IBM 2015 Cyber Security Intelligence Index 2014, eventful year Major vulnerabilities were found lurking in well- known applications, many of which had been dormant for more than 10 years IT departments often found themselves unprepared to patch and mitigate these threats, leaving the window for exploitation wide open and leading to a “perfect storm” of zero-day attacks, system infiltration and subsequent data loss for many organizations.

Security Event An event on a system or network detected by a security device or application. Security attack A security event that has been identified by correlation and analytics tools as malicious activity that is attempting to collect, disrupt, deny, degrade or destroy information system resources or the information itself. Security incident An attack or security event that has been reviewed by security analysts and deemed worthy of deeper investigation. IBM

Akamai State of the Internet Report DDOS attacks more than double what was reported last year (same quarter) Last year the attacks were high bandwidth, short duration This year less powerful but longer duration

Compared to Q2 2014 132.43% increase in total DDOS attacks 122.22% increase in application layer (Layer 7) DDOS attacks 133.66% increase in infraestructure layer (Layer 3 & 4) DDOS attacks 18.99% increase in the average attack duration 20.64 vs 17.35 hours 11.47% decrease in the average peak volume 100% increase in attacks > 100 Gbps

Cisco 2015 Security Annual Report The Cisco 2015 Annual Security Report, which presents the research, insights, and perspectives provided by Cisco® Security Research and other security experts within Cisco, explores the ongoing race between attackers and defenders, and how users are becoming ever-weaker links in the security chain.

Key discoveries Attackers have become more proficient at taking advantage of gaps in security to hide and conceal malicious activity. ► In 2014, 1 percent of high-urgency common vulnerabilities and exposure (CVE) alerts were actively exploited. This means organizations must prioritize and patch that 1 percent of all vulnerabilities quickly. But even with leading security technology, excellence in process is required to address vulnerabilities. ► Since the Blackhole exploit kit was sidelined in 2013, no other exploit kit has been able to achieve similar heights of success. However, the top spot may not be as coveted by exploit kit authors as it once was. ► Java exploits have decreased by 34 percent, as Java security improves and adversaries move to embrace new attack vectors. ► Flash malware can now interact with JavaScript to help conceal malicious activity, making it much harder to detect and analyze. ► Spam volume increased 250 percent from January 2014 to November 2014. ► Snowshoe spam, which involves sending low volumes of spam from a large set of IP addresses to avoid detection, is an emerging threat.

Key discoveries Users and IT teams have become unwitting parts of the security problem. ► Online criminals rely on users to install malware or help exploit security gaps. ► Users’ careless behavior when using the Internet, combined with targeted campaigns by adversaries, places many industry verticals at higher risk of web malware exposure. In 2014, the pharmaceutical and chemical industry emerged as the number-one highest-risk vertical for web malware exposure, according to Cisco Security Research. ► Malware creators are using web browser add-ons as a medium for distributing malware and unwanted applications. This approach to malware distribution is proving successful for malicious actors because many users inherently trust add-ons or simply view them as benign.

IT security Risk Survey 2014 3,900 respondents from 27 countries Companies of all sizes

Key figures

In 2014 number one external threat was spam, in 2013 was malware attacks Respondents reporting at least one targeted attack rose to 12% from 9% in 2013

Internal Threads

Data Loss, Internal incidents

Executive Summary

Attackers are moving faster, defenses are not Within four hours of the Heartbleed vulnerability becoming public, Symantec saw a surge of attackers exploiting it. Reaction time has not decreased at an equivalent pace In 2014, it took 204 days, 22 days and 53 days, for vendors to provide patch for the top three most exploited zero-day vulnerabilties The top five zero-days of 2014 were actively used by attackers for a combined 295 days before patches were available

14% less email towards 20% fewer targets Attackers are streamlining and upgrading their techniques, while companies struggle to fight old tactics 8% increase in networks breaches with highly targeted spear-phishing attacks 14% less email towards 20% fewer targets More efficient Watering hole attacks Monitoring site visitors and targeting only the companies they wanted to attack Trojanize software updates for specific organziations 60% of all targeted attacks struck small and medium organizations Companies with fewer resources to invest in security

Cyberattackers Are Leapfrogging Defenses in Ways Companies Lack Insight to Anticipate Deploying legitimate software onto compromised computers to continue attacks Using commonly available crimeware to disguise themselves Building custom attacks software inside the victim's network, on the victim's own servers Using stolen email accounts from one corporate victims to spear-phish another corporate victim Hiding inside software vendors updates

Malware used in mass attacks increases and adapts Non-targeted attacks still make up the majority of malware 26% increase More de 317 millions new pieces of malware Almost 1 milllion a day 28% of all malware was “virtual machine aware” Virtual environments do not privide any level of protection

Digital extortion on the rise 45 times more people had their device held hostage Ransomware attacks grew 113% 4000% increase in crypto-ransomware attacks $300-$500. With no guarantee their files will be freed In 2014 crypto-ransomware was seen 45 times more frequently then in 2013

Cybercriminals are leveraging social networks and apps to do their dirty work Email remains a significant vector But there is a clear movement toward social media platforms 70% of social media scams were manually shared People are more likely to click something posted by a friend 17% of all android apps (nearly 1 million) were actually malware in disguise 36% of all mobile apps were grayware. Noit malicious in nature but do annoying things like tracking user behavior

Internet Of Things is not a new problem but an ongoing one Attacks against Point Of Sales, ATMs, and Home routers continued Network connected devices with an embedded operating system Theoretically they are not considered IoT But it is not only PCs at risk Use of smart phones are a point of control 25% of users don't know what they agreed to give access to when downloading an app 68% were willing to trade their privacy for a free app 52% of health apps (many connected to wearable devices) did not have security or a simple privacy policy in place 20% sent personal information, logins and passwords in clear text

Important Facts

DDOS more than doubled from last year

→ Java exploits have decreased by 34 percent, as Java security improves and adversaries move to embrace new attack vectors. → Flash malware can now interact with JavaScript to help conceal malicious activity, making it much harder to detect and analyze. → Spam volume increased 250 percent from January 2014 to November 2014. → Snowshoe spam, which involves sending low volumes of spam from a large set of IP addresses to avoid detection, is an emerging threat. → Online criminals rely on users to install malware or help exploit security gaps.

Spam is external threat No 1 Malware is a close second 12% of companies had run-ins with targeted attacks. Up 3% from last year The protection of confidential data against leakages is now the top priority fr most companies

Within four hours of the Heartbleed vulnerability becoming public, Symantec saw a surge of attackers exploiting it. In 2014, it took 204 days, 22 days and 53 days, for vendors to provide patch for the top three most exploited zero-day vulnerabilties The top five zero-days of 2014 were actively used by attackers for a combined 295 days before patches were available 8% increase in networks breaches with highly targeted spear-phishing attacks 14% less email towards 20% fewer targets Using stolen email accounts from one corporate victims to spear-phish another corporate victim More de 317 millions new pieces of malware Almost 1 milllion a day 45 times more people had their device held hostage Ransomware attacks grew 113% 4000% increase in crypto-ransomware attacks $300-$500. With no guarantee their files will be freed In 2014 crypto-ransomware was seen 45 times more frequently then in 2013

Email remains a significant vector But there is a clear movement toward social media platforms 70% of social media scams were manually shared People are more likely to click something posted by a friend 17% of all android apps (nearly 1 million) were actually malware in disguise 36% of all mobile apps were grayware. Noit malicious in nature but do annoying things like tracking user behavior Use of smart phones are a point of control 25% of users don't know what they agreed to give access to when downloading an app 68% were willing to trade their privacy for a free app 52% of health apps (many connected to wearable devices) did not have security or a simple privacy policy in place 20% sent personal information, logins and passwords in clear text