Cisco Details Enterprise Security Threats

Cisco’s new quarterly Global Threat Report released this week offers some new details on the specific security threats the networking giant has been monitoring. The threat report merges data culled from Cisco’s Intrusion Prevention Systems (IPS), Cisco IronPort and Cisco ScanSafe data.

Cisco (NASDAQ: CSCO) bought the SaaS-based security vendor ScanSafe last December. It purchased IronPort in 2007.

The report comes at a time when enterprises are dealing with a number of security threats, including malware, that can originate from a number of different sources, including popular social networks.

But the report also noted that 65 percent of all Web-based malware encounters were blocked prior to the exploit code reaching a potential victim or involved encounters which did not include exploit code. Cisco said Adobe Reader/Acrobat, Sun Java, and Adobe Flash were the three most common malware targets over the first half of 2010.

The report notes that pharmaceutical and chemical companies are the sectors most often targeted by Web malware. Cisco gave those two industries a “heightened risk rating” of 543 percent for the second quarter, up from 400 percent in the first quarter. Other high risk verticals in the report were Energy, Oil and Gas (446 percent), Education (157 percent), Government (148 percent) and Transportation and Shipping (146 percent).

More broadly, the report (available here in PDF format) said there’s been a big increase in SQL injection attacks in which an attacker executes unauthorized SQL commands to steal information.

For example, the report details the reappearance of Asprox SQL injection attacks in June of 2010 after nearly six months of inactivity. Links in the search engine results pages of what the report said were legitimate search queries accounted for almost 90 percent of the Asprox incidents.

For the first quarter of 2010, Cisco said 7.4 percent of all Web-based malware attacks were generated by search engine queries. A botnet that ScanSafe identifies as “Gumblar” led a varied list of malware threats with a 5 percent share of all the Web-based malware threats in the second quarter — a drop from the 11 percent share it had in the first quarter. Gumblar typically redirects a user’s Google search query to a malicious site.

Eastern Europe (33 percent) had the highest rate of Web-based malware in the second quarter of this year, followed by South America (14 percent) and China (11 percent).

Cisco said its new quarterly threat report is different from the Midyear Security report (PDF) that it released last week; that report discusses the technological, economic, and demographic shifts Cisco sees related to IT security.

“Given the commitment and drive of the great security teams at Cisco, it’s easy to foretell a not-too-distant future when we can begin providing early warning of impending attacks. Wouldn’t that be cool?” Mary Landesman, Cisco’s Market Intelligence manager, said in a blog post announcing the quarterly threat report.

David Needle is the West Coast bureau chief at, the news service of, the network for technology professionals.

David Needle
David Needle is a veteran technology reporter based in Silicon Valley. He covers mobile, big data, customer experience and social media, among other topics. He was formerly news editor at Infoworld, editor of Computer Currents and TabTimes and West Coast bureau chief for both InformationWeek and

Top Products

Related articles