Network security is big business for Cisco, and each year the company provides updates on potential new threats and the evolution of existing security loopholes. Cisco’s annual security report this year highlights three trends, and also offers insight on the changing nature of countermeasures.
Snowshoe spam, new Web exploits and threats that leverage weaknesses in JavaScript and Flash are the three top threats identified this year.
Snowshoe spam refers to the diffusion of attacks over hundreds of thousands of IP addresses. A large number of servers send malware to targets, and attackers try to make sure that no one server sends enough spam to attract attention.
“A simplistic security device that’s looking for a spam guy will only see two or three e-mails sent from each IP address,” explained Craig Williams, security outreach officer at Cisco, adding that Cisco has developed more sophisticated tools for detecting snowshoe spam.
“We’re not seeing innovation just by sophisticated attackers anymore,” said Williams. “We’re seeing just about anyone have the ability to take what’s typically a standard attack and start improving upon it. We’ve seen spammers find ways to make their spam more efficient.”
New Web exploit kits are another emerging threat. Cisco says that hackers are finding new kits as security experts learn to dismantle traditional exploit kits.
“We see a drastic drop in the rate of Java exploitations, so it’s a great example of secure development practices working,” said Williams. But he added that hackers are now turning their attention to Silverlight, a Microsoft video playback library used by a large number of websites worldwide.
Flash and JavaScript vulnerabilities are the third key trend. Both are historically insecure, according to Cisco, but combining the weakest of the two parts can lead to new threats. Flash malware can now interact with JavaScript to hide malicious activity by sharing an exploit between two different files: one Flash, one JavaScript. This type of blended attack is considered very hard to detect.
“Malvertising” and the mobile threat
Malvertising refers to the insertion of malicious code into fake online ads, and Cisco has seen a surge in this activity. Williams said that some corporate network security measures effectively block this code, but users may be vulnerable on their mobile devices.
“This is particularly insidious for people who take their devices home,” said Williams. “Maybe someone will send me a link to a website with news on it and I will go there … and when I do that I am going to see ads for that company if I’m not running an ad blocker.”
Collective immunity
“Every time we find one of these issues we’re fixing it and it’s getting better,” said Williams. “The reality is when something is announced publicly it doesn’t mean it wasn’t there before, it just means no one knew about it. So I do have the optimistic view that as we fix these bugs … we are all getting safer as a result.”
“There are more people looking for bugs and ways to attack now than probably ever,” said Williams. “But the reality is there are also more good guys out there now looking for ways to stop them. … We almost have what’s called a collective immunity where we collect different samples of malware, different pieces of spam, different phishing e-mails, and we basically look for patterns and things we can use to group them together to help build more robust security devices.”
Not surprisingly, Cisco is advocating for more corporate emphasis on network security, encouraging companies to make it a board-level priority. In addition, the networking giant is calling for a paradigm shift in the way organizations view security. Williams wants companies to engage employees and educate them about threats because he firmly believes that security measures cannot succeed unless users understand what’s at stake and how they become vulnerable.
Follow me on Twitter.