the horizon. About 31% of security professionals said their organizations have already experienced cyberattacks on OT infrastructure.
The multivendor environment affects risk. Nearly half of the security risk that organizations face stems from having multiple security vendors and products.
There is a tight coupling of the consumption and the payment, thereby accentuating the pain of paying. In the case of credit card purchases, the actual parting of the money occurs after the purchase decision, thereby dulling the pain of paying. – American Psychological Association
Last year, FCA organized a Tech Sprint to develop a PoC on adopting a solution for regulatory reporting. In its February 2018 call for input, FCA explains how it conducted the experiment and what it was able to achieve, calling for organizations to get involved in its 2018 sprint.
Using the mocked-up database schemas, we created 250,000 retail customer accounts with balances. We then built technical architecture to separate the RDF file into more easily processed components, which are analyzed for correct syntax and then attached to tags that define each component. Machines can then process each component and transform it into machine language. Once ‘translated,’ the architecture can evaluate which customer accounts match the definition. Once the query had automatically selected the customers that we were interested in, we then pulled the data from the firms’ customer databases which we then refined. Again, using semantic techniques, we aggregated this customer information and automatically populated line 25 of the FSA001 form.
What was achieved
We simulated a rule change in the Handbook in real time and saw this automatically change the data that was reported. This demonstrated that a firm’s systems could automatically execute a change to the regulatory rule without any human interpretation and without having to change a firm’s information systems.