Six Ways Cyber Attackers Are Changing Tactics

Uploaded on 2015-08-26 in TECHNOLOGY--Hackers, NEWS-News Analysis, GOVERNMENT-Defence, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

AM15_John_Chambers_.jpg

Even as organizations enhance their cybersecurity defenses, attackers are adopting more sophisticated tactics to penetrate IT systems and evade detection, according to recent research from Cisco Systems Inc.

Indeed, the networking giant sees six key trends on the attacker front.  They include:

1. Shape Shifters: They change their tactics and tools from moment to moment, disappearing from a network before they can be stopped, or quickly choosing a different method to gain entry.
2. Scaled Attacks: They devise spam campaigns using hundreds of IP addresses in an attempt to bypass IP-based anti-spam reputation products.
4. Trusted Doorways: They design malware that relies on tools that users trust, or view as benign, to persistently infect and hide in plain sight on their machines.
5. Guerrilla Warfare: They find new vulnerabilities to exploit if vendors shut down weaknesses in other products.
6. Digital Camouflage: They work at establishing a hidden presence or blend in with the targeted organization, sometimes taking weeks or months to establish multiple footholds in infrastructure and user databases. Only when they are ready will they execute their core mission.

According to Cisco's Security Capabilities Benchmark Study, "security professionals say they’re optimistic that they’re well prepared to hold back online attackers. Yet adversaries continue to steal information, make money through scams, or disrupt networks for political goals. In the end, security is a numbers game: Even if an organization blocks 99.99 percent of billions of spam messages, some will make it through. There is no way to ensure 100 percent effectiveness."
Cisco: http://bit.ly/1Jbhhh5

 

« NSA Map Shows China Cyber Attacks on US
Cyber Insecurity: Going Dark »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ASIS International

ASIS International

ASIS International is a global community of security practitioners with a role in the protection of assets - people, property, and/or information.

Executive Women's Forum (EWF)

Executive Women's Forum (EWF)

The Executive Women's Forum is the largest member organization serving emerging leaders and influential female executives in the Information Security, Risk Management and Privacy industries.

Anect

Anect

Anect is a leading provider of ICT security and services for hybrid and cloud solutions.

MENAInfoSecurity

MENAInfoSecurity

MENAInfoSecurity is a regional leader in information security solutions, assurance services and managed services.

Cylus

Cylus

Cylus, a global leader in rail cybersecurity, helps rail and metro companies avoid safety incidents and service disruptions caused by cyber-attacks.

ThreadStone Cyber Security

ThreadStone Cyber Security

ThreadStone Cyber Security offer reliable, practical and affordable cyber security solutions for both large and smaller organizations that we develop and deliver ourselves from Europe.

Red Snapper Recruitment

Red Snapper Recruitment

Red Snapper Recruitment is a market leading staffing services provider to the law enforcement, cyber security, offender supervision and regulatory services markets.

GCHQ Apprenticeships

GCHQ Apprenticeships

GCHQ, the UK intelligence and security organisation, offers a unique three-year Cyber Security Degree Apprenticeship with employment on successful completion.

Curtail

Curtail

Curtail keeps businesses running by using live traffic analysis to identify defects before software goes live, and detect and isolate security threats before they impact systems.

Olympus Sky

Olympus Sky

Olympus Sky has created a complete security system that is specifically designed to meet the challenges of IoT, including all of the deficiencies currently challenging Public Key Infrastructure.

Shearwater Group

Shearwater Group

Shearwater Group is an award-winning organisational resilience group that provides cyber security, advisory and managed security services to help secure businesses in a connected global economy.

AlJammaz Technologies

AlJammaz Technologies

AlJammaz Technologies is the leading Technology Value-Added Distributor, which distributes advanced technology products, solutions and services in area including networking and cybersecurity.

CyberArmor

CyberArmor

Cyber Armor defend everyday IT and OT systems, from government agencies to critical infrastructure, from system integrators to small industries.

SecureStream Technologies

SecureStream Technologies

SecureStream Technologies have built the IoT SafetyNet - the Network Security Analytics platform to Eliminate Security Threats, Guarantee Privacy, Ensure Compliance, Simply & Easily.

Marlink

Marlink

Marlink smartly integrates hybrid, future-ready network solutions so you can benefit from the best available connectivity and IT to accelerate your digitalisation and empower your remote operations.

ResilientX

ResilientX

ResilientX is an All-In-One Security Testing Platform designed to help MSPs and SMBs to perform their security testing and assessments without having to outsource IT.

Casepoint

Casepoint

Casepoint is the legal technology platform of choice for corporations, government agencies, and law firms to meet their complex eDiscovery, investigations, and compliance needs.