A Cyber Threat Trends Report from Cisco offers a revealing look into the ever-changing landscape of cyber threats, emphasizing the increasing sophistication of malicious actors who exploit DNS activity to target organizations around the globe.
Covering the period from August 2023 to March 2024, this report outlines significant threats, including Trojans and ransomware, while providing actionable strategies to strengthen defenses.
Key findings
The report highlights three major cyber threats that have emerged as particularly concerning:
- Information Stealers: Leading the pack, these threats account for an astounding 246 million blocks each month. They are designed to capture sensitive information like credentials and financial data, often through deceptive phishing and malvertising tactics.
- Trojans: Coming in second with 175 million monthly blocks, Trojans masquerade as legitimate software. They can steal credentials, create backdoors for further attacks, and spread malware across networks.
- Ransomware: With 154 million monthly blocks, ransomware remains a popular weapon for cybercriminals, who use it to encrypt data and demand ransom payments.
Emerging threats and trends
Cisco’s report also sheds light on other persistent threats that organizations should be aware of:
- Remote Access Trojans (RATs) allow attackers to silently control infected systems, making them tools for espionage and data theft.
- Advanced Persistent Threats (APTs) are often state-sponsored groups that target critical sectors over extended periods.
- Botnets leverage networks of compromised devices to carry out large-scale attacks, including Distributed Denial of Service (DDoS) attacks.
- Droppers and backdoors serve as entry points for more complex malware, making them crucial components in the cyber threat ecosystem.
The role of DNS activity
One of the standout findings is the importance of DNS activity as a key indicator of malicious behaviour. Cisco’s Umbrella platform processes an impressive average of 715 billion DNS requests daily, showcasing how spikes in DNS queries often correlate with the deployment of ransomware and other malware. This connection highlights DNS traffic as a critical tool for detecting potential threats.
Recommendations for mitigating threats
To combat these evolving challenges, Cisco emphasizes a multi-layered cybersecurity approach:
- DNS Security: Implement measures to block malicious domains and monitor DNS traffic for unusual patterns.
- Endpoint Protection: Utilize advanced solutions that employ behavioral analysis to detect and block malware effectively.
- Incident Response Planning: Develop and regularly test robust incident response plans to manage potential breaches efficiently.
- Employee Training: Educate staff about phishing and social engineering tactics to minimize vulnerabilities.
- Regular Backups and Updates: Keep systems current and ensure data is securely backed up to mitigate the impact of ransomware attacks.
The report urges organizations to adopt DNS-layer security as a foundational aspect of their cybersecurity strategy. By leveraging tools like Cisco Umbrella and Secure Access, businesses can enhance their defenses against increasingly sophisticated cyber threats, safeguarding sensitive data while ensuring operational resilience.
As the threat landscape continues to evolve rapidly, proactive measures and continuous monitoring are essential for protecting digital assets and infrastructure. Organizations must remain vigilant and adaptable in their cybersecurity strategies to stay ahead of these persistent dangers.
Cyber threats are harmful activities that aim to disrupt, steal, or destroy data, digital life, and critical systems.
Some examples of cyber threats include:
- Malware
A common type of cyber threat that includes viruses, worms, trojans, spyware, and adware. Malware can be used to gain unauthorized access to a system, steal data, or cause damage.
- Phishing
A common and effective cyber threat involves cybercriminals using deceptive emails, messages, or websites to trick people into sharing sensitive information.
- Ransomware
A type of malware that blocks access to files or software in a computer system until a specific sum of money is paid.
- Insider threats
These threats can be intentional or accidental and can cause significant damage. They can be difficult to detect because insiders already have access to sensitive systems.
- Distributed denial of service (DDoS) attacks
These attacks overwhelm a network with traffic and information, causing it to crash and shut down.
- Social engineering
Cybercriminals use personalized information and sophisticated techniques to deceive individuals.
- Man-in-the-Middle (MitM) attacks
These attacks allow threat actors to eavesdrop on data flowing between two parties.
- Internet of Things (IoT) attacks
Cybercriminals exploit vulnerabilities in IoT devices to take over the device, steal data, or use it for other malicious ends.
- Advanced persistent threats (APTs)
These are complex, stealthy, and prolonged attacks that are aimed at specific targets to steal data or disrupt operations.
