Cybersecurity attacks:

A survival guide

Cybersecurity attacks:

A survival guide

Cybersecurity breaches are getting bigger. They’re causing more damage and reaching new heights in both impact and scale. And with digital transformation in full swing, security weaknesses and connected systems are creating a vast playing field for attackers. 


Let’s turn the tide.



Pick an attack to learn how it works and how to protect yourself:

DDos and DeOS

BEHIND THE SCENES

Cybersecurity attackers don’t need coding experience to get into the business. They can simply buy an attack—and they don’t need a lot of money to do so. A DDoS attack can be bought for as little as $150. 

 

A DDoS attack can be bought for as little as1

$150

THE IMPACT

2000+

DDoS attacks per day2

How long does it take to prepare a DDoS attack?

4 days

2 days

8 hours

less than one hour

ANSWER

<1 hour

It can take less than 1 hour to prepare. The attack itself can run for days. Even weeks.

WHAT TO EXPECT

A distributed denial of service (DDoS) attack floods the victim’s network or machine with incoming traffic from many different sources. Normal service gets disrupted, and the victim can’t stop the attack by blocking one single source. This not only locks systems and destroys data, but because today’s IoT devices can be easily exploited by botnets, these attacks have the potential to disrupt the Internet itself.


A destruction of service (DeOS) attack aims to not only render an organization out of order, but to also seriously damage its ability to recover. This takes away an organization’s backup system so recovery might not even be possible.

How long does it take to prepare a DDoS attack?

4 days

2 days

8 hours

less than one hour

ANSWER

<1 hour

It can take less than 1 hour to prepare. The attack itself can run for days. Even weeks.

PREEMPTIVE STRIKE

With Cisco, you stay one step ahead of DDoS and DeOS attacks. Cisco Firepower next-generation firewall (NGFW) appliances combine our proven network firewall with the industry’s most effective next-gen intrusion prevention system (IPS) and advanced malware protection.

PICK ANOTHER ATTACK

Ransomware

BEHIND THE SCENES

Just how little can it cost attackers to buy ransomware technology? Some ransomware can go for as little as $150, $100, or even for free. For free up front, that is. Some black-market options ask for a cut of the earnings instead of an initial payment. That means there’s virtually no up-front investment and anyone can get into the cyber-attack business.


What did we, and attackers, learn from WannaCry? Despite global discussions about cybersecurity before WannaCry happened, organizations still didn’t make updates. Attackers are counting on continued vulnerabilities and confusion around finding the right security solutions.

 

THE IMPACT

 

49%

of all companies suffered at least one cyber ransom incident in 2016.3

39%

from ransomware3

17%

from ransom denial of service (RDoS)3

After you pay the ransom, which of the following can happen?

You get your files back.

You don’t get your files back.

You get your files back and then attacked again by the same hackers.

All of the above

ANSWER

All of the above.

While paying the ransom can work, there’s no guarantee.

TRENDING

Ransomware-as-a-service (RaaS) platforms make it easy for attackers to enter the market without having to code, program, or develop innovative tactics. They either pay for the ransomware or give a cut of their profits to the RaaS provider.


Open-source codebases publicly release ransomware code, which attackers can tweak to look different and then deploy as malware. They’re simply building off someone else’s work, so it’s easier and faster.

 

RDoS threatens to launch a DDoS attack on an organization’s site or network unless they pay a ransom fee.

After you pay the ransom, which of the following can happen?

You get your files back.

You don’t get your files back.

You get your files back and then attacked again by the same hackers.

All of the above 

ANSWER

All of the above.

While paying the ransom can work, there’s no guarantee. 

DEFENSE

Since ransomware attacks can launch in many different ways, Cisco uses an architectural approach to security. From the DNS layer to email to the endpoint, we back our protection with industry-leading Cisco Talos threat research.

 

And because today’s devices need protection beyond the office walls, Cisco OpenDNS Umbrella solutions protect users anywhere they access the Internet. Not only that, but we have some solutions that can uncover the next attacks using the attacker’s cyber fingerprints.

PICK ANOTHER ATTACK

BEC and Spam

BEHIND THE SCENESs

These attacks aren’t very hard for cybercriminals to put together. For business email compromise (BEC), all an attacker needs to do is research an organization’s hierarchy, piece together the chain of command, and put on their CEO hat to write a message to a “coworker.”


As far as spam goes, the use of botnets is increasing the impact and range of attacks. Cyber attackers are making money without using sophisticated programs or lots of resources.

 

THE IMPACT

$1.7 billion

per year has been stolen due to BEC fraud.3

There are a lot of victims of BEC attacks, but well-known companies haven’t been fooled.

True

False

ANSWER

False

Both Facebook and Google have been victims of BEC attacks.3

WHAT TO EXPECT


BEC

BEC messages don’t have malware or suspicious links in them, so they usually can get past all but the most sophisticated defense tools. And because they mention people by name and have a certain amount of knowledge, they can be difficult for victims to detect as fraudulent.

 

Spam

Spam can contain malicious documents like Word, Excel, and PDF files. These documents are good at defeating sandboxing techniques because they ask for user interaction, like clicks or dialog boxes, to infect systems and deliver their payloads.

There are a lot of victims of BEC attacks, but well-known companies haven’t been fooled.

True

False

ANSWER

False. 

Both Facebook and Google have been victims of BEC attacks.3

COUNTERSTRIKE

Cisco helps organizations play multilayered defense against cyber attacks. We also provide advanced threat intelligence from the largest threat research team in the world - Cisco Talos - which dynamically updates our Email Security solutions every 3 to 5 minutes.
Since attackers also like to use pop-ups or legitimate websites to lure victims in with just one click, along with Email Security, we also provide Web Security Appliance (WSA). WSA automatically blocks risky sites and even tests unknown sites before allowing users to link to them.

PICK ANOTHER ATTACK

Spyware

BEHIND THE SCENES

Spyware infiltration can happen a lot of different ways. Some spyware piggybacks on free, legitimate software downloads to get into a user’s system. Other spyware authors pay developers to bundle spyware with software that users pay for. Drive-by downloads, which take advantage of browsers or operating systems that are out of date and have security flaws, can also deliver spyware.


THE IMPACT

20% of 300 companies

sampled were infected by three spyware families..3

Keep in mind, there are hundreds of spyware families.
This study only followed three.

Some spyware removal programs install spyware.

True

False

ANSWER

True

In order to hide their own spying software, some programs pose as removal programs and remove all spyware except their own.

WHAT TO EXPECT

 

Once spyware is installed, the attacker can:

  • Steal sensitive or confidential user and company information

  • Use that information to identify critical assets, map internal infrastructures, and orchestrate targeted attacks

  • Weaken security on a device by modifying configurations and settings, installing additional software, and allowing third-party access

  • Enable remote code execution on devices and fully control the device

  • Increase malware infections (once the device is infected with spyware, they’re vulnerable to even more infections)

  • Sell your information to the highest bidders

Some spyware removal programs install spyware.

True

False

ANSWER

True

In order to hide their own spying software, some programs pose as removal programs and remove all spyware except their own.

OFFENSE AND DEFENSE

Cisco Security solutions cover the full attack continuum, which means they’re playing offense and defense against cyber attacks. Threat protection automatically adapts to emerging threats, boosting protection and quickly responding. Cloud, data center and network, mobility and endpoints—see how our advanced solutions can block, trap, and trip up today’s attacks.

PICK ANOTHER ATTACK

1. Russian Underground 101, Trend Micro Incorporated, 2012.
2. “Digital Attack Map,” Arbor Networks and Jigsaw, 2017.
3. Cisco 2017 Midyear Cybersecurity Report, Cisco, July 2017.