Cisco: Careless end users driving malware threat

Cisco's latest security report finds that attackers are becoming increasingly sophisticated

Careless end-user behaviour is putting businesses at higher risk of malware exposure, according to the latest report from Cisco.

Cisco's 2015 Annual Security Report, written by the firm's security experts, surveyed security executives at 1,700 companies in the UK and eight other countries including the US, Germany, India and China.

The report found that "careless" end-user behaviour, combined with targeted campaigns by cybercriminals, is leaving the pharmaceutical and chemical industries the most exposed to web malware.

The research also found that spam volume increased 250 per cent from January 2014 to November 2014, and that snowshoe spam – which involves sending low volumes of spam from a large set of IP addresses to avoid detection – is a rising threat.

The report stated that while organisations have become increasingly clued up in their attack-prevention strategy, adversaries are also upping their game.

The report read: "Adversaries are becoming more sophisticated not only in their approaches to launching attacks, but also in evading detection.

"They change their tactics and tools from moment to moment, disappearing from a network before they can be stopped, or quickly choosing a different method to gain entry."

Jason Brvenik, principal engineer at Cisco's Security Business Group, said: "Attackers have become more proficient at taking advantage of security gaps.

"We observed that that 56 per cent of all OpenSSL versions still remain vulnerable to Heartbleed and that major attacks are only leveraging one per cent of high-urgency vulnerabilities at any given time."