Cisco Releases Annual Security Report

Jan 27, 2015

Spammers go low-volume, and 90% of IE browsers are unpatched.

Cisco has released its annual report on the state of IT security. This year’s report details some interesting new developments, such as a trend among spammers to opt for lower volume “snowshoe” attacks, which use more compromised hosts to send fewer spam messages. Spam is increasingly being sent through botnets of compromised home PCs, rather than commandeered high-volume mail servers.
The report states that only 10% of all IE browsers are adequately patched. (Chrome and Firefox fared much better but are still associated with a large number of unpatched browsers.)
The heyday of Java expoits appears to be over, at least for now, with no known zero-day Java expoits appearing last year. Flash and IE were favorite targets, but Cisco also warns about increasing attention to Apache Struts web app framework and Silverlight.
In an interview with the Register, Cisco security expert Anthony Stitt states that one of the lessons of this year’s study is that chief security officers are often “overconfident” about their level of protection.
Stitt also notes that some old problems well known to the community still go unpatched. “Heartbleed is still out there … with something like 56% of SSL instances that we saw hadn’t been patched … 56% of OpenSSL versions are over 4.5 years old.”

Related content

comments powered by Disqus

Issue 266/2023

Buy this issue as a PDF

Digital Issue: Price $12.99
(incl. VAT)

Subscribe to our Linux newsletters