For example, according to the report which was released this week, some recent cyberattacks are using dated exploits of vulnerabilities that were discovered in 2006. Though only a small number of unpatched PCs may exist in an enterprise, criminals can still find and break into them.
“If you have even 0.1 percent of your PCs that are not being patched, there are criminals who are working very hard to break into them,” Patrick Peterson, Cisco fellow and chief security researcher, told SCMagazineUS.com. “If someone misses an update, they are likely to get owned.”
In addition, criminals also demonstrate increasingly strong business acumen. They collaborate, prey on peoples' fears and interests, and make use of legitimate internet tools such as software-as-a-service, according to the report.
“These guys are collaborating and finding complementary ways to partner,” said Marie Hattar, vice president of network systems and security solutions marketing, in a blog post. “Not only that, they're also getting smart about search-engine optimisation techniques.”
Botmasters increasingly rent networks of compromised computers, form alliances, or just exploit each other, according to the report. And many botmasters borrow the best practices and strategies of the real business world.
“Criminals have been working on their cyber MBAs,” Peterson said. “They seem to have been going though the same kinds of training you would see at the Harvard Business School. They're restructuring and reorganising their businesses to be more efficient, more dangerous and more profitable.”
Other findings in the report include: Web 2.0 applications, prized for their ease of use and flexibility, have become lures for criminals; criminals target people who use online banking with well-designed, localised text message scams — and leave virtually no trail; and there is an increasing use of “spamdexing,” or packing a website with topical keywords or search terms. That way, users searching for a specific search term may click on the malicious links, which have risen above the legitimate results.
“With criminals being so quick to identify weaknesses both in online networks and in consumers' psyches, businesses need to adopt ever more advanced ways to fight cybercrime and remain vigilant across all attack vectors," Peterson said in a statement.
See original article on scmagazineus.com
Cybercriminals modernise, but stick to vintage exploits
Cybercriminals are combining older exploits with modern business management techniques to make money, according to a new Cisco security report released this week.
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
.png&h=140&w=231&c=1&s=0)
Partner Content
Machine identity a key priority for organisations’ security strategies: CyberArk
.png&h=140&w=231&c=1&s=0)
Partner Content
Elastic's Open Source Strategy Drives Innovation and Expansion
Partner Content
What Embracing the AI Platform Shift Really Means
Partner Content
Australian organisations must act on security – or risk AI ambitions falling flat
Sponsored Whitepapers
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
