Cisco 2014 Midyear Security Report

Cisco released an interesting Security Report during the week. Based on the largest set of data and telemetry available from their network of top customers and sensors they have published a paper recently that looks to provide security insights.

It’s bigger on the inside

The report is quite extensive. Whilst only a mid year report it covers quite a comprehensive list of threats.

• Spam
• Malware
• Phising
• Heartbleed
• NTP Amplication attacks
• WordPress exploits and more

There is plenty of supporting information explaining how some of these exploits occur. Reading about the NTP amplication through MONLIST is very interesting.

Targets of 2014

What was interesting to me was the target of some of these attacks. I thought it would be financials and hosting providers that would have that their infrastructure targeted and penetrated the most. It was very surprising to read that more frightening targets were sought after.

• Transport
• Logistics
• Criticial infrastructures

Transport and logistics are interesting. Modern commerce and how society moves physical material around never occurred to be as a major target. The more I think about it the more devastating such a target is. Aid transfers, Medicine research, Supply and shipping lanes. The information about schedules, corridors and material in transit provide information for other uses. Critical infrastructure shouldn’t surprise me. SCADA and ICS infrastructure has a notoriously weak history in security. Default or No Passwords or simply systems that aren’t designed to be connected to the internet drive and control power, water, gas and society infrastructure.

Strengthening of links in cyber crime with traditional military action

It starts to make sense why transport, logistics and infrastructure are being pressed from the digital world. I think back to my Motte and Bailey architecture castle discussion. We inherintly trusted who was on the inside and fought those on the outside. The game changed as one individual could compromise a building physically (ala Opening the Gate or rear door) to let an intruder in. As we slowly move towards a zero trust model where credentials validate who people are and what they can access there have been new digital vectors. Denial of Service or Compromise of a particular system followed up by a strategic military action. Attack a power plant or radar system and send in the troops. A rather terrifying prospect. Let alone if the systems have been back doored.

This is noted in the report of ISIS using Social media to propagate messaging of the Caliphate they are building and using it for psychological warfare. The report also highlights the ongoing confrontation in Ukraine between seperatists and the military. There has been cases of the Ouroboros malware targeting specific government systems.

Almost like a Tom Clancy novel. Alas, this is the real world and pretty scary.

My thoughts

The paper is written in such a way that it feels like an air of pre-cog ¹ about it. I suppose it is true of the old addage the person with the most information has the greatest advantage. I like the reports style and the information it has gleened from the data collected. What it should serve as is a talking point for internal security review, policy update and how you and your company approachs irrespective of who your network security vendor or incumbent is.