Connect with us

Hi, what are you looking for?


Malware & Threats

Over 90% of Enterprises Exposed to Man-in-the-Browser Attacks: Cisco

Cisco released on Tuesday its Midyear Security Report which analyzes threat intelligence and cybersecurity trends for the first half of 2014.

Cisco released on Tuesday its Midyear Security Report which analyzes threat intelligence and cybersecurity trends for the first half of 2014.

After analyzing malicious traffic from its customers’ networks, the company determined that roughly 94 percent of them have issued DNS requests to hostnames with IP addresses associated with the distribution of malware that incorporates man-in-the-browser (MitB) functionality, such as Zeus, Palevo and SpyEye.

Cisco LogoAs part of its Inside Out project, in which researchers examine DNS lookups originating from inside corporate networks, Cisco has found that close to 70 percent of its customers have issued DNS queries for Dynamic DNS (DDNS) domains. DDNS is a legitimate technology, but just like many others, it can be abused by cybercriminals. While this traffic doesn’t necessarily mean that the organizations’ systems have been compromised, it could indicate botnet activity.

The good news is that some of Cisco’s findings are positive. Several exploit kits have been trying to fill the gap left by Blackhole after its creator was arrested last year. However, none of them appear to be as appealing as Blackhole was. Moreover, the number of exploit kits has decreased by 87 perecent since the arrest of Paunch.

When stealing information from an enterprise network, cybercriminals often use encrypted channel services like IP Security (IPsec) VPN, Secure Sockets Layer (SSL) VPN, Secure Shell (SSH) Protocol, Simple File Transfer Protocol (SFTP), FTP, and FTP Secure (FTPS). Roughly 44% of customer networks monitored by Cisco have been identified as issuing DNS requests for sites and domains associated with such services.

The company has also examined vulnerabilities. Of the 2,528 new vulnerabilities analyzed between January 1 and June 30, only 28 were actively exploited shortly after Cisco published reports for them. While Java continues to be the most exploited piece of software, cybercriminals are also targeting Adobe Flash, WordPress, Internet Explorer, Word and Apache Struts.

Media and publishing, pharmaceutical and chemical, and aviation have been the sectors with the highest malware encounter rates. Interestingly, in the North America, Central America, and Latin America (AMER) region, the aviation industry outpaced other sectors, web malware encounter risk data from Cisco shows.

“Many companies are innovating their future using the Internet. To succeed in this rapidly emerging environment, executive leadership needs to embrace and manage, in business terms, the associated cyber risks,” said John N. Stewart, senior vice president and chief security officer at Cisco.

Advertisement. Scroll to continue reading.

“Analyzing and understanding weaknesses within the security chain rests largely upon the ability of individual organizations, and industry, to create awareness about cyber risk at the most senior levels, including Boards – making cybersecurity a business process, not about technology. To cover the entire attack continuum – before, during, and after an attack – organizations today must operate security solutions that operate everywhere a threat can manifest itself.”

The complete Cisco Midyear Security Report is available online in PDF format.

Related: Do You Know What your DNS Resolver is Doing Right Now?

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.