Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

More than half of all OpenSSL remain vulnerable to Heartbleed: Cisco

Brian Karlovsky | Jan. 22, 2015
More than half of all OpenSSL versions still remain vulnerable to the Heartbleed bug, according to the Cisco 2015 annual the security report.

More than half of all OpenSSL versions still remain vulnerable to the Heartbleed bug, according to the Cisco 2015 annual the security report.

Heartbleed, the dangerous security flaw, critically exposes OpenSSL.

Yet 56 per cent of all OpenSSLversions are older than 50 months and are therefore still vulnerable.

This is a strong indicator that security teams are not patching.

The report, which examines both threat intelligence and cybersecurity trends, reveals that organisations must adopt an 'all hands on deck' approach to defend against cyber attacks.

It found attackers had become more proficient at taking advantage of gaps in security to evade detection and conceal malicious activity.

It warned defenders, namely, security teams, to constantly improve their approach to protect their organisation from increasingly sophisticated cyber attack campaigns.

These issues are further complicated by the geopolitical motivations of the attackers and conflicting requirements imposed by local laws with respect to data sovereignty, data localisation and encryption, according to the report

It revealed a 280 per cent increase in Silverlight attacks along with a 250 per cent increase in spam and malvertising.

Snowshoe spam, which involves sending low volumes of spam from a large set of IP addresses to avoid detection, is also an emerging threat

However, Java exploits have decreased by 34 per cent, as Java security improves and adversaries move to embrace new attack vectors.

Users' careless behavior when using the Internet, combined with targeted campaigns by adversaries, places many industry verticals at higher risk of web malware exposure.

In 2014, the pharmaceutical and chemical industry emerged as the number-one highest-risk vertical for web malware exposure.

This has led company executive to take not, with 91 per cent of respondents from companies with sophisticated security strongly agreeing that company executives considered security a high priority.

The report also found Widely used exploit kits were being quickly dismantled by security companies.

As a result, online criminals are using other less common kits to successfully carry out their tactics — a sustainable business model as it does not attract too much attention.

Flash and JavaScript have historically been insecure on their own, but with advances in security detection and defences, attackers have adapted by deploying exploits which combine their respective weaknesses.

Sharing exploits over two different files — Flash and JavaScript — can make it more difficult for security devices to identify and block the exploit and to analyse it with reverse engineering tools. Cisco chief security and trust officer, John N. Stewart, said security needed an all hands on deck approach, where everybody contributes, from the board room to individual users.

"We used to worry about DoS, now we also worry about data destruction," he said.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.