Security Experts:

Over 90% of Enterprises Exposed to Man-in-the-Browser Attacks: Cisco

Cisco released on Tuesday its Midyear Security Report which analyzes threat intelligence and cybersecurity trends for the first half of 2014.

After analyzing malicious traffic from its customers' networks, the company determined that roughly 94 percent of them have issued DNS requests to hostnames with IP addresses associated with the distribution of malware that incorporates man-in-the-browser (MitB) functionality, such as Zeus, Palevo and SpyEye.

Cisco LogoAs part of its Inside Out project, in which researchers examine DNS lookups originating from inside corporate networks, Cisco has found that close to 70 percent of its customers have issued DNS queries for Dynamic DNS (DDNS) domains. DDNS is a legitimate technology, but just like many others, it can be abused by cybercriminals. While this traffic doesn't necessarily mean that the organizations' systems have been compromised, it could indicate botnet activity.

The good news is that some of Cisco's findings are positive. Several exploit kits have been trying to fill the gap left by Blackhole after its creator was arrested last year. However, none of them appear to be as appealing as Blackhole was. Moreover, the number of exploit kits has decreased by 87 perecent since the arrest of Paunch.

When stealing information from an enterprise network, cybercriminals often use encrypted channel services like IP Security (IPsec) VPN, Secure Sockets Layer (SSL) VPN, Secure Shell (SSH) Protocol, Simple File Transfer Protocol (SFTP), FTP, and FTP Secure (FTPS). Roughly 44% of customer networks monitored by Cisco have been identified as issuing DNS requests for sites and domains associated with such services.

The company has also examined vulnerabilities. Of the 2,528 new vulnerabilities analyzed between January 1 and June 30, only 28 were actively exploited shortly after Cisco published reports for them. While Java continues to be the most exploited piece of software, cybercriminals are also targeting Adobe Flash, WordPress, Internet Explorer, Word and Apache Struts.

Media and publishing, pharmaceutical and chemical, and aviation have been the sectors with the highest malware encounter rates. Interestingly, in the North America, Central America, and Latin America (AMER) region, the aviation industry outpaced other sectors, web malware encounter risk data from Cisco shows.

"Many companies are innovating their future using the Internet. To succeed in this rapidly emerging environment, executive leadership needs to embrace and manage, in business terms, the associated cyber risks," said John N. Stewart, senior vice president and chief security officer at Cisco.

"Analyzing and understanding weaknesses within the security chain rests largely upon the ability of individual organizations, and industry, to create awareness about cyber risk at the most senior levels, including Boards – making cybersecurity a business process, not about technology. To cover the entire attack continuum – before, during, and after an attack – organizations today must operate security solutions that operate everywhere a threat can manifest itself."

The complete Cisco Midyear Security Report is available online in PDF format.

Related: Do You Know What your DNS Resolver is Doing Right Now?

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.