New “destruction of service” attacks loom

DeOS attacks eliminate organisations’ back-ups leaving them without a way to recover

Tags: Cisco Systems IncorporatedCyber crimeUnited Arab Emirates
  • E-Mail
New “destruction of service” attacks loom Hackers are becoming more creative in how they architect their attacks, Cisco warns.
By  David Ndichu Published  July 26, 2017

As if network security managers don’t have enough on their plate, there may well be a new type of attack lurking, dubbed “destruction of service” (DeOS) attacks.

Cisco 2017 Midyear Cybersecurity Report highlighted the emergence of DeOS attacks that could eliminate organisations’ back-ups and safety nets required to restore systems and data after an attack.

Recent cyber incidents such as WannaCry and Nyetya show the rapid spread and wide impact of attacks that look like traditional ransomware, but are much more destructive. These events foreshadow what Cisco is calling destruction of service attacks, which can be far more damaging, leaving businesses with no way to recover.

In addition, the advent of the Internet of Things (IoT), key industries are bringing more operations online, increasing attack surfaces and the potential scale and impact of these threats.

The security weaknesses of IoT, ripe for exploitation, will play a central role in enabling these campaigns with escalating impact, the study says. Recent IoT botnet activity already suggests that some attackers may be laying the foundation for a wide-reaching, high-impact cyber-threat event that could potentially disrupt the internet itself.

“As recent incidents like WannaCry and Netya illustrate, our adversaries are becoming more and more creative in how they architect their attacks. While the majority of organisations took steps to improve security following a breach, businesses across industries are in a constant race against the attackers. Security effectiveness starts with closing the obvious gaps and making security a business priority,” said Steve Martino, vice president and chief information security officer, Cisco.

There were other key observations by Cisco include:

Hackers increasingly require victims to activate threats by clicking on links or opening files. They are developing fileless malware that lives in memory and is harder to detect or investigate as it is wiped out when a device restarts. Finally adversaries are relying on anonymised and decentralised infrastructure, such as a Tor proxy service, to obscure command and control activities.

Spam volumes are significantly increasing, as adversaries turn to other tried-and-true methods, like email, to distribute malware and generate revenue. Cisco threat researchers anticipate that the volume of spam with malicious attachments will continue to rise while the exploit kit landscape remains in flux.

Spyware and adware, often dismissed by security professionals as more nuisance than harm, are forms of malware that persist and bring risks to the enterprise. Cisco research sampled 300 companies over a four-month period and found that three prevalent spyware families infected 20% of the sample. In a corporate environment, spyware can steal user and company information, weaken the security posture of devices and increase malware infections.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code