Exploit kit variety, point-of-sale attacks reign in 2014: Cisco

Cisco's security team says that exploit variety is gaining steam, and both the Internet of Things and point-of-sale system industries are fresh and popular targets for cybercrime.
Written by Charlie Osborne, Contributing Writer

New exploit kit families are appearing on the market and point-of-sale systems are increasingly a popular target for hackers, according to new research conducted by Cisco.

Cisco's Midyear Security Report tracks and analyzes cyberattack trends, exploits used, and the changing landscape of security as new technology comes to the foreground. According to the Ponemon 
Institute, the average cost of an organizational 
data breach was $5.4 million in 2014, 
up from $4.5 million in 2013, and cybercrime methods are becoming more complex as time goes on.

When Cisco researchers examined the latest trends in web exploits, out of 2528 vulnerability alerts published from 
January to June 2014, 28 across a variety of systems were identified as being 
actively exploited -- and need to be patched urgently.

Java remains the most exploited piece of software, with 93 percent of all web exploits originating from this service. Java versions 1.6 and 1.7 remain the most exploited, but exploits tailored for version 1.8 are also on the rise. 

Screen Shot 2014-08-05 at 11.58.35

The number of exploit kits available on the market has dropped by 87 percent this year, mainly due to the arrest of Paunch, the alleged creator of the popular Blackhole exploit kit, according to Cisco 
security researchers.
 Now the dominant exploit kit on the black market is no longer being updated, other players are trying to pick up the abandoned business, and new exploit families such as Siesta and Sweet Orange are gaining in popularity.

Screen Shot 2014-08-05 at 12.00.49

In the first half of 2014, the pharmaceutical and 
chemical industry were most likely to be the targets of spam and phishing campaigns, and the media and publishing industry has experienced a surge in cyberattacks -- potentially due to state-sponsored players and political hacktivists keen to steal valuable data or use these platforms for their own agendas.

Screen Shot 2014-08-05 at 11.59.48

The report also includes data gathered from 16 multinational companies and their security procedures & challenges. Out of the 16 customer networks monitored by Cisco, nearly 70 percent have been identified as issuing DNS 
queries for Dynamic DNS (DDNS). While not inherently malicious, DNS queries can indicate malicious activity. Cisco researchers found that 40 percent of the networks use such requests and services including VPN, Secure Shell (SSH) 
Protocol, Simple File Transfer Protocol 
(SFTP), FTP, and FTP Secure (FTPS), and the majority of these networks were issuing such requests outside of internal systems.

In total, 70 percent of the corporate networks showed DNS requests were either being made through misuse, or these systems were compromised by botnets. However, on each of the networks sampled, there was some evidence of malicious traffic -- and the team determined that this particular group of corporate networks reviewed likely had been penetrated for some time and that the core infiltration had not been detected. As a result, Cisco is now monitoring the use of DNS as a new potential precursors to infiltration or malicious activity.

In addition, "malvertising" -- the use of adverts to entice users to connect to malicious websites -- is on the increase. Exploits designed for web browsers and plugins, such as Java and Silverlight, are proving to be popular, and the method of using seemingly legitimate advertisements to infiltrate legitimate websites -- therefore gaining user trust -- remains a popular vector. For example, CNN once hosted malvertising, and it wasn't a surprise.

Popular websites with large followings often maintain relationships with hundreds of ad exchanges, and so one or two malicious ads are likely to slip through on occasion. However, most of the exploits used by malvertising are well-known, so as long as a user's system is fully patched they are unlikely to be in danger.

The exploitation of point-of-sale systems (POS) is also on the rise. Payment systems used by retailers are now more likely than ever to be connected to the Web, which gives hackers a channel in which to infiltrate a system. The credit card theft US retailer Target was one of the main headlines this year, and restaurant chain PF Chang revealed on Tuesday that a similar data breach resulted in the theft of customer credit card data in over 30 locations across the United States.

The Internet of Things (IoT), which connects up everything from home appliances to cars using the Web, represents a wide and varied arena for cyberattackers to exploit network weaknesses. IoT is expected to grow 
to approximately 50 billion 'things' by 2020, 
according to Cisco, and so we can expect hackers to exploit this growth -- if such schemes are profitable.

Cisco says that IoT is already changing the security landscape, as people, processes, 
and data all become increasingly connected, and while many exploits remain hypothetical, vehicles, medical devices and appliances are already being used for "research and development" by both black and white-hat hackers.

Editorial standards