Exploit Kits Disappearing as Cloud and Mobile Security Challenges Grow

Cisco released its 2017 Midyear Cybersecurity Report on July 20, revealing trends old and new about the state of threats impacting organizations around the world. A number of those trends are positive ones, including the decline of exploit kits in 2017 as the Nuclear and Angler kits have begun to fade away. The time to detection of new threats is also continuing to improve; the median time between compromise and detection of a threat was approximately 3.5 hours for the period from November 2016 to May 2017, compared with 39.2 hours for November 2015. In this slide show, eWEEK takes a look at some of the highlights of the Cisco 2017 Midyear Cybersecurity Report.

Exploit kit attacks have been declining at a rapid rate according to Cisco, with the Angler and Nuclear exploit kits largely ceasing operations.

Although malware can be delivered in many ways with different file extensions, the .zip file extension remains the most popular.

Cisco defines the time-to-detection (TTD) metric as the window of time between a compromise and the detection of a threat. TTD has been improving over time, with a median time of approximately 3.5 hours for the period from November 2016 to May 2017, compared with 39.2 hours for November 2015.

While vulnerabilities continue to be found in server, endpoint and networking components, Cisco reported that more are found in servers than anywhere else.

The most common type of coding error that criminals exploit are buffer errors that enable attacks to abuse memory to exploit running processes and applications.

Memcached is a widely deployed memory object caching system used on databases and servers. Cisco’s research revealed that a large percentage (79) of memcached servers are vulnerable to attack due to authentication issues.

Many breaches are the result of privileged account abuse. Cisco’s research reveals that most organizations have limited needs for privileged accounts and can remove up to 75 percent of privileges from administrative accounts with little or no business impact.

Sixty-six percent of organizations that Cisco surveyed admitted to using six or more security vendors or products to help protect their organizations.

Cyber-attacks have a financial impact on business. Cisco found that 34 percent of service providers reported revenue losses due to cyber-attacks in the past year.

In the survey, Cisco asked security professionals about challenges they face, and 59 percent reported that cloud infrastructure and mobile devices are among the most challenging to defend against attacks.