Cisco 4Q11. Global Threat Report

Similar documents
AT&T Global Network Client for Windows Product Support Matrix January 29, 2015

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

Analysis One Code Desc. Transaction Amount. Fiscal Period

Case 2:08-cv ABC-E Document 1-4 Filed 04/15/2008 Page 1 of 138. Exhibit 8

Deep Security/Intrusion Defense Firewall - IDS/IPS Coverage Statistics and Comparison

Deep Security Intrusion Detection & Prevention (IDS/IPS) Coverage Statistics and Comparison

Enhanced Vessel Traffic Management System Booking Slots Available and Vessels Booked per Day From 12-JAN-2016 To 30-JUN-2017

Using big data analytics to identify malicious content: a case study on spam s

Zscaler Cloud Web Gateway Test

Employers Compliance with the Health Insurance Act Annual Report 2015

Impacts of Government Jobs in Lake County Oregon

Cisco & Big Data Security

Deep Security Vulnerability Protection Summary

HOUSTON-THE WOODLANDS-SUGAR LAND METROPOLITAN STATISTICAL AREA (H-W-S MSA) Visit our website at

Ashley Institute of Training Schedule of VET Tuition Fees 2015

Computing & Telecommunications Services Monthly Report March 2015

CENTERPOINT ENERGY TEXARKANA SERVICE AREA GAS SUPPLY RATE (GSR) JULY Small Commercial Service (SCS-1) GSR

Centers of Academic Excellence in Cyber Security (CAE-C) Knowledge Units Review

Consumer ID Theft Total Costs

Energy Savings from Business Energy Feedback

Dragonfly: Energy Companies Under Sabotage Threat Symantec Security Response

BCOE Payroll Calendar. Monday Tuesday Wednesday Thursday Friday Jun Jul Full Force Calc

Cisco RSA Announcement Update

Cisco Remote Management Services for Security

One Minute in Cyber Security

CAFIS REPORT

Detailed guidance for employers

Performance 2015 S&P 500 Sectors & Industries

Accident & Emergency Department Clinical Quality Indicators

Dealing with Big Data in Cyber Intelligence

Netscribes (India) Pvt. Ltd.

Neo Consulting. Neo Consulting 123 Business Street Orlando, FL

Sage ERP MAS 90, 200, 200 SQL, and Sage ERP MAS 500. Supported Versions

P/T 2B: 2 nd Half of Term (8 weeks) Start: 25-AUG-2014 End: 19-OCT-2014 Start: 20-OCT-2014 End: 14-DEC-2014

P/T 2B: 2 nd Half of Term (8 weeks) Start: 26-AUG-2013 End: 20-OCT-2013 Start: 21-OCT-2013 End: 15-DEC-2013

P/T 2B: 2 nd Half of Term (8 weeks) Start: 24-AUG-2015 End: 18-OCT-2015 Start: 19-OCT-2015 End: 13-DEC-2015

Next Generation IPS and Reputation Services

How To Understand The Third Platform Ct Market Transformation In Latin America

How To Understand The City Of Hong Kong

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Current counter-measures and responses by CERTs

Homeland Security Grants Management Louisiana Emergency Preparedness Association (LEPA)

HAWAII'S UNEMPLOYMENT RATE DROPS TO 3.7 PERCENT IN July

Discussion Outline. A. KPIs Defined. B. Why KPIs Matter. C. KPI Menu. D. Implementation. E. Example KPIs. F. Pitfalls

A cooperation of Dow Jones Indexes and SAM

Corero Network Security plc

Are you prepared to make the decisions that matter most? Decision making in manufacturing

IBM Advanced Threat Protection Solution

Financial Summary 3rd quarter of FY2012. January 29, 2013 Tohoku Electric Power Co., Inc.

CHILDREN AND YOUNG PEOPLE'S PLAN: PLANNING AND PERFORMANCE MANAGEMENT STRATEGY

Proposal to Reduce Opening Hours at the Revenues & Benefits Coventry Call Centre

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

Met Office. Observations Supply. Marine Networks

IT Sicherheit im Web 2.0 Zeitalter

Performance 2016 S&P 500 Sectors & Industries

Architectural Services Data Summary March 2011

Weighting companies by their one-year forecast dividend yield as opposed to market capitalisation

Use Data Strategy and Customer Analytics to Drive Business Decisions. Alison Shaffer August 26, 2010

Virtual Desktops Security Test Report

The Latest Internet Threats to Affect Your Organisation. Tom Gillis SVP Worldwide Marketing IronPort Systems, Inc.

Networking for Caribbean Development

The Hillstone and Trend Micro Joint Solution

jobsdb Compensation and Benefits Survey Report 2015

Example of a diesel fuel hedge using recent historical prices

Cisco Advanced Malware Protection

Domain Name Abuse Detection. Liming Wang

2016 Examina on dates

Adjusted Estimates of Texas Natural Gas Production

Smart Grid Cyber Security

CONTENT OCTOBER About RecruiteX. Hiring Trends. Executive Summary. Industry-wise Recruitment Trends. Functional Area-wise Recruitment Trends

ITRC announces latest updates of its Visitor Profile Study (VPS)

IBM Security Systems Trends and IBM Framework

2015 Examination dates

Are you prepared to make the decisions that matter most? Decision making in retail

A REPORT ON HIRING ACTIVITY IN INDIA

NATIONAL CREDIT UNION SHARE INSURANCE FUND

Transcription:

Cisco 4Q11 Global Threat Report

Contents Key Highlights 1 Introduction 2 Cisco ScanSafe: Web Malware Events 3 Cisco Intrusion Prevention System 5 Cisco IronPort: Global Spam Trends 6 About the Contributors 7

Key Highlights Enterprise users experienced an average of 339 Web malware encounters per month in 4Q11. An overall average of 362 Web malware encounters per month occurred throughout 211. The highest rate of encounters occurred during September and October 211 at 698 and 697 on average per enterprise, respectively. An average of 2,141 unique Web malware hosts were encountered per month in 211, compared to a monthly average of 14,217 in 21. During 4Q11, 33 percent of Web malware encountered was zero-day malware not detectable by traditional signature-based methodologies at the time of encounter. The highest rate of zero-day malware blocks for the quarter occurred in November 211, during which 47 percent of Web malware was blocked by Outbreak Intelligence. The rate of SQL injection signature events remained fairly steady throughout 4Q11, with a slight decrease observed as the quarter progressed. Denial-of-service events increased slightly over the course of 4Q11. Global spam volumes continued to decline throughout 211. All contents are Copyright 212 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. 1

Introduction The proper security tools can prevent infection or stop outbreaks, mitigate or reduce losses from malicious events, and even decrease legal liability. These products can also often serve as an excellent source of information about what is happening in your enterprise. Regular review and understanding of the logs produced by these tools and services can enable you to benchmark what is normal and typical for your enterprise, which in turn provides a benchmark to spot unusual or atypical behavior that might indicate an advanced persistent threat or other intrusion. Correlating log information across various tools and services also provides a timely pulse of the threat landscape, which can sometimes have interesting associations to global non-malware-related events. Most importantly, regular review and understanding of the data can help uncover the elusive black swan the types of surreptitious and malicious events that otherwise could fly below the radar. The Cisco Global Threat Report is a compilation of data collected across four core segments of Cisco Security: ScanSafe, Intrusion Prevention System (IPS), Remote Management Services (RMS), and IronPort. The report is published quarterly in the hopes that it will inspire and motivate you to perform your own in-house analysis on an ongoing basis. Contributors to the Cisco 4Q11 Global Threat Report include Vicki Byrd Gregg Conklin Mary Landesman Armin Pelkmann Shiva Persaud 2 All contents are Copyright 212 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Cisco 4Q11 Global Threat Report Cisco ScanSafe: Web Malware Events Enterprise users experienced an average of 339 Web malware encounters per month in 4Q11, a 25 percent increase compared to 4Q1. An overall average of 362 Web malware encounters per month occurred throughout 211, compared to a monthly average of 135 in 21. The highest rate of encounters occurred during September and October 211 at 698 and 697 on average per enterprise, respectively. An average of 2,141 unique Web malware hosts were encountered per month in 211, compared to a monthly average of 14,217 in 21. Despite the marked increase in average Web malware encounters in September and October 211, the rate of unique hosts remained steady for those months. Figure 1 Average Web Encounters per Enterprise, 21 211 Figure 2 Unique Web Malware Hosts, 21 211 8 7 6 5 4 3 2 1 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec 3 25 2 15 1 5 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec 21 211 21 211 Figure 3 Unique Web Malware, 211 6, 5, 4, 3, 2, 1, Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec The rate of unique Web malware (as determined by unique MD5 hash recorded) was considerably varied from month to month over the course of 211. The highest volume of unique Web malware (491,75) occurred in November 211. This sharp increase in November was immediately followed by an even sharper decrease in December 211, in which only 49,239 unique Web malware were recorded for the month. During 4Q11, 33 percent of Web malware encountered was blocked by ScanSafe Outbreak Intelligence. These zero-day malware blocks indicate malware not detectable by traditional signature-based methodologies at the time of encounter. The highest rate of zero-day malware blocks for the quarter occurred in November 211, during which 47 percent of Web malware was blocked by Outbreak Intelligence. All contents are Copyright 212 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. 3

At 422 percent, companies in the Pharmaceutical & Chemical sector had the highest overall Web malware encounter risk, followed closely by Agriculture & Mining at 343 percent and companies in the Energy & Oil sector at 333 percent. Throughout each quarter of 211, companies in the Pharmaceutical & Chemical sector continually experienced the highest median Web malware encounter rate compared to companies in other sectors. To determine the risk rating for each vertical, a median encounter rate for all enterprises across all sectors is calculated. The median encounter rate for enterprises in each individual sector is then calculated. These median rates are then compared to determine whether a particular sector is at heightened or lowered risk of Web malware encounters. Figure 4 Web Malware Encounter Risk by Sector, 4Q11 Pharmaceutical & Chemical Agriculture & Mining Energy, Oil, & Gas Insurance Food & Beverage Real Estate & Land Mgmt Retail & Wholesale HVAC, Plumbing, Utilities Transportation & Shipping Manufacturing Engineering & Construction Education Media & Publishing IT & Telecommunications Healthcare Legal Aviation & Automotive Professional Services Government Charities & NGO Travel & Entertainment Banking & Finance % 5% 1% 15% 2% 25% 3% 35% 4% 45% Figure 5 Top Three Highest Risk Sectors, 211 16% 14% 12% 1% 8% 6% 4% 2% % Agriculture & Mining Energy, Oil, & Gas Pharmaceutical & Chemical 4 All contents are Copyright 212 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Cisco 4Q11 Global Threat Report Cisco Intrusion Prevention System SQL injection attempts remained at a fairly steady pace throughout 211, with a subtle reduction observed in the fourth quarter. Figure 6 illustrates the average SQL injection signature firing events by reporting sensor during 4Q11. Figure 6 SQLi Events by Average Sensor Volume, 4Q11 Source: Cisco IPS 3 25 2 15 1 5 1/1/211 1/3/211 1/5/211 1/7/211 1/9/211 1/11/211 1/13/211 1/15/211 1/17/211 1/19/211 1/21/211 1/23/211 1/25/211 1/27/211 1/29/211 1/31/211 11/2/211 11/4/211 11/6/211 11/8/211 11/1/211 11/12/211 11/14/211 11/16/211 11/18/211 11/2/211 11/22/211 11/24/211 11/26/211 11/28/211 11/3/211 12/2/211 12/4/211 12/6/211 12/8/211 12/1/211 12/12/211 12/14/211 12/16/211 12/18/211 12/2/211 12/22/211 12/24/211 12/26/211 12/28/211 12/3/211 Denial-of-service (DoS) attacks also had a steady presence throughout 4Q11, but with a converse slight increase occurring as the quarter progressed. While once largely prank related, DoS attacks are increasingly politically and financially motivated. Figure 7 DoS Events by Average Sensor Volume, 4Q11 Source: Cisco IPS 2 18 16 14 12 1 8 6 4 2 1/1/211 1/3/211 1/5/211 1/7/211 1/9/211 1/11/211 1/13/211 1/15/211 1/17/211 1/19/211 1/21/211 1/23/211 1/25/211 1/27/211 1/29/211 1/31/211 11/2/211 11/4/211 11/6/211 11/8/211 11/1/211 11/12/211 11/14/211 11/16/211 11/18/211 11/2/211 11/22/211 11/24/211 11/26/211 11/28/211 11/3/211 12/2/211 12/4/211 12/6/211 12/8/211 12/1/211 12/12/211 12/14/211 12/16/211 12/18/211 12/2/211 12/22/211 12/24/211 12/26/211 12/28/211 12/3/211 All contents are Copyright 212 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. 5

Cisco IronPort: Global Spam Trends The 211 takedown of segments of Rustock, combined with multiple spam botnet takedowns in 21, continues to have a positive impact on overall spam volume. Figure 8 reflects global spam volume as reported through Cisco SenderBase Network participants. Figure 8 Global Spam Volume, 211 Source: Cisco IronPort (SBNP/ESA) 1,4,, 1,2,, 1,,, 8,, 6,, 4,, 2,, 1/3/211 1/1/211 1/17/211 1/24/211 1/31/211 2/7/211 2/14/211 2/21/211 2/28/211 3/7/211 3/14/211 3/21/211 3/28/211 4/4/211 4/11/211 4/18/211 4/25/211 5/2/211 5/9/211 5/16/211 5/23/211 5/3/211 6/6/211 6/13/211 6/2/211 6/27/211 7/4/211 7/11/211 7/18/211 7/25/211 8/1/211 8/8/211 8/15/211 8/22/211 8/29/211 9/5/211 9/12/211 9/19/211 9/26/211 1/3/211 1/1/211 1/17/211 1/24/211 1/31/211 11/7/211 11/14/211 11/21/211 11/28/211 12/5/211 12/12/211 12/19/211 12/26/211 6 All contents are Copyright 212 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

Cisco 4Q11 Global Threat Report About the Contributors Cisco ScanSafe Cisco ScanSafe provides Web security in the cloud, offering both Web request and content security. http://www.scansafe.com Cisco Intrusion Prevention System The Cisco Intrusion Prevention System provides threat control by inspecting traffic as it traverses the network and providing information or taking action to prevent unwanted activity. http://www.cisco.com/en/us/products/ps5729/products_sub_category_home.html Cisco Remote Management Services Cisco Remote Management Services help organizations manage, monitor, and protect their networks using industry best practices. http://www.cisco.com/en/us/products/ps6192/serv_category_home.html Cisco IronPort Cisco IronPort provides e-mail and Web security, either in the cloud or through appliances. http://www.cisco.com/web/about/ac49/ac/ac1/ac259/ironport.html

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information