Cisco Reveals List Of Threats To Enterprise Security

Cisco's new quarterly Global Threat Report released this week offers some new details on the specific security threats the networking giant has been monitoring. The threat report merges data culled from Cisco's Intrusion Prevention Systems (IPS), Cisco IronPort and Cisco ScanSafe data.

Cisco (NASDAQ: CSCO) bought the SaaS-based security vendor ScanSafe last December. It purchased IronPort in 2007.

The report comes at a time when enterprises are dealing with a number of security threats, including malware, that can originate from a number of different sources, including popular social networks.

But the report also noted that 65 per cent of all Web-based malware encounters were blocked prior to the exploit code reaching a potential victim or involved encounters which did not include exploit code. Cisco said Adobe Reader/Acrobat, Sun Java, and Adobe Flash were the three most common malware targets over the first half of 2010.

The report notes that pharmaceutical and chemical companies are the sectors most often targeted by Web malware. Cisco gave those two industries a "heightened risk rating" of 543 per cent for the second quarter, up from 400 per cent in the first quarter. Other high risk verticals in the report were Energy, Oil and Gas (446 per cent), Education (157 per cent), Government (148 per cent) and Transportation and Shipping (146 per cent).

More broadly, the report (available here in PDF format) said there's been a big increase in SQL injection (define)attacks in which an attacker executes unauthorized SQL commands to steal information.

For example, the report details the reappearance of Asprox SQL injection attacks in June of 2010 after nearly six months of inactivity. Links in the search engine results pages of what the report said were legitimate search queries accounted for almost 90 per cent of the Asprox incidents.

For the first quarter of 2010, Cisco said 7.4 per cent of all Web-based malware attacks were generated by search engine queries. A botnet that ScanSafe identifies as "Gumblar" led a varied list of malware threats with a 5 per cent share of all the Web-based malware threats in the second quarter -- a drop from the 11 per cent share it had in the first quarter. Gumblar typically redirects a user's Google search query to a malicious site.

Eastern Europe (33 per cent) had the highest rate of Web-based malware in the second quarter of this year, followed by South America (14 per cent) and China (11 per cent).

Cisco said its new quarterly threat report is different from the Midyear Security report (PDF) that it released last week; that report discusses the technological, economic, and demographic shifts Cisco sees related to IT security.

"Given the commitment and drive of the great security teams at Cisco, it's easy to foretell a not-too-distant future when we can begin providing early warning of impending attacks. Wouldn't that be cool?" Mary Landesman, Cisco's Market Intelligence manager, said in a blog post announcing the quarterly threat report.

print this article

Return to security news headlines
View Security News Archive

Share with: