Cyber criminals are turning to advanced exploit kits and the Tor network as businesses fail to keep pace with cyber threats, according to Cisco.
The Cisco 2015 Midyear Security Report outlines a number of major problems facing the security industry, including the Angler exploit kit, Flash vulnerabilities, ransomware and the time it takes to detect threats.
"As adversaries rapidly refine their ability to develop and deploy malware that can breach network defences and evade detection, the security industry, as a whole, struggles to innovate at a similar pace," the report said.
The notorious Angler exploit kit continues to stand out in terms of sophistication and effectiveness.
"Cisco singled out Angler as the one to watch among known exploit kits observed in the wild because of its innovative use of Flash, Java, Microsoft Internet Explorer and Silverlight vulnerabilities," the report said.
The authors of Angler may rely on data science to create computer generated landing pages that resemble normal web pages that easily convince internet users, according to Cisco.
"Angler's success in compromising users online can be attributed partly to its simple but well-constructed web landing pages," the firm explained.
Up to 40 percent of people who encounter an Angler exploit kit landing page on the web end up compromised.
Hackers using the Angler kit have benefited from the gap between companies issuing a patch and computers users updating, according to Cisco.
One example was during the recent fixes to Adobe Flash, released after a number of zero-day vulnerabilities were discovered as a result of the Hacking Team data leak.
"Although Adobe frequently updates its Flash Player, many users are simply not quick enough to apply updates that would protect them from exploits targeting the vulnerability being patched," the report noted.
"It appears that many users have difficulty staying on top of Adobe Flash updates and perhaps may not even be aware of some upgrades."
Held to ransom
The report identified ransomware as another cause for concern. "Ransomware encrypts users' files - targeting everything from financial files to family photos - and provides the keys for decryption only after users pay a ransom," Cisco said.
"The ransom demanded is not exorbitant. Usually, a payment between $300 and $500 is required. The idea is that the ransom is not set so high that people won't pay it or, worse, that it will motivate them to contact law enforcement."
One major area of concern in the report is the fact that the average time to detection ranges between 100 to 200 days, which is extremely slow compared with how quickly cyber threats can now develop.
Time to detection is defined as the window of time between the first observation of a file and the detection of a threat within it.
"In a world where the compromise of users and systems is both assured and assumed, detection of evasive threats is obviously a necessary focus for organisations and security teams," the report states.
"The innovation race between adversaries and security vendors is only accelerating, and organisations are at risk of becoming more vulnerable to attack if they sit back and watch."
Cisco also warned that cyber criminals are increasingly using the Tor network and the Invisible Internet Project to evade detection, and using cryptocurrencies to make transactions difficult to trace.
"Although Tor is often used within enterprises for legitimate purposes, for example by security professionals, its presence can indicate that there is malware traffic on a network," the report said.
Terry Greer-King, director of cyber security at Cisco UK and Ireland, told V3 the report makes it clear businesses must be more aware of the threats they face.
"Security can't be an island, it has to be front and centre, part of IT and people need to be part of the solution," he said.
King pointed out that companies often use a number of conflicting security solutions from differing vendors, warning that this "patchwork approach" can be ineffective and that security requires a "uniform architecture".
"It's very common that, when we go and check, businesses have been breached for months and they don't know about it," he said.
"There can be lots of security technology but it's rarely integrated. There can be 50 to 60 solutions all trying to stop an attack."
The UK government launched a voucher scheme aimed at preparing small to medium sized businesses against the threat of cyber attacks, offering successful candidates up to £5,000 for specialist advice in how to protect data.
Deal intended to help organisations chip away at their unstructured data
Nvidia takes aim at organisations looking to incorporate AI and VR
Cook told Apple staff in an email that "hate is a cancer"
Galaxy Note 8 will offer IP68 certification, a Samsung Exynos 8895 CPU, 6GB of RAM, 64GB of storage and IP68 certification