Cisco Cites Concerns in 2017 Mid-Year Cybersecurity Report

LinkedIn has proven to be an excellent source for me to stay in touch with contacts I have made throughout my Information Technology career. Just about everyone in our field has dreams and aspirations of reaching higher levels within their career. Not surprisingly, some of my former colleagues have found satisfaction as full-time employees at some of the most recognized and successful technology firms.

Recently, one of my former colleagues - who is now an established employee at Cisco - provided a link to Cisco's 2017 Mid-year Cybersecurity Report (MCR). While not an expert at cybersecurity, I found the report a compelling read and wanted to highlight the top three concerns I pulled from my review of Cisco's findings within the MCR.

1. Destruction of Service (DeOS)

The Cisco MCR refers to Destruction of Service (DeOS) as a new strategy employed by those who play in the dark world of cyber-attacks. The goal of the DeOS is to eliminate the safeguards organizations rely upon to restore and rebuild systems in the wake of malware, ransomware or other cyber-attacks which disrupt business operations.

Imagine being impacted by a cyberattack only to realize that your contingency plans have also been compromised as well. The expectation is to leverage historically vulnerable Internet of Things (IoT) devices as enablers to allow DeOS campaigns to proliferate into typically secure infrastructures.

2. Cloud Security Is the Ignored Dimension

Privileged access to cloud environments and a lack of management for infrastructure and endpoints are a major concern noted in the MCR. Cisco has even gone so far as to label cloud security as the "ignored dimension" - that the single privileged cloud user account presents the greatest risk. Basically, if one account maintains access to everything in the cloud, only one account needs to be compromised to gain full control. Once in control, it is easy to begin the process of attempting widespread theft from a financial or purely data perspective. Cisco found three interesting facts about privileged user accounts:

• For every 100 cloud accounts, six of them have privileged access.

• As much as 75% of privileges can be removed from admin accounts with little or no business impact.

• 88% of admin tasks are carried out by the top two privileged users.

3. Improper Services Deployed by DevOps

The DevOps concept has grown in popularity over the last 3 - 5 years. From Cisco's view, this has presented security concerns, due to the fact that security is not always at the forefront of the design and implementation stage. Cisco found that DevOps services that have been deployed incorrectly or left in an invalid/open state intentionally (for convenience) pose a significant threat - with many of these instances already being ransomed (according to Cisco partner Rapid7).

One example noted in the report occurred in January 2017, where attackers started encrypting public MongoDB instances - demanding ransom payments for keys or software which would decrypt the data or transactions. These attacks have spawned to CouchDB and Elasticsearch as well, all because DevOps engineers failed to take standard security precautions in place.

Cisco's partner Rapid7 provided these statistics within the MCR:

• 75% of CouchDB is exposed to the Internet and requires no authentication (aka "wide open"). Some of the data which have been ransomed include sensitive data such as clinical drug trial information, credit card numbers, and personal contact information.

• More than 75% of Elasticsearch servers are considered wide open as well. While a larger percentage of these servers have been ransomed, a very low percentage appear to contain sensitive information.

• Nearly 100% of the MongoDB servers found/scanned by Rapid7 were categorized as wide open. Like Elasticsearch, the number of servers containing sensitive data is minimal.

A Must Read for Security Professionals

After reviewing the MCR, my goal was to highlight the top three elements which provided a personal concern to me. Prior to reading the article, I expected ransomware to be one of the highlighted concerns - based on the WannaCry outbreak earlier this year. However, Cisco noted that Business Email Compromise (BEC) is a far greater concern - currently the most lucrative and profitable method to extract large sums of money from a business. In fact, from October 2013 - December 2016, an estimated $5.3 billion was lost due to BEC.

The entire report spans about 90 pages and is something I recommend for individuals working in the security space - especially at the corporate level. Honestly, if you are reading this article, it might be a good idea to download and review the report yourself. The report can be downloaded via the following URL:

2017 Mid-Year Cybersecurity Report (MCR)

Have a really great day!