Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Finding in Cisco's Annual Security Report - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Finding in Cisco's Annual Security Report

The report highlight the fact that now "[...] the cybercrime network has become so mature, far-reaching, well-funded, and highly effective as a business operation that very little in the cybersecurity world can—or should—be trusted without verification."[1]

I don't think this is really a huge surprise. However, the report identifies three attack methods that are of concerns: 99% of all mobile malware in 2013 targeted Android devices, 91% of web exploit targeted Java and last is 64% of malware are Trojans.[2] Taking this into account, if you own an Android device, you need to be vigilant about the content you view or access. That doesn't exclude other mobile devices from being a target.

The attack surface is no longer limited to just PCs and servers but to any mobile devices. They have been growing in numbers at a rapid pace and need to be part of all enterprise security models. This change in the security landscape means securing a network is even more difficult now because the front door isn't just the Internet gateway your network is connected too. It now includes all the mobile devices accessing your network either via a wireless AP or directly attached via a USB cable or Bluetooth to a PC or laptop. If you want to take a look at the survey, it can be downloaded here (need to register). Now I encourage you to take part in our survey about What is going to trouble you the most in 2014?

[1] http://blogs.cisco.com/security/cisco-2014-annual-security-report-trust-still-has-a-fighting-chance
[2] http://www.cisco.com/web/offers/lp/2014-annual-security-report/preview.html
[3] http://www.cisco.com/web/offers/lp/2014-annual-security-report/index.html
-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Guy

414 Posts
ISC Handler
How ironic. Cisco needs to fix the Cisco Website. They have a lot of broken JAVA scripts and Flash Videos that do not work with Mozilla Firefox or Google Chrome.
Anonymous
Posts
Yes, and problems I had with their WebEx service turned out that they don't support TLS 1.2.
I had to downgrade my browser's general security before I could get their service to work.
dave

20 Posts Posts

Sign Up for Free or Log In to start participating in the conversation!