Credit: Cisco Security Research
Spam is making a surprising resurgence as a threat to corporate security and becoming a more significant carrier of attacks as varied as spear phishing, ransomware and bots, according to Cisco's 2017 Annual Cybersecurity Report.
The company's 10th such report says spam is way up. It accounts for 65% of all corporate email among customers who opted in to let the company gather data via telemetry in Cisco gear.
Whereas spam had been knocked down as a threat in 2010 and kept at relatively low levels through 2015, it made a surge in 2016. In 2010, Cisco recorded 5,000 spam messages being sent per second. That number stayed generally below 1,500 for the next five years, spiking to about 2,000 briefly in 2014. But in 2016 it leaped to more than 3,000.
That attack vector is increasing in scope and that is something CISOs should pay attention to, Cisco says. "I should start to double-check my security technologies that are supposed to be intercepting and monitoring for that particular attack vector," says Franc Artes, an architect for Cisco's security business group.
The problem is that 8% of that spam is malicious, but with the total volume roughly tripling over the course of 2016, that 8% represents a significant increase in total attempts. That's something that might fly under the radar of CISOs unless they look for it or CIOs point it out, he says.
When end users fall for these attempts and click on a malicious link or attachment, "It almost always works on the workstation because the end user is executing the binary," Antes says. Clicking on attachments or links can turn those endpoints into bots nearly instantaneously, he says, or could lead to ransomware infections.
Adware and other threats
Another growing problem is adware, whose primary purpose is to display ads on Web pages or pop-ups to the benefit of advertisers. In the hands of malicious actors, though, they can carry malicious payloads that change settings in browsers and operating systems, undermine security products and even gain full control of the host. So rather than being an annoyance, adware is a threat. "Which means the focus is going to have to come onto adware from the corporate side to defend whereas historically it was more of a nuisance," Antes says.
The report looked at adware in 130 organizations distributed across vertical industries for a year and found that 75% had adware infections.
On the upside, Adobe Flash is declining as an attack vector because of heightened awareness of its vulnerabilities and because even Adobe is urging sites to move to HTML5.
There's been some progress in combating exploit kits, but that is more a game of whack-a-mole. Last year's leading kits were Angler, Nuclear and Neutrino, which, for a variety of reasons, dramatically declined in use or disappeared entirely. But look for the growth of newer exploit kits such as Sundown, Sweet Orange, and Magnitude as they replace last year's leaders, the report says.
Sign up for CIO Asia eNewsletters.