Find out how to Monitor Community Site visitors: Findings from the Cisco Cyber Risk Tendencies Report

Find out how to Monitor Community Site visitors: Findings from the Cisco Cyber Risk Tendencies Report
Find out how to Monitor Community Site visitors: Findings from the Cisco Cyber Risk Tendencies Report

The menace panorama is stuffed with transferring targets. Over time, fashionable instruments, techniques, and procedures change. Malicious methods fall out of style, solely to return roaring again months, if not years, later. All of the whereas, safety practitioners monitor community visitors and adapt their defenses to guard their customers and networks. Preserving on high of those tendencies is likely one of the most difficult duties for any safety workforce.

One nice space to search for tendencies is in malicious DNS exercise. As of late nearly all malicious exercise requires an web connection to efficiently perform an assault. For instance, an attacker makes use of a backdoor to hook up with a distant system and ship it directions. Info stealers want a connection to malicious infrastructure to exfiltrate delicate knowledge. Ransomware teams want to have the ability to “flip the change” remotely to encrypt the sufferer’s methods.

In our newest report, Cyber Risk Tendencies Report: From Trojan Takeovers to Ransomware Roulette, we take the extraordinary quantity of malicious domains that Cisco sees and blocks—over 1 million each hour—and look at it for malicious tendencies and patterns. This knowledge involves us because of the DNS-layer safety that’s out there in Cisco Umbrella and  Cisco Secure Access.

Let’s take a more in-depth take a look at how we carried out this analysis, a pair tendencies highlighted within the report, and what you are able to do to raised defend towards these threats.

How the DNS knowledge was analyzed for the report

To create a transparent image from such a big knowledge set, we seemed on the classes Umbrella applies to recognized malicious domains. These Risk Kind classes are practical groupings of threats that use comparable methods of their assaults.

We examined an eight-month timeframe (August 2023–March 2024) and found out the month-to-month common quantity for every Risk Kind class. To look at the tendencies, we then calculated how a lot every month was above or beneath the typical quantity.  This offers us a simplified take a look at how menace exercise modifications over time.

That is the place patterns started to emerge from massive batches of malicious web visitors, and the outcomes are fairly attention-grabbing. For instance, we’ll take a look at the three most energetic menace kind classes discovered on this report.

Info Stealers

The menace class that noticed essentially the most exercise throughout the time-frame was data stealers. This comes as no shock, as it’s a class that features exfiltrating massive batches of paperwork and monitoring audio/video communications will generate a considerable amount of DNS visitors.

DNS activity surrounding Information Stealers

An attention-grabbing development seems right here— three months of above-average exercise, adopted by one month of below-average exercise. We speculate that these drops in exercise could possibly be tied to assault teams processing the info they steal. When confronted with a mountain of paperwork and recordings to sift via, typically it is sensible to take a break to catch up.

Trojans vs Ransomware

Subsequent, let’s evaluate two seemingly disparate classes: Trojans and ransomware. Trojan exercise was highest at first of our timeframe, then declined over time. This exercise doesn’t point out that the usage of Trojans is falling out of favor however quite highlights the ebb-and-flow nature we frequently see within the menace panorama. When Trojan exercise declines, we frequently see different menace varieties rise.

DNS activity surrounding Trojans

In distinction to Trojan exercise, ransomware exercise seems to be trending within the different route. The primary few months of the time-frame noticed beneath common exercise, however then in January it jumped effectively above common and stayed that means.

DNS activity surrounding Ransomware

Why would possibly these two differing menace varieties be trending in reverse instructions? In lots of circumstances menace actors will make the most of Trojans to infiltrate and take over a community, after which as soon as they’ve gained ample management, deploy ransomware.

These are only a couple examples of tendencies from the Cyber Risk Tendencies Report. Within the report we cowl a number of further classes, together with some that comply with comparable patterns to Trojans and ransomware.

Find out how to shield and monitor your personal community visitors

An web connection is a main element of modern-day threats. So why not block that web connection to dam threats? By monitoring and controlling DNS queries, safety practitioners can typically determine and block malicious visitors earlier than it reaches end-users units. Some high-level recommendations, coated in additional element within the report, embrace the next:

  1. Leveraging DNS Safety
  2. Defending Your Endpoints
  3. Implementing a Safety Protection Technique

Cisco has a novel vantage level right here. You possibly can’t shield what you may’t see, and since we resolve a median of 715 billion each day DNS requests, we see extra threats, extra malware, and extra assaults than simply about another safety vendor.

With over 30,000 clients already selecting Cisco as their trusted associate in DNS-layer safety, organizations will be assured that their customers will probably be higher protected via their ongoing hybrid work, cloud transformation, and distributed environments:

  • Cisco Umbrella is a part of the Cisco Safety Service Edge (SSE) product household, powering safe web entry for all Cisco SSE options. Umbrella makes use of DNS to cease threats over all ports and protocols to cease malware earlier and stop callbacks to attackers if contaminated machines connect with our community.Tune in on June 26 to study extra at our Cisco Umbrella Live Demo: Streamline cloud security and embrace an SSE or SASE architecture
  • Cisco Safe Entry is the latest addition to our Safety Service Edge (SSE) product household, offering an prolonged set of safety capabilities, together with safe net gateway (SWG), cloud entry safety dealer (CASB), zero belief community entry (ZTNA), distant browser isolation (RBI), knowledge loss prevention (DLP), cloud malware detection, and extra.Register to attend considered one of our upcoming periods for a Cisco Secure Access Live Demo: A smarter way to secure access to the internet, SaaS, and private apps.

Be taught extra

Obtain the complete report for extra key insights on the present menace panorama:
Cyber Threat Trends Report: From Trojan Takeovers to Ransomware Roulette

Be taught extra concerning the findings from the brand new Cyber Risk Tendencies report the place I’ll share additional insights on this analysis, in our webinar on June 20th, 2024: The Web’s Most Wanted – A Cyber Threat Trend Briefing

June 20th, 2024: The Web’s Most Wanted – A Cyber Threat Trend Briefing


We’d love to listen to what you assume. Ask a Query, Remark Under, and Keep Related with Cisco Safety on social!

Cisco Safety Social Channels



Leave a Reply

Your email address will not be published. Required fields are marked *