Security Advisor

Cisco Security Report Highlights Enterprise Weak Links

The study took a look at 16 multinational enterprises in the first half of 2014 to map out what the top trouble areas for IT are.

Do you know what your weak links are? That question was used by Cisco this week to highlight the theme of the company's recently released Cisco 2014 Midyear Security Report.

The report, which was released this week at the annual Black Hat U.S. conference in Las Vegas, covered some of the major holes enterprises have had to grapple with in the first half of this year.

"Weak links can take many forms: outdated software, poorly written code, an abandoned website, developer errors, a user who blindly trusts," read the report. "Adversaries are committed to finding these weak links, one and all, and using them to their full advantage."

Major Weak Links
After studying 16 multinational organizations for the first six months of the year, three major weak leak trends were discovered that are leaving enterprises vulnerable to malicious online traffic.

The first is a significant increase for man-in-the-browser (MiTB) attacks. Found in infamous malware family that includes Palevo, Zeus and SpyEye, MiTB attacks use botnets spread through instant messaging programs, removable drives and peer-to-peer networks to steal information and pull off DDoS actions. According to the report, 93.75 percent of all networks studied had traffic going to Web sites that hosted malware connected to the three families mentioned above.

The second weak link area Cisco is sounding the warning alarm about is the increased numbers of studied networks issuing DNS queries for Dynamic DNS Domains. "Nearly70 percent (66.67 percent) of customer network sample queries observed in 2014 as part of this 'Inside Out' project have been identified as issuing DNS queries for DDNS," read the report. While Cisco points out that this doesn't mean that every case seen was due to malware, an increase in DDNS traffic means that IT would be wise to keep an eye out on which requests are coming from nefarious source and which requests are legitimate.

Finally, enterprises should be on guard in an increase of malware that are using encrypted communication channels to hide its activities. Cisco witnessed 43.75 percent of customer networks receiving DNS requests from unknown sites asking for connections based off of IPsec VPN, SSL VPN, SSH, SFTP, FTP, and FTPS protocols. If connected, it may be near impossible to figure out exactly which data had been transmitted and where it's headed.

Silver Lining
The news isn't all bad for the first half of 2014. Cisco's report found a significant decrease in exploit kit activity, down 87 percent. The sharp downturn can be attributed to the high-profile takedown of the creators and operators of the widely used Blackhole kit. This created a vacuum in the exploit kit scene that no other substitute has been able to fill.

"When Paunch and Blackhole were put out of commission by the authorities, adversaries turned their attention to new exploit kits," read the report. "There were many contenders in the first half of 2014 vying for the top spot, according to Cisco security researchers; however, a clear leader has yet to emerge."

And what reads to be a mixed bag of good and bad news, the trend of decreasing spam volume has come to an end in 2014, up 210 percent at the end of May compared to the beginning of January, and have reached 200 billion messages per month. While worldwide spam is up, the first half of the year did see major declines in spam numbers in some countries, including the United States, Russia and China.

About the Author

Chris Paoli is the site producer for and


  • Gears

    Top 10 Microsoft Tips and Analyses of 2018

    Here are the year's most popular explainers and how-to columns -- along with some plain, old "Why did Microsoft do that?" musings thrown in.

  • Sign

    2018 Microsoft Predictions Revisited

    From guessing the fate of Windows 10 S to predicting Microsoft's next big move with Linux, Brien's predictions from a year ago were on the mark more than they weren't.

  • Microsoft Recaps Delivery Optimization Bandwidth Controls for Organizations

    Microsoft expects organizations using its Delivery Optimization peer-to-peer update scheme will optimally see 60 percent to 70 percent improvements in terms of network bandwidth use.

  • Getting a Handle on Hyper-V Virtual NICs

    Hyper-V usually makes it easy to configure virtual network adapters within VMs. That is, until you need to create a VM containing multiple virtual NICs.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.