A new type of security threat — “destruction of service” (DeOS) attacks, which could eliminate backups of enterprises could cause way more damage to businesses than ransomware, says Cisco.
‘Cisco’s 2017 Midyear Cybersecurity Report’ said the Internet of Things (IoT) increases attack surfaces and the potential scale and impact of these threats. DeOS attacks’ “aim is not just to attack, but to destroy in a way that prevents defenders from restoring systems and data,” writes David Ulevitch, SVP and GM of Cisco’s security business, in a blog post.
The report notes an increase in spam volumes, in which attackers use email to distribute malware and generate revenue. This coincides with a decline in exploit kit activity since mid 2016.
Cisco researchers sampled 300 companies over a four-month period and found that three prevalent spyware families (Hola, RelevantKnowledge, and DNSChanger/DNS Unlocker) infected 20 per cent. On a monthly basis, these three infected more than 25 per cent of all organisations.
Between October 2013 and December 2016, US $5.3 billion — or an average of $1.7 billion per year — was stolen via BEC, according to the Internet Crime Complaint Center, a partnership of the Federal Bureau of Investigation, the U.S. Department of Justice, and the National White Collar Crime Center.
The report also focused on select verticals, including service providers. The convergence between Information Technology (IT) and operational technology around the IoT is driving significant security challenges. Cisco has seen some case studies of malware moving from IT networks to OT networks, which often control things like critical infrastructure.