All Companies Host Malware: Report

Friday, April 25, 2014 @ 03:04 PM gHale

All companies are hosting malware of some kind, a new survey found.

One hundred percent of companies end up calling malicious malware hosts, according to Cisco’s 2014 Annual Security Report. Cisco also believes that the length of time that such activity persists means network penetrations end up undetected.

Users Breaching Security Policies
Execs Not Seeing All Security Facts: Report
9 Attacks Cause 92% of incidents: Report
DDoS Techniques Changing

Java is the leader of endpoint vulnerabilities, Cisco said, with far more exploits than either Flash or PDF: 91 percent of the live endpoint exploits detected by the Sourcefire FireAMP system attacked Java. Adobe Reader only managed 3 percent of detections (equal to Excel), with Word exploits at 2 percent and PowerPoint exploits at 1 percent.

Mobile malware is an emerging but still small part of the threat market, with Cisco saying it made up just 1.2 percent of the Web malware encounters it recorded. Android is far and away the most popular target at 99 percent of the attacks. Spyware and adware are emerging as Android threats, the report said.

Cisco said companies can expect distributed denial of service (DDoS) campaigns to last longer, with the company’s CSO John Stewart quoted in the report as saying we should “expect future campaigns to be even more extensive and to last for extended periods.” As an added twist, DDoS campaigns act as a diversion for other attacks such as fraud.

All of this, the report said, will end up exacerbated by an ever-more acute skills shortage in the security industry.

Below are key findings from the Cisco 2014 Annual Security Report:
Attacks against infrastructure are targeting significant resources across the Internet.
• Malicious exploits are gaining access to web hosting servers, nameservers, and data centers. This suggests the forming of überbots that seek high-reputation and resource-rich assets.
• Buffer errors are a leading threat, at 21 percent of the Common Weakness Enumeration (CWE) threat categories.
• Malware encounters are shifting toward electronics manufacturing and the agriculture and mining industries at about six times the average encounter rate across industry verticals.

Malicious actors are using trusted applications to exploit gaps in perimeter security.
• Spam continues its downward trend, although the proportion of maliciously intended spam remains constant.
• Java comprises 91 percent of web exploits; 76 percent of companies using Cisco Web Security services are running Java 6, an end-of-life, unsupported version.
• “Watering hole” attacks are targeting specific industry-related websites to deliver malware.

Investigations of multinational companies show evidence of internal compromise. Suspicious traffic is emanating from their networks and attempting to connect to questionable sites (100 percent of companies are calling malicious malware hosts).
• Indicators of compromise suggest network penetrations may be undetected over long periods.
• Threat alerts grew 14 percent year over year; new alerts (not updated alerts) are on the rise.
• 99 percent of all mobile malware in 2013 targeted Android devices. Android users also have the highest encounter rate (71 percent) with all forms of web-delivered malware.

Cisco plays a critical role in evaluating threats, given the prevalence of its solutions and the breadth of its security intelligence:
• 16 billion web requests are inspected every day through Cisco Cloud Web Security
• 93 billion emails are inspected every day by Cisco’s hosted email solution
• 200,000 IP addresses are evaluated daily
• 400,000 malware samples are evaluated daily
• 33 million endpoint files are evaluated every day by FireAMP
• 28 million network connects are evaluated every day by FireAMP

This results in the following threats being detected by Cisco:
• 4.5 billion emails are blocked every day
• 80 million web requests are blocked every day
• 6450 endpoint file detections occur every day in FireAMP
• 3186 endpoint network detections occur every day in FireAMP
• 50,000 network intrusions are detected every

Click here to download the full report.