WHERE THE VULNERABILITIES LIE1

CYBERCRIMINALSHOW THEY WORK2

Network

End Points

Mobile Devices

VirtualEnvironments

Cybercriminals are becoming more advanced, creative and strategic.

POLICIES, PLATFORMS, CONTROLS3

High infection strategies to take control of web servers, name servers and data centres

Compromised Hosting Server

Compromised Website

Compromised Website

Compromised WebsiteCompromised

Website

JAVAis the #1 vulnerability to access a system,through the use of:

Mobile malware

Brute force logins

Multi-purpose trojans

iframes and exploits

Ransomware

Dowloader and dropper

Worms and virus

3rd party vendors

Distributed denial-of-service (DDos) attacks

Bitsquatting

91%

Survey

Write

Test

Execute

Accomplish the mission

Obtain a full picture of an environment: network, endpoint, mobile, and virtual, including the technologiesdeployed to secure the environment.

Create targeted, context-aware malware.

Ensure the malware works as intended, speci�cally so it can evade security tools in place.

Navigate through the extended network—being environmentally aware, evading detection, and moving laterally until reaching the target.

Gather data, create disruption, or cause destruction.

THIS IS ACCOMPLISHED THROUGH

INNOVATORS

RESELLERS

USERS

the people creating the software and

techniques

people setting up online stores to resell

data, technologies and software

becoming Crimeware as a Service

It is a huge, pro�table business with many cybercriminals adopting a professional business model.$

$

$

$

$

$

$

BEFORE To defend your network, organisations must be aware of what is on it:

DURING Organisations must address a broad range of attack vectors with solutions that operate everwhere

AFTER Many attacks wil be successful. You need a formal plan to bring operations back to normal as quickly as possible

Devices Operating Systems Services Applications Users

Additionally they must

Implement acccess controls Enforce security policies Block access to critical access

Network End Points Mobile Devices VirtualEnvironments

Read the full Cisco 2014 Annual Security Report herei

ANNUAL SECURITY REPORTCISCO 2014

@CiscoSecurity

SECURITY alerts reached their peak in October 2013 since records began, with malicious tra�c now being detected on 100% of business and corporate networks100%

Charting the new security frontier for 2014

Cybercriminals are launching new threats faster than security professionals can address them.

Adam Philpott, Director EMEAR Cybersecurity at Cisco, o�ers insight into you how to stay one step ahead.

Read More

Malware matters – why ignorance is not bliss

Read More

Cisco Security: Stop the breach

Watch Now