Email Is Used in 92.4% of Malware Distribution Cases

On October 22, 2019, Cisco held a press conference in Moscow where company experts discussed key trends in the information security market. Journalists were presented with the results of the Email Security Report, Threat Hunting Report, and CISO Benchmark Study, all conducted by Cisco in 2019.

CISO Benchmark Study: Security Leaders’ Priorities

The CISO Benchmark Study summarizes a comparative survey of over 3,000 information security directors from 18 countries. The results show that security professionals are increasingly prioritizing vendor consolidation, collaboration between network and security teams, and raising awareness of security issues. More and more CISOs are relying on cloud migration as the best way to ensure security.

The study also found that complex environments involving 10 or more vendors significantly complicate the security process. 65% of respondents noted that such environments make it difficult to determine the scale of data breaches, contain them, and deal with the aftermath of exploits. Unknown threats outside the enterprise infrastructure—such as users, data, devices, and applications—are also key challenges. To address these issues, respondents are taking the following steps:

• 44% have increased spending on cybersecurity technologies
• 39% are conducting security training for employees
• 39% are focused on implementing risk mitigation practices

Survey participants also noted the continued high impact of data breaches on company financials. Interestingly, among specialists who reported the most significant incident last year costing $5 million or more, 2% represented Russian companies. Meanwhile, 44% of Russian CISOs reported breach costs not exceeding $100. The most affected areas in Russian companies were business operations (45%), customer loyalty (35%), and brand reputation (31%).

Email Security Report: How to Protect Against Phishing, Cyber Fraud, and Other Threats

The Email Security Report focuses on information security threats found in emails. Email is ideal for criminals: it can prompt recipients to take actions that compromise corporate security systems. The seriousness of such attacks is confirmed by security leaders: nearly all surveyed specialists said email is the most popular tool for both malware distribution (92.4%) and phishing (96%).

The study notes that the most common email threats are Office 365 phishing, business email compromise (where a cybercriminal impersonates an executive to trick recipients into, for example, transferring funds), digital extortion, and fake advance payment scams.

As for malicious files sent via email, the most common types are .doc (41.8%), .zip (26.3%), and .js (14%). Hackers use two main methods to launch spam campaigns: botnets (such as Necurs, Emotet, Gamut) and mass email distribution tools. Clear signs of phishing emails include mismatched “To” addresses, numerous grammatical errors or blurry logos, demands for immediate action, requests for personal or confidential information, and unusual-looking URLs.

Cisco offers several recommendations for safe email use, including phishing awareness training, regular software updates, and multi-factor authentication.

Threat Hunting Report: Hunting for Hidden Threats

Hidden (or previously unknown) information security threats are among the greatest dangers for companies worldwide. They are hard to detect and even harder to counter. The Threat Hunting Report answers the question of how to start effective “threat hunting” in your company. The main principle is a proactive approach to security, rather than simply reacting to attacks. The report details the steps organizations should take to detect unknown threats in time and minimize related risks.

Key methods for threat hunting include:

• Log Analysis. One of the simplest ways to start hunting is to check system logs for indicators of compromise. Command-line programs or simple scripts are often enough to begin. Another quick and effective way to check logs is by using SIEM solutions.
• Hypothesis Testing. Compare logs with known indicators of compromise. This helps you hypothesize where threats may be hiding and what tools or methods attackers might use.
• Source Tracing. Once you identify a threat and determine how attackers infiltrated your network, take steps to prevent similar attacks in the future. However, further threat hunting may reveal that attackers have found new ways in. That’s why it’s important to identify who is attacking you, what infrastructure they use, and then put an end to their activities. Of course, doing this alone can be difficult. In such cases, organizations like Talos Intelligence or Cisco’s Incident Response Services can help.