Nadradený pojem:
Podradené pojmy:
Reconnaissance (Attacker Behavior)
Description
Attackers research, identify, and select their targets.
Web Attack Methods: “Short Tail” Threats Help Adversaries Lay the Groundwork for Campaigns
Reconnaissance is, of course, a foundational step for launching a cyber attack. In this phase, adversaries look for vulnerable Internet infrastructure or network weaknesses that will allow them to gain access to users’ computers and, ultimately, to infiltrate organizations.
Suspicious Windows binaries and potentially unwanted applications (PUAs)topped the list of web attack methods for 2016 by a significant margin (see Figure 2). Suspicious Windows binaries deliver threats such as spyware and adware. Malicious browser extensions are an example of PUAs.
Facebook scams, which include fake offers and media content along with survey scams, ranked third on our list. The continued prominence of Facebook scams on our annual and midyear lists of the most commonly observed malware highlights the foundational role of social engineering in many cyber attacks. Facebook has nearly 1.8 billion monthly active users worldwide.⁴ It is logical territory for cybercriminals and other actors looking to dupe users. One positive development is the company’s recent announcement that it is taking steps to eliminate fake news and hoaxes. Critics suggest such content may have influenced voters in the 2016 U.S. presidential election.⁵
Browser redirection malware rounded out the top five most commonly observed malware types for 2016. As discussed in the Cisco 2016 Midyear Cybersecurity Report,⁶ browser infections can expose users to malicious advertising (malvertising), which adversaries use to set up ransomware and other malware campaigns. Cisco threat researchers warn that malicious adware, which includes ad injectors, browser-settings hijackers, utilities, and downloaders, is a growing problem. In fact, we have identified adware infections in 75 percent of the companies we recently investigated as part of our research into the adware problem. (For more on this topic, see “Investigation Finds 75 Percent of Organizations Affected by Adware Infections,” page 23.)
Other malware types listed in Figure 3, such as browser JavaScript abuse malware and browser iFrame abuse malware, are also designed to facilitate browser infections. Trojans (droppers and downloaders) also appear among the top five most commonly observed malware types, which indicates that they remain popular tools for gaining initial access to users’ computers and to organizational networks.
Another trend to watch: consistently high use of malware that targets users of the Android operating platform. Android Trojans have been moving steadily up the short-tail list over the past 2 years. They ranked among the top 10 most commonly seen types of malware in 2016. Loki malware, which appears toward the very end of the short tail shown in Figure 2 (see previous page), is particularly troublesome because it can replicate and infect other files and programs.
Figure 3 helps to illustrate malware trends that Cisco threat researchers have observed since late 2015. It shows that adversaries have made a definite shift in the reconnaissance phase of web-based attacks. More threats now specifically seek vulnerable browsers and plugins. This shift corresponds with adversaries’ growing reliance on malvertising, as it becomes more difficult to exploit large numbers of users through traditional web attack vectors. (See the next section, “Web Attack Vectors: Flash Is Fading, but Users Must Remain Vigilant,” page 15.)
The message for individual users, security professionals and enterprises is clear: Making sure that browsers are secure, and disabling or removing unnecessary browser plugins, can go a long way toward preventing malware infections.
These infections can lead to more significant, disruptive, and costly attacks, such as ransomware campaigns. These simple steps can greatly reduce your exposure to common web-based threats and prevent adversaries from finding the operational space to carry out the next phase of the attack chain: weaponization.
Web Attack Methods: “Short Tail” Threats Help Adversaries Lay the Groundwork for Campaigns
Reconnaissance is, of course, a foundational step for launching a cyber attack. In this phase, adversaries look for vulnerable Internet infrastructure or network weaknesses that will allow them to gain access to users’ computers and, ultimately, to infiltrate organizations.
Suspicious Windows binaries and potentially unwanted applications (PUAs)topped the list of web attack methods for 2016 by a significant margin (see Figure 2). Suspicious Windows binaries deliver threats such as spyware and adware. Malicious browser extensions are an example of PUAs.
Facebook scams, which include fake offers and media content along with survey scams, ranked third on our list. The continued prominence of Facebook scams on our annual and midyear lists of the most commonly observed malware highlights the foundational role of social engineering in many cyber attacks. Facebook has nearly 1.8 billion monthly active users worldwide.⁴ It is logical territory for cybercriminals and other actors looking to dupe users. One positive development is the company’s recent announcement that it is taking steps to eliminate fake news and hoaxes. Critics suggest such content may have influenced voters in the 2016 U.S. presidential election.⁵
Browser redirection malware rounded out the top five most commonly observed malware types for 2016. As discussed in the Cisco 2016 Midyear Cybersecurity Report,⁶ browser infections can expose users to malicious advertising (malvertising), which adversaries use to set up ransomware and other malware campaigns. Cisco threat researchers warn that malicious adware, which includes ad injectors, browser-settings hijackers, utilities, and downloaders, is a growing problem. In fact, we have identified adware infections in 75 percent of the companies we recently investigated as part of our research into the adware problem. (For more on this topic, see “Investigation Finds 75 Percent of Organizations Affected by Adware Infections,” page 23.)
Other malware types listed in Figure 3, such as browser JavaScript abuse malware and browser iFrame abuse malware, are also designed to facilitate browser infections. Trojans (droppers and downloaders) also appear among the top five most commonly observed malware types, which indicates that they remain popular tools for gaining initial access to users’ computers and to organizational networks.
Another trend to watch: consistently high use of malware that targets users of the Android operating platform. Android Trojans have been moving steadily up the short-tail list over the past 2 years. They ranked among the top 10 most commonly seen types of malware in 2016. Loki malware, which appears toward the very end of the short tail shown in Figure 2 (see previous page), is particularly troublesome because it can replicate and infect other files and programs.
Figure 3 helps to illustrate malware trends that Cisco threat researchers have observed since late 2015. It shows that adversaries have made a definite shift in the reconnaissance phase of web-based attacks. More threats now specifically seek vulnerable browsers and plugins. This shift corresponds with adversaries’ growing reliance on malvertising, as it becomes more difficult to exploit large numbers of users through traditional web attack vectors. (See the next section, “Web Attack Vectors: Flash Is Fading, but Users Must Remain Vigilant,” page 15.)
The message for individual users, security professionals and enterprises is clear: Making sure that browsers are secure, and disabling or removing unnecessary browser plugins, can go a long way toward preventing malware infections.
These infections can lead to more significant, disruptive, and costly attacks, such as ransomware campaigns. These simple steps can greatly reduce your exposure to common web-based threats and prevent adversaries from finding the operational space to carry out the next phase of the attack chain: weaponization.
Importance
High
Links
Additional information
⁴ Facebook stats, September 2016: http://newsroom.fb.com/company-info/.
⁵ “Zuckerberg Vows to Weed Out Facebook ‘Fake News,’” by Jessica Guynn andKevin McCoy, USA Today, November 14, 2016:http://www.usatoday.com/story/tech/2016/11/13/zuckerberg-vows-weedout-facebook-fake-news/93770512/
⁶ Cisco 2016 Midyear Cybersecurity Report: http://www.cisco.com/c/m/en_us/offers/sc04/2016-midyear-cybersecurity-report/index.html.
⁵ “Zuckerberg Vows to Weed Out Facebook ‘Fake News,’” by Jessica Guynn andKevin McCoy, USA Today, November 14, 2016:http://www.usatoday.com/story/tech/2016/11/13/zuckerberg-vows-weedout-facebook-fake-news/93770512/
⁶ Cisco 2016 Midyear Cybersecurity Report: http://www.cisco.com/c/m/en_us/offers/sc04/2016-midyear-cybersecurity-report/index.html.