Malware sophistication is increasing as adversaries begin to weaponize cloud services and evade detection through encryption, which is being used as a tool to conceal command-and-control activity.
That’s according to the Cisco 2018 Annual Cybersecurity Report (ACR). It also found that while encryption is meant to enhance security, the expanded volume of encrypted web traffic (50% as of October 2017) – both legitimate and malicious – has created more challenges for defenders trying to identify and monitor potential threats. Cisco threat researchers observed more than a threefold increase in encrypted network communication used by inspected malware samples over a 12-month period.
“Last year’s evolution of malware demonstrates that our adversaries continue to learn,” said John Stewart, senior vice president and chief security and trust officer at Cisco. “We have to raise the bar now – top-down leadership, business-led technology investments and practice effective security – there is too much risk, and it is up to us to reduce it.”
The defense side isn’t sitting still, either. To reduce the time that adversaries have to operate, security professionals said they are increasingly leveraging and spending more on tools that use AI and machine learning. Applying machine learning can help enhance network security defenses and, over time, “learn” how to automatically detect unusual patterns in encrypted web traffic, cloud and IoT environments.
However, some of the 3,600 CISOs interviewed for the report said they were reliant and eager to add tools like machine learning and AI but were frustrated by the number of false positives such systems generate.
Security professionals also said that they see value in behavioral analytics tools in locating malicious actors in networks. A full 92% of security professionals said behavioral analytics tools work well. Two-thirds of the healthcare sector, followed by financial services, found behavior analytics to work extremely well to identify malicious actors.
The report noted that defenders are implementing a complex mix of products from a cross-section of vendors to protect against breaches. This complexity and growth in breaches has many downstream effects on an organization’s ability to defend against attacks, such as increased risk of losses. In 2017, 25% of security professionals said they used products from 11 to 20 vendors, compared with 18% of security professionals in 2016. Security professionals also said 32% of breaches affected more than half of their systems, compared with 15% in 2016.
Meanwhile, the financial cost of attacks is no longer a hypothetical number: More than half of all attacks resulted in financial damages of more than half a million dollars, including, but not limited to, lost revenue, customers, opportunities and out-of-pocket costs.
The use of cloud is growing too, and the report suggests that attackers are taking advantage of this. In this year’s study, 27% of security professionals said they are using off-premises private clouds, compared with 20% in 2016. Among them, 57% said they host networks in the cloud because of better data security, 48% because of scalability and 46% because of ease of use.
While cloud offers better data security, attackers are taking advantage of the fact that security teams are having difficulty defending evolving and expanding cloud environments. The combination of best practices, advanced security technologies like machine learning and first-line-of-defense tools like cloud security platforms can help protect this environment.
Erik Westhovens, enterprise architect at Insight, believes that its findings reveal the importance of both detection technology and employee education to organizations looking to combat the ever-evolving cybersecurity threat.
"What’s clear from Cisco’s latest research is that the cybersecurity environment is moving at an unprecedented speed, with malignant actors and defenders engaged in an arms race that would make Cold War strategists blush,” he said. “The past few months has seen the focus shift once again, from ransomware to malware, resulting in new requirements for defending against cyber-attacks…[and] the inventiveness of cyber-attackers means that the threat is always evolving.”
He added that while AI and machine learning are key to detecting novel methods quickly and finding ways to contain and neutralize them, “people should remain the first line of any cyber-defense strategy. Consider the modern flexible employee – accessing company information on the move and working with sensitive data every day, regardless of job function. Because malware frequently takes advantage of employee's ignorance, organizations need to focus their security strategy both on detection technology and on educating their workforce on how to avoid becoming an easy route in."