General security

Cisco 2017 Cyber Security Report

May 1, 2017 by Irfan Shakeel

Attackers are Paying Close Attention to Technology Trends to Evolve their Attacking Strategies

It is not surprising to consider the fact that whenever a person holds some valuable information, there are always some criminals looking to steal that information for financial gain or revenge. Before the internet, attackers had to dig through people’s files or intercept their emails to accessing their personal information. As everything is connected through the Internet, all information is available online. The attacker also uses the Internet to steal identities and trick people into revealing their information.

Adversaries have a vast and varied portfolio of techniques for gaining access to organizational resources and for attaining unconstrained time to operate. Their strategies cover all the basics and include:

  • Taking advantage of lapses in patching and updating
  • Luring users into socially engineered traps
  • Injecting malware into supposedly legitimate online content such as advertising

They have many other capabilities, as well, from exploiting middleware vulnerabilities to dropping malicious spam. Moreover, once they have achieved their goals, they can quickly and quietly shut down their operations. The explosive growth in Internet traffic—driven largely by faster mobile speeds and the proliferation of online devices—works in their favor by helping to expand the attack surface.

The Cisco 2017 Security Capabilities Benchmark Study found that more than one-third of organizations that have been subject to an attack lost 20 percent of revenue or more. Forty-nine percent of the respondents said their business had faced public scrutiny due to a security breach.

Most of the organizations were having more than five automated security solutions that are more than enough to defend organization’s network infrastructure. Increasing the number of a security layer is a good practice, but, adding more security talent can help more, of course. With more experts on board, the logic goes, the better the organization’s ability to manage technology and deliver better outcomes.

The Expansion of the Attack Surface:

Security professionals who participated in Cisco’s security survey cited cloud infrastructure, mobile device, and user behavior and insider threat as top sources of concern when they think about their organization’s risk of exposure to a cyber attack.

This is reasonable: The proliferation of mobile devices creates more endpoints to protect. The cloud is expanding the security perimeter. Moreover, users are, and always will be, a weak link in the security chain. Moreover, the threat is not stopping here; a whole new generation of threat is rising in the form of Internet of Things where the attack surface will only expand and giving adversaries more space to operate.

Also, in a white paper, Cisco predicted that the volume of global Internet traffic in 2020 will be 95 times as great as it was in 2005.

Steps to Successful Cyber Attack:

To conduct a successful cyber attack, the attacker team prepares a strategy that involves target intelligence, attack parameter, delivering and deploying.

  1. Reconnaissance

In the phase of reconnaissance the attacker researches, identifies, and select their targets. Reconnaissance is the fundamental step in launching a cyber attack. Attackers hunt for vulnerable Internet infrastructure or network weaknesses that will allow them to gain access to users’ computers and, ultimately, to infiltrate organizations.

Suspicious Windows binaries and potentially unwanted applications (PUAs) topped the list of web attack methods in 2016 by a significant margin. Whereas, Facebook scams, which include fake offers and media content along with survey scams, ranked third in the list.

According to Cisco 2016 Midyear Cyber Security Report, malicious adware, which includes ad injectors, browser settings hijackers, utilities, and Downloader, is a growing problem. In fact, around 75% of the companies investigated were affected by Adware infections.


Weaponization is the phase in which attacker prepares a payload to exploit the system. The process of preparation of payload as per identified weakness in the system is an essential step towards attack success.

Adobe Flash has long been an attractive web attack vector for adversaries who want to exploit and compromise systems. However, as the amount of Adobe Flash content on the web continues to decline— and awareness about Flash vulnerabilities grows—it is becoming more difficult for cybercriminals to exploit users at the scale they once enjoyed.

To defeat attackers to trick you and infect your system, Individual users, enterprises, and security professionals must be aware of such potential tricks to compromise. To reduce their risk of exposure to the threat, they must:

  • Download patches
  • Use up-to-date web technology
  • Avoid web content that might present risk


Delivering and Deploying:

Through the malicious use of email, file attachments, websites, and other tools, attackers transmit their cyber-weapons to targets. 2016 saw dramatic changes in the exploit kit environment. At the start of the year, Angler, Nuclear, Neutrino, and RIG were clear leaders among exploit kits. By November, RIG was the only one from that group still active.

However, Flash remains an attractive web attack vector for many cyber criminals, but it is likely to become less so over time. Fewer sites and browsers are supported Flash fully or at all, and there is greater awareness about Flash vulnerabilities.

To overcome the threat, Uninstalling Flash, and disabling or removing unnecessary browser plugins, will help users reduce the risk of being compromised by these threats.

Of course, opportunistic cybercriminals pay close attention to these trends. They are creating highly targeted and varied attacks designed to succeed across the expanding attack surface. Meanwhile, security teams are in a constant firefighting mode, overwhelmed by alerts. They have to rely on an array of security products in the network environment that only add more complexity and can even increase an organization’s susceptibility to threats.

Organizations must:

  • Integrate their security technology
  • Simplify their security operations
  • Rely more on automation

This approach will help reduce operational expenses, ease the burden on security personnel, and deliver better security outcomes. Most important, it will give defenders the ability to focus more of their time on eliminating the unconstrained space in which adversaries currently operate.

Posted: May 1, 2017
Irfan Shakeel
View Profile

Irfan Shakeel is the founder & CEO of An engineer, penetration tester and a security researcher. He specializes in Network, VoIP Penetration testing and digital forensics. He is the author of the book title “Hacking from Scratch”. He loves to provide training and consultancy services, and working as an independent security researcher.