Cisco Midyear Cybersecurity Report: 10 Security Threats To Watch

Be On The Lookout

2017 so far has seen a rise in new and old threat vectors, the Cisco Midyear Cybersecurity Report found. While email and spyware continued to be threats on the rise, the report said new threats around Malware-as-a-Service, the cloud, Distributed Denial of Service and the Internet of Things are also growing. These threats present a significant opportunity for partners who can step up to the plate to help customers with emerging threat areas, with a managed security and architecture-based approach, said Dave Gronner, senior manager of security-go-to-market, global partner organization at Cisco.

"It's a phenomenal opportunity for partners," Gronner said about security. "There hasn't been anything this big in a consultative, trusted adviser requirement in quite a while." Here are 10 threat trends that solution providers should have their eye on, as highlighted in the Cisco report.


Cisco said it had seen a decline in the number of exploit kits, as several were taken offline and hackers start to use more Malware-as-a-Service offerings. While Cisco said some of that decline is likely temporary, the rise in Malware-as-a-Service also could be driving this trend. Just as more businesses are starting to use as-a-service offerings, Francisco Artes, architect, Cisco Security Business Group, said hackers are following the same trend, looking for scalability, to minimize cost, and to meet demand.

"Cybercriminals are using the same tools that we are using to expand our businesses," Artes said.

Evolution Of Ransomware

Ransomware is one of the hottest security topics of the year, with two major ransomware campaigns so far. Cisco has seen different forms of ransomware emerge, particularly leveraging and repurposing the same pieces of open-source code that was previously available for educational purposes, according to Artes. Cisco also is seeing a rise in Ransomware-as-a-Service and predicts a future trend around "destruction of a service", where instead of information being encrypted it is destroyed by the malware.

Email Security Still A Challenge

When it comes to threat vectors, "email is still king," Artes said. Business email compromise, in particular, continues to cost companies a significant amount, totaling $5.3 billion between October 2013 and December 2016. Ransomware attacks, meanwhile, cost businesses an estimated $1 billion in 2016.

Cisco noted a particular increase in malicious content through spam, with 65 percent of business email spam and 8 percent of that malicious content, Artes said. Cisco continues to see the overall volume in spam increasing, and hackers have evolved to make that malicious content more effective, including password-protecting documents to get them past spam filters, he said.

Spyware On The Rise

Cisco said it continues to see spyware and adware as a threat vector. Spyware is particularly concerning, according to Artes, as it can steal company information and increase malware infections. In organizations sampled, he said Cisco found more than 60 percent of those affected by spyware got it through Hola VPN. Other common spyware included RelevantKnowledge and DNS Unlocker.

New Forms Of Malware

In addition to Malware-as-a-Service, Cisco said it is seeing new, emerging malware tactics. One trend the company found was around a rise in file-less malware, which evades endpoint security technology by staying resident in RAM and makes forensics difficult, Artes said. Cisco also saw rising trends around Fansomware-as-a-Service and anonymized and decentralized infrastructure for CNC, which both obfuscates hackers and allows for greater scalability, he said.

IT, OT Convergence Causing Security Challenges

The convergence between information technology and operational technology around the Internet of Things is driving significant security challenges, Artes said. Cisco has seen some case studies of malware moving from IT networks to OT networks, which often control things like critical infrastructure. For example, he said a European automaker was hit by WannaCry targeting its IT systems, but because of connected IoT devices the malware spread and ultimately took down the company's production plant. This is particularly a challenge as 40 percent of IoT devices on corporate networks are either unknown or unmanaged, according to Artes.

Shadow IT Still A Problem

Shadow IT, or the "Dark Cloud," continues to be a challenge for businesses, especially as there is greater business adoption of cloud services and applications and users continue to adopt their own cloud offerings, Artes said. The challenge from a security perspective, he said, is that open authentication could provide a path from those cloud applications into the organization's critical information, especially as it creates an excessive amount of privileged users and users frequently reuse user names and passwords.

DDoS Attacks Escalating

Cisco said it continues to see momentum growing behind DDoS attacks, with attacks growing to the 1-TBps range, up from the 600-MBps range with the Dyn attack last fall. Artes credited a large part of that to the growth in Internet of Things devices, which he said are often left unsecured and leveraged in these types of attacks. IoT devices are easily hackable without endpoint protection and can be built quickly into a botnet, he said.

Privilege Becoming Important In The Cloud

When it comes to the cloud, Cisco said there is a "security gap" when it comes to privileged user accounts. It said poor management and open authentication have created that gap, making it easier for hackers to move into the cloud and breach cloud environments.

"When it comes to enterprise security, cloud is the ignored dimension," the report said.

Danger In DevOps

Cisco said it is also seeing a growing risk around DevOps services. The report said many of these services have been "deployed improperly or left open intentionally for convenient access by legitimate users." It said this trend causes a "significant risk to organizations." The percentage of DevOps servers left "wide open" is also creating a "huge ransomware risk," Artes said.