Users becoming hackers' favorite path into networks, survey finds

Users, always the weakest link in the cybersecurity chain, are increasingly the targets of hackers, cyber spies and cyber criminals, who are also becoming craftier in staging their attacks and better at covering their tracks, according to Cisco’s 2015 Annual Security Report, released today.

The report details the latest trends on the cybersecurity landscape, highlighting emerging threats and examining security practices, but also makes the point that hackers are shifting their focus from attacking the computers and servers on a network to the users who would access that network—and essentially install malware for them. Exploits born of spam and malvertising jumped 250 percent in 2014, the report states, and Silverlight attacks that started with users downloading the malware from an infected site increased 280 percent.

The results reveal an increase in what Jason Brvenik, principal engineer in Cisco’s Security Business Group, called “the individualization of hacking.” By exploiting browser use, hackers then can make use of a person’s access, creating a situation where users “become both victims and unknowing aids,” Brvenik said in an interview.

Cisco’s report was based on a survey of 1,700 companies in nine countries, but many of its finding also could apply to the Defense Department, particularly because defense contractors and other infrastructure suppliers are frequent targets of foreign hackers who often are in search of intellectual property used in military systems.

The report makes the point that cybersecurity must be viewed as an “all hands on deck” operation, involving everyone from the top down, an approach that is gaining a higher profile in the military, as well. Brvenik noted that the people he knows within DOD are well aware of cyber policies and practices on the job, but said that they still have to be careful at home, too.

“We have to view it as a people problem,” he said. “And we have to shift the focus from protecting computers to protecting people.”

The report highlighted three top trends from its survey, and identified a number of other key findings.

The top trends:

Snowshoe spam, in which hackers send low volumes of spam from a large number of IP addresses to avoid detection, is becoming a preferred method of attack.

Web exploits hiding in plain site—that is, with security companies undoing widely used exploit kits such as Blackhole, hackers are turning to less common kits that can still be effective while keeping them under the radar.

Malicious combinations, such as combining the weakest features of Flash and Java in a blended attack that is difficult to detect. Java’s security has improved, and straight Java exploits have decreased by 34 percent, the report notes, but because Flash malware can now interact with Java, hackers can share an exploit, using one file from each, which can hide the malicious activity.

Among the report’s other findings are that 56 percent of versions of OpenSSL (open-source implementations of the Secure Sockets Layer and Transport Layer Security protocols) are more than 50 months old, and therefore still vulnerable to the Heartbleed bug, a serious flaw that could expose secured messages such as credit card transactions and derive SSL keys that could be used to stealthily bypass secure servers on a network.

Web browser add-ons, which users tend to see as benign, are being commonly used to distribute malware and unwanted applications, the report also said.

And continuing a long-standing cybersecurity problem, less than 50 percent of the organizations surveyed said they use patching and configuration tools to help fend off security breaches and ensure they’re running the latest versions of their software. That’s a big reason, for example, for the Heartbleed vulnerability.

Likewise, browsers aren’t being kept up to data. Cisco said only 10 percent of Internet Explorer requests came from the latest version of the browser, while 64 percent of Chrome requests came from the most recent version.