Research Roundup: Cisco’s Annual Report 2010

Tuesday, March 08, 2011

Mike Meikle

49afa3a1bba5280af6c4bf2fb5ea7669

This last article in this Research Roundup series discusses the Cisco 2010 Annual Security Report.  

Previously, I provided an overview of the Davos World Economic Forum Global Risks Report and Kapersky’s ThreatPost Security Spotlight for 2011.

Cisco covers a broad array of topics in it’s Annual Report. However it takes particular pains to point out that Social Engineering or Trust Exploitation is most effective tool for cyber-criminals.  

Whether it is through Facebook, Twitter, LinkedIn or via an infected URL, Social Engineering is the key vector in gaining access to privileged information.  A particularly good example of this is the HBGary breach by Anonymous.

The report puts a nice graphical spin on the overall cyber-criminal market via the Cisco CROI Matrix, which looks like Gartner’s Magic Quadrant.  Basically it boils down the profitability, growth potential and effectiveness of various cybercrime techniques.

The techniques are identified as Cash Cows (profitable and reliable), Dogs (low success and profit), Rising Stars (huge success and growth), Potentials (high growth and low revenue).   At a glance, Spyware/Scareware is a Cash Cow, DDoS is a Dog, Muling is a Rising Star and Mobile Device exploits have Potential.

The report goes on to cover in detail the various threats that fall under each category and what the trend for 2011 portends.  Basically expect more of the same from 2010 with Instant Messaging Scams tapering off, the Zeus/SpyEye nexus ramping up and cybercriminals getting their sea-legs with mobile platform exploits.

One area that cybercriminals are running across issues is getting folks to join their “Muling” operations.  Mules move the ill-gotten gains of cybercrooks from Point A to B, with a percentage of the take for the trouble.  

Unfortunately for the Mules, this is a risky proposition with a high probability of getting caught by the Feds.  Mules normally are made to pay back all the money that they have transferred to cybercriminal accounts.

Needless to say, recruitment efforts are not going well and the Cisco Report states that there may be a 10,000 to 1 ratio of stolen goods vs. available mules.  This is why Muling is a Rising Star.  Expect to see the cybercriminals get more clever and less detectable in their muling efforts.  The report further details typical Muling operations and vectors which are very worthwhile to review.

Aligning with Muling is the latest Social Engineering trends.  Cybercriminals are now concentrating on assuming the identities of individuals that someone trusts (Facebook or LinkedIn) in order to gain access to private data or encourage others to click on compromised URLs.

Education of end-users of social media software is key.  However, the Cisco Report states that 3 percent of users consistently click on spam email or suspicious links time and again.  The latest trends in corralling this incorrigible clickers is to place them in a “sandbox” which isolates them from the network until remedial training is completed.  

Also, software controls are in the works that will help an organization put a tighter leash on social media users, with far more granular access permissions.

he report goes on to highlight some key Social Media confidence scams, like the Robin Sage experiment.  It also ties in the Seven Deadly Weaknesses and how cybercriminals exploit them so they can exploit their targets.  These weaknesses are Sex Appeal, Greed, Vanity, Trust, Sloth Compassion and Urgency.

Next up are the key vectors that cybercriminals exploit to gain a foothold in an organization or a persons data.  The obvious one cover is the unauthorized USB and Stuxnet.  Another vector Cisco covers is the Advanced Persistent Threat (APT).  At one time these were stealthy attacks designed to infiltrate and record information at length on an organization’s network.  

The trend Cisco is noticing are APTs morphing into highly directed attacks at individuals with a specific goal in mind, like Whaling or Spear Phishing.  Hackers do their research on a target, find the right individuals who hold the credentials they seek, then they target them with social engineering exploits via LinkedIn or Twitter.

Java and PDFs have been bumped to the top of the Dunce List for misbehaving applications.  Cybercriminals are favoring Java over PDFs, but both provide ample means to exploit.  One particular PDF zero day exploit involved a stolen digital certificate and a comprised PDF on supposed golf tips by David Leadbetter.  I’m sure you can draw your own conclusions on the target of that particular campaign.

Lame passwords by users is still a popular trend and according to Cisco is getting worse. The report recommends password generators and password protection software for users.

Mobile Platforms are rapidly on their way to becoming the target of choice for cyber-criminals.   Since Microsoft has gradually been getting its act together over the years, it is no longer the slowest hiker in the Bear Analogy.  This is drawing the hacker’s attention toward Apple and Android devices.  So expect a dramatic uptick in attacks toward these platforms especially now that you can pay for your latte with your iPhone.  That’s a smart idea, really.

Another trend that ties into the mobile device pile-on is mobile application vulnerabilities, especially on open source platforms.  I discussed this previously since it was written about in the Kapersky ThreatPost report.  Neither the iOS or Android devices are safe from the grim attention that is being paid by the cybercriminal community toward mobile applications.

With all these mobile vulnerabilities, it’s not hard to imagine that no one in the corporate IT hierarchy wants responsibility for managing and securing these devices.  The consumerization of the corporate environment is adding layers of complexity and infosec professionals are already saying they are stretched thin and not receiving senior leadership support on hard decisions.  

The Cisco report echoes this concern and states that with the smartphone penetration, vendors will hopefully follow RIM’s (BlackBerry) example of providing robust security tools to manage their devices.

This expected influx of mobile vulnerabilities ties into the last main topic discussed, Data Loss Prevention (DLP).  To address the consumerization of the corporate environment, organizations are looking to protect data on mobile devices via digital certificates or containerization.  This will be especially critical in healthcare and financial organizations due to the amount of regulatory penalties they face regarding data breaches.

As a final summation of the reports contents, Cisco states that “Cybercriminals in 2011 will be Compromising Trust, Cashing In and Carrying out More Complex Missions.”  So now go pay for your coffee with your smartphone and download some golf tips.

Cross-posted from Musings of a Corporate Consigliere

Possibly Related Articles:
17157
Enterprise Security
Cisco Social Engineering Cyber Crime report HBGary Federal
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.