Cisco presented a laundry list of failings organisations must overcome if they have any hope of defending themselves against the increasingly complex varieties of ransomware and other forms of malware being used by cybercriminals.
Cisco's 2016 mid-year cybersecurity report noted fragile infrastructures, poor network hygiene and slow detection rates are the primary reasons corporations are falling victim to ransomware attacks. This has led, the report noted, to ransomware becoming the dominant and most costly malware ever. The firm believes it will become even more dangerous in the coming months as new varieties come online.
"Cisco security researchers anticipate, based on trends and advances observed to date, that self-propagating ransomware is the next step for innovators in this space — and urge users to take steps now to prepare,” the report stated.
An increasing number of ransomware attacks are exploiting server vulnerabilities, specifically JBoss servers. The report estimated that 10 percent of all web-connected JBoss servers have been compromised, giving cybercriminals a huge attack surface to exploit.
Cisco also found the criminals are doing a better job of remaining anonymous during the ransomware process by using cryptocurrency, Transport Layer Security and Tor. This enables them to eliminate any direct, and therefore traceable, contact with their victim through email.
Making matters worse, the report uncovered that many organisations are doing a poor job keeping their software up to date with patches, which is one of the primary methods of fending off most types of attacks.
The report stated that 20 percent of Google Chrome users were not operating the newest version, even though the browser has auto updates, and this situation gets even worse with regular software. Cisco noted that 33 percent of systems examined still ran Java SE 6 instead of the current Java SE 10, while only 10 percent of those running Microsoft Office 2013 version 15x have the latest service pack installed.
To help stem and eventually reverse this situation, Cisco said companies must give malicious actors less time running free inside their systems – time that is used to not only take data, but to find more weak points to exploit. This can be accomplished by eliminating vulnerabilities simply by applying needed patches.