Jidaw Systems
(MASTERCOMPUTERS)


Cisco 2009 Midyear Information Security Report

1 Aug 2009 - Cisco's security intelligence team has released Cisco's midyear security report for 2009. The report is based on Cisco's findings and views on threats and trends from beginning till mid 2009. The report presented by Cisco as "An update on global security threats and trends" includes data on new threats, observations and forecasts for information security in the future.

Cisco states that "The Cisco Midyear Security Report presents an overview of Cisco security intelligence, highlighting threat information and trends from the first half of 2009. The report also includes recommendations from Cisco security experts and predictions of how identified trends will evolve".

 

More Sophisticated

According to the report though attacks are becoming "more sophisticated and targeted", collaboration as well as enhanced security policies is not only making it possible for attacks to succeed and spread, but prosecution of attackers is being enabled.

The report states that criminal sophistication and business acumen have increased since the publication of last year's annual security report. Criminal organizations have gone to the extent of innovating new models based on genuine real world business practices. Examples are the creators of botnets—networks of compromised computers that can carry out the bidding of online scammers. So just as you have Software application service providers there are now providers of botnets as a service. It is possible to pay to use a compromised network to carry out illegal activities.

In the words of Tom Gillis, Vice President and General Manager of Cisco Security Products, "We see many signs that criminals are mimicking the practices embraced by successful, legitimate businesses to reap revenue and grow their enterprises. It seems the best practices espoused by Fortune magazine and Harvard Business School have found their way into the online underworld."

 

Causes for Concern

A cause for concern identified in the report certain areas of concern is the Technical Innovation of Online Criminals. The Conficker worm example is used to describe remarkable technical innovation and capabilities of online criminals. "Several million computer systems have been under Conficker's control at some time as of June 2009, which means the worm appears to have created the largest botnet to date". This example exploits traditional vulnerabilities that security experts and users are ignoring. It is a case of criminals using "older tactics in new ways."

Also it's apparent that attackers are monitoring and using security best practices and trends to develop newer and more dangerous weapons. The offensive is mounted through the exploitation of "proper and enhanced security tools and concepts" to beat security experts and protection agencies.

Another cause for concern noted by the report is the Criminal Sophistication and Collaboration. Cooperation and collaboration amongst attackers is at an all time high. Just like in the normal business scenario online criminals combine strengths, share expertise tools and overcome weaknesses together to achieve illegal business objectives. Shutting down this networked, online mafia is notoriously difficult to achieve. The collaboration between the two large botnets, Conficker and Waledac was highlighted in the report.

Collaborations of this nature that are networked and persistent can cause severe damage.
The report expects this trend of illegal collaboration to continue. According to the report, "One security researcher discovered that a major botmaster used an online forum to ask other criminals for help after his own botnet was hacked".

 

Cause for Optimism

However, organizations are also collaborating aggressively to shut down online threats. This is identified as a cause for optimism. Just as online criminals collaborate and refine their strategies the report states that collaboration between organizations to shut down online threats is succeeding. The efforts of the Conficker Working Group to block the Conflicker worm is shown as an excellent example. Other positive examples were highlighted in the report.

Also seen as positive are the efforts of several countries to boost information protection and address the global menace of cybercrime. The Obama administration's decision to appoint a "cybersecurity coordinator" to oversee "a new comprehensive approach to securing America's digital infrastructure" is mentioned. It noted that the United Kingdom and other countries are also currently conducting cybersecurity reviews and evaluations. Cisco provides evidence to show that the greater focus from both government and international law enforcement on combating cybercrime and improving cybersecurity is yielding results. Already in 2009 there have already been some high-profile arrests.

Other report highlights include the fact that Web 2.0 applications, cherished for their ease of use and flexibility, have become attractive to attackers. And criminals are still compromising legitimate websites for the purpose of propagating malware to great effect while online banking customers are being targeted by criminals

Read the Cisco 2009 mid year report for recommendations and predictions of how identified threats will evolve

 

Click this link for learn more about the African Information Security Association (AISA)

Join the African Information Security Online group on Facebook

Join the African Information Security Online Group on LinkedIn

 

AISA Content

 

AISA Content is provided by Jidaw Systems on behalf of The African Information Security Association (AISA)

 

Jidaw Systems Limited (Jidaw) is an information technology solution provider that specializes in IT Consulting, e-business, Content provision, Web Publishing, Computer Networking and Training. Jidaw Systems Limited, developed and runs www.jidaw.com

 

Jidaw Systems Limited is the originator of the IT Entrepreneurship Guide series - Success in IT Business programs and a Foremost Authority on IT Career development. Jidaw Systems is a NASITEA partner.

 

 

IT Career Development.

 

A major focus of Jidaw (Mastercomputers) is the promotion of IT Career Development. Jidaw presents the monthly FREE IT Career Seminars to address career and certification issues for newcomers, career changers and IT professionals.

 

 

The one and only Information Technology Entrepreneur Guide

 

Success in IT Business (SITB) training program is designed to help you start your New IT Business. Now You have an uncommon, hard-to-find opportunity to learn first hand from the real world ideas and experience of IT Entrepreneurs.

 

Prepare Yourself for the no-nonsense Information Technology Entrepreneurship Business program -Success in Information Technology Business (SITB) program. Discover the Reality and Principles required to create your own Profitable and Sustainable IT Business.

 

 

What Do you Have to Say? Post Your Comments about this Content Resource Here.

 

Comments

comments powered by Disqus

 

August 12, 2009

 

Ani Michael of Jos, Plateau State, Nigeria says:

 

 

A good one from Cisco.  Hope other vendors will take note, and AISA too gets involved.

 

 


Girls in ICT Day Events and Activities

Read more

Self Worth, New Year

Read more

Students face the Reality

Read more

Securing Nigeria's Future through ICT: The Role of Youths 2

Read more

Level of OSS deployment and usage in Nigeria

Read more

Girls in ICT Day Events and Activities

Read more

Students face the Reality

Read more

Self Worth, New Year

Read more

DISRUPT THE STATUS QUO!

     
1.

Ideas are not enough. You must be action oriented to improve your future.

 

 
2.

Don't just think but act. You get results not only from thinking but from acting.

 

 
3.

You have ideas. You want to achieve. You want opportunity.

 

 
4.

But what are you still doing in your comfort zone? The comfort zone is a dangerous place.

 

 
5.

"I wanted to", "I was going to" cannot put on a light bulb, not to talk of moving you forward.

 

 
6.

Aren't you tired of hoping and criticizing? Stop defending status quo that locks you down.

 

 
7.

GO on the offensive now with IT Education and Empowerment.

 

 
8.

What is the use of ideas without action?

 

 
9.

Start becoming the achiever you deserve to be.

 

 
10.

MAKE SURE THERE IS NO STANDING ROOM FOR EXCUSES.