An annual report on the state of cybersecurity released Feb. 21 by Cisco Systems suggests cybercriminals are becoming more sophisticated and devious in their attacks to compromise IT environments.
Based on a survey of 3,600 chief security officers (CSOs) and security operations (SecOps) managers from 26 countries, the report finds the volume of instances in which cybercriminals are employing encryption to hide malware has increased more than 50 percent. In total, Cisco said it has discovered a threefold increase in encrypted network communication in malware samples inspected over a 12-month period, which indicates cybercriminals are going to greater lengths to hide the command-and-control mechanisms they are employing from disruption techniques that are widely employed by cybersecurity professionals.
According to the report, attacks on applications are increasing, along with burst attacks that consist of multiple “hit-and-run” attempts at distributed denial of service (DDoS). There’s also been an increase in the number of amplification attacks on DNS servers, the report notes.
The Cisco report also finds that, on average, more than half of all attacks resulted in financial damages of more than $500,000, spanning lost revenue, customers, opportunities, and out-of-pocket costs. Respondents said one-third (32 percent) of breaches affected more than half of their systems, compared with 15 percent in 2016.
Franc Artes, an architect in the Cisco Security Business Group, said the most troubling aspects of this year’s study is that many of the attacks being launched don’t appear to have any purpose beyond simply compromising targeted systems. For example, ransomware attacks such as WannaCry and Nyetya often come without any method to acquire encryption keys to unlock files.
“We’re seeing unprecedented levels of sophistication,” Artes said.
On the plus side, the Cisco report finds there is increased reliance on automation and artificial intelligence (AI) to combat threats. Nearly two-fifths of respondents (39 percent) of organizations say they now employ automation, while 34 percent say they are making use of machine learning algorithms and a full 32 percent say they are highly reliant on AI. In addition, 92 percent of respondents said behavior analytics tools work well.
The Cisco report also makes it clear that cybersecurity professionals are dependent on a larger number of vendors than ever. A quarter (25 percent) of security professionals said they employ products from 11 to 20 vendors, compared with 18 percent of security professionals of cybersecurity professionals employing that number of products in 2016.
Artes said it’s clear that IT organizations need to be able to pivot between different styles of attacks with greater alacrity. Cybercriminals are shifting attack vectors more frequently in an attempt to compromise systems while the attention of cybersecurity professionals is being diverted elsewhere, Artes said.
It’s still not clear the degree to which AI and automation are enabling organizations to counter the increased sophistication of attackers. But given the overall shortage of cybersecurity expertise, increased reliance on automation and AI is a foregone conclusion for most organizations. The only real concern, of course, is how much cybercriminals are employing the same technologies to launch even more sophisticated attacks at rates that are only going to increase.