Cisco UK & Ireland Blog
Share

The 5 biggest cyber threats, and how to protect against them


September 30, 2019


People are often asking us, “What’s the next big threat?” or, “What are your predictions for what hackers will do in the future?”

The best way to answer that question is to look back at what the bad guys have already done (and, unfortunately, done well) – because that’s the closest we’ll get to predicting the future without using a crystal ball. Cyber criminals are just like the rest of us in that respect. Found something that works? Do it again. And again.

Essentially, they are always looking for gaps. For weaknesses.

‘Defending against today’s critical threats’ is a Cisco report that contains intricate and revealing details on five cyber threats from the last year.  We’ve chosen to focus on these particular threats, not just because they were big events, but because we think that these threats, or something similar, could very well appear again in the near future.

Namely, these are:

  • Emotet – a Trojan involved in malware distribution
  • VPNFilter – a modular IoT threat
  • Unauthorised Mobile Device Management
  • Cryptomining
  • Olympic Destroyer – an example of destructive cyberattack campaigns

These five threats are important for the attack trends they represent. Take modular threats, for example. These download plugins or other threats, depending on either the type of device infected or the intended goals of the attackers.

  • VPN Filter’s third stage was dedicated to pulling down plug-ins to help the attackers achieve their intended goal.
  • Emotet’s distribution system allowed for multiple payloads, from infostealers to ransomware, depending on the type of system it infected.
  • The successful installation of unauthorised mobile device management (MDM) profiles opens the door for an attacker to install any sort of malicious app he or she wishes.

We saw plenty of such modular threats in 2018, and we would be surprised if we didn’t see more in the future.

For the full threat report (it’s about a 10 minute read) please visit www.cisco.com/go/securityreports

NEW: Proactive Threat Hunting

It can happen to the best of us. You can have robust security software deployed in your environment, and yet a threat slips through. Often it happens at a weak point that you hadn’t considered critical or just overlooked entirely. It can be a humbling experience and something that many security professionals, while loath to admit, have faced.

It makes the case for threat hunting: A security practice where you look for threats that managed to get past your defences and have hidden themselves within your environment.

The overarching goal of threat hunting is not just about uncovering threats, but also implementing policies and playbooks to shore up your security posture. In fact, some of the most successful hunts may not uncover a threat at all. Rather, they identify a weakness in the environment that needs to be addressed.

So why should security professionals everywhere consider it a necessity rather than a ‘nice to have’?

In the latest Cisco Cybersecurity Report, we provide an overview of the threat hunting discipline. We explore the basics of threat hunting, highlight why it’s a worthwhile endeavour, who should be involved, what and where you should look, and when you should do it.

The report covers:

  • The inherit value of threat hunting: it allows security professionals an opportunity to proactively look for unknown threats, identify future weaknesses, and familiarise themselves with the tools needed if a breach were to occur.
  • How to assemble a capable threat hunting team, and the skillsets they should bring to the table.
  • Warning signs and tips for when your organisation should begin threat hunting: Certain behaviours, like an administrator clearing his or her bash logs, are red flags for potential compromises.
  • How to hunt: our researchers offer clear and specific steps you can use to get started, like: analysing the logs, paying attention to unusual user or device behaviour, analysing CPU activity spikes and more

 

Download now at www.cisco.com/go/securityreports

 

Tags:
Leave a comment