Malware Attack Would Increase in 2018, Says Report

According to a recent research report, malware attacks would be on the rise in 2018. It’s the 2018 Annual Cybersecurity Report that comes up with this inference, among many other inferences…

The Cisco 2018 Annual Cybersecurity Report, which has been released on February 21, provides us with security industry data and also includes analysis and insights about attacker behavior over the past one year. The Guardian reports- “Cisco, in its yearly, Cyber Security Report 2018, urged defenders to prepare to face new, self-propagating, network-based threats in the year…Cisco stressed that adversaries are taking malware to unprecedented levels of sophistication and impact. It pointed out that the growing number and variety of malware types and families perpetuate chaos in the attack landscape by undermining defenders’ efforts to gain and hold ground on threats.”

A press release by Cisco says- “Malware sophistication is increasing as adversaries begin to weaponize cloud services and evade detection through encryption, used as a tool to conceal command-and-control activity. To reduce adversaries’ time to operate, security professionals said they will increasingly leverage and spend more on tools that use AI and machine learning, reported in the 11th Cisco® 2018 Annual Cybersecurity Report (ACR)…While encryption is meant to enhance security, the expanded volume of encrypted web traffic (50 percent as of October 2017) — both legitimate and malicious — has created more challenges for defenders trying to identify and monitor potential threats. Cisco threat researchers observed more than a threefold increase in encrypted network communication used by inspected malware samples over a 12-month period.”

The Cisco report points out that attackers are likely to make malware more potent by blending it with “worm-like” functionality, thereby causing widespread damage. There is also the hint that this kind of a malware evolution was rather swift.

John N. Stewart, Senior Vice President who leads Cisco’s Security and Trust Organization, has authored a blog on the report. The blog post says- “This year’s report findings show a maturing, more sophisticated tradecraft by attackers. Case in point: adversaries are increasingly embracing encryption – meant to enhance security – to conceal command-and-control activity. Our threat research team reports that 50 percent of global web traffic was encrypted as of October 2017, a 12 percent volume increase from November 2016. We also observed a more than threefold increase in encrypted network communication used by inspected malware samples during that time. As the volume of encrypted global web traffic grows, adversaries are broadening their use of encryption as a way to mask command-and-control activity, providing them more time to operate and inflict damage sight-unseen.”

As per the Cisco report, 2017 also saw as one of the most significant threat developments, the evolution of the ransomware. The attackers have almost eliminated the need for human interaction in ransomware campaigns by introducing network-based ransomware worms. Moreover, ransomware criminals today, instead of going for ransom, use ransomware to destroy systems, operations and data.

The Cisco 2018 Annual Cybersecurity Report also points out that security leaders today use
automation, machine learning, and AI (Artificial Intelligence) to defend threats. The report also makes some other interesting observations. It points out that the financial cost of cyber attacks is no longer a hypothetical number; over 50 percent of attacks cause damages costing over US$500,000. It also points out that supply chain attacks are increasing in their complexity and velocity, and that security is today getting more complex.

The report also contains recommendations for defenders. The Guardian report says- “The report had in it some recommendations for defenders, including to confirm that they adhere to corporate policies and practices for application, system, and appliance patching; and access timely, accurate threat intelligence data and processes that allow for that data to be incorporated into security monitoring…They are also to back up data often and test restoration procedures, processes that are critical in a world of fast-moving, network-based ransomware worms and destructive cyber weapons, among others.”