With the seemingly endless stream of news on data breaches, vulnerabilities and threats, it's often hard to see any positive traction. Cisco's 2017 Midyear security report released this weak includes its fair share of dramatic predictions, but also shows how some areas of security have improved.
Among the worrisome trends identified by Cisco is the emergence of what it refers to as Destruction of Service (DeOS) attacks. Denial of Service (DoS) and its more scaled up version, Distributed Denial of Service (DDoS), have been common attacks for the past decade. The DeOS goes beyond denying access to a service to wiping out the ability of a service to operate.
"For example, attackers are innovating ransomware and DDoS campaigns so that they can seriously disrupt an organization’s networks," David Ulevitch, SVP and General Manager of Cisco's Security Business unit wrote in a blog post. "By doing so, bad actors also damage the organization’s ability to recover from an attack."
The recent NotPetya ransomware attack is one such likely DeOS attack which went beyond just DoS to wipe out access to information.
"Destruction or disruption of service” (DeOS) has long been the number one concern of critical infrastructure operators when it comes to cybersecurity risk," Edgard Capdevielle, CEO of Nozomi Networks, wrote in an email to eSecurityPlanet. " Now is the time for company boards to take proactive steps to review their security posture, detection and response to ensure their organizations don’t suffer the consequences of a disruption in the vital services such as power, water, transportation, manufacturing or others."
"Fortunately, despite the predictions and the escalation of threats targeting disruption, there are new advances in monitoring and detection for these critical operations. Artificial intelligence and machine learning allow critical infrastructure operators to detect attacks faster to mitigate damages to the system," he added.
Among the positive trends identified by Cisco is that the median Time to Detection (TDD) for vulnerabilities has fallen. The Time-to-Detection (TTD) metric is defined by Cisco as the window of time between a compromise and the detection of a threat. TTD has been improving over time, reaching a median of approximately 3.5 hours for the period from November 2016 to May 2017.
Another positive trend has been the stark decline in exploit kits over the past year. Cisco's analysis shows that the three leading exploit kits in 2016, Angler, Nuclear and Neutrino have largely disappeared in 2017.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.