CertCities.com -- The Ultimate Site for Certified IT Professionals
Visit CertCities.com Forums and Ost Your Mind Share share | bookmark | e-mail
  Microsoft®
  Cisco®
  Security
  Oracle®
  A+/Network+"
  Linux/Unix
  More Certs
  Newsletters
  Salary Surveys
  Forums
  News
  Exam Reviews
  Tips
  Columns
  Features
  PopQuiz
  RSS Feeds
  Press Releases
  Contributors
  About Us
  Search
 

Advanced Search
  Free Newsletter
  Sign-up for the #1 Weekly IT
Certification News
and Advice.
Subscribe to CertCities.com Free Weekly E-mail Newsletter
CertCities.com

See What's New on
Redmondmag.com!

Cover Story: IE8: Behind the 8 Ball

Tech-Ed: Let's (Third) Party!

A Secure Leap into the Cloud

Windows Mobile's New Moves

SQL Speed Secrets


CertCities.com
Let us know what you
think! E-mail us at:



 
 
...Home ... Editorial ... News ..News Story Tuesday: December 28, 2010


Cisco Warns of Increasing Attack Sophistication


12/16/2008 -- Cisco Systems Inc. this week released the 2008 edition of its Cisco Annual Security Report, a summary of the state-of-the-art in network security, as well as a look at the threats ahead.

The report highlighted the increasing sophistication of Internet-based attacks, largely because cyber-criminals themselves are becoming increasingly sophisticated. Indeed, the Cisco report noted, there's a sense in which cyber-criminals are becoming professional and increasingly focused on profit-making -- as opposed to mischievous, malicious or destructive -- activities.

"Every year, we see threats evolve as criminals discover new ways to exploit people, networks and the Internet. This year's trends underscore how important it is to look at all basic elements of security policies and technologies," said Patrick Peterson, Cisco fellow and chief security researcher, in a statement that accompanied the report's release. "Organizations can lower their risk of data loss by fine-tuning access controls and patching known vulnerabilities to eliminate the ability for criminals to exploit holes in infrastructures. It is important to upgrade applications, endpoint systems and networking equipment to help ensure that corporate systems run smoothly and minimize risk."

The report singled out the threat posed by spam, which Cisco researchers said accounts for 200 billion messages -- or about 90 percent -- of daily e-mail traffic. The U.S. is the biggest overall producer of spam (generating more than 17 percent), followed by Turkey (9.2 percent), Russia (8 percent), Canada (4.7 percent), Brazil (4.1 percent), India (3.5 percent) and Poland (3.4 percent).

Cisco researchers also expect that targeted spear-phishing -- which today accounts for about 1 percent of all phishing attacks -- will become more prevalent, accelerated by a trend in which criminals personalized spam in an effort to make messages seem more credible. This jibes with research from Symantec subsidiary MessageLabs, which -- in its own year-end report -- highlighted an increase in direct targeting (via highly personalized spam) of businesses and organizations. Here as elsewhere, the goal is to pass a credibility threshold and entice a user into opening a malicious attachment or visiting a malicious Web site. To that end, the e-mail messages used in such attacks contain content that might reasonably be relevant to their intended recipients.

The report also focuses on botnets, which Cisco said have "become a nexus of criminal activity on the Internet." In 2008, especially, botnets (and, by implication, their operators) got more sophisticated, using a new kind of "IFrame" attack to inject malicious code into legitimate Web sites. Legitimate traffic is then redirected to illegitimate sites, where -- more often than not -- users are tricked into downloading malware.

Elsewhere, Cisco researchers singled out an increase in the use of social engineering (similar to targeted spam attacks that try to pass themselves off as legitimate) to trick users into opening files or visiting malicious Web links. This practice will continue to grow, according to Cisco, which warned that in 2009, "social engineering techniques will increase in number, vectors and sophistication."

Another intriguing social engineering-like attack is "reputation hijacking," where criminals use real e-mail accounts -- typically created with established Web mail providers -- to send spam. "'[R]eputation hijacking' offers increased deliverability because it makes spam harder to detect and block," the report noted, adding that in 2008 (per Cisco's own estimates) such traffic accounted for less than 1 percent of all spam worldwide but comprised 7.6 percent of all e-mail traffic carried by the top three Web mail providers. --Stephen Swoyer



Current CertCities.com user Comments for “Cisco Warns of Increasing Attack Sophistication

There are no comments yet. Post one now.

Your comment about: “Cisco Warns of Increasing Attack Sophistication”
Name: (optional)
Location: (optional)
E-mail Address: (optional)
Comment:
   

-- advertisement (story continued below) --

top