New threats emerging: Cisco report

Cyber security risks increase: Pharmaceutical and chemical industries saw the biggest increase in cyber attacks so far this year, a new report said.


The new mid-year report from Cisco on the state of cyber security also looks at new ways hackers are gaining access to corporate and private computers. Of the 16 multinational corporations surveyed, 90 percent of their computer systems were reaching out to corrupted IP hosts on the Internet, according to the Cisco 2014 Midyear Security Report.

There were 1,633 software vulnerabilities discovered in the first half of the year with 28 of them actively exploited. In addition to the pharmaceutical and chemical industries seeing increases in activity, publishing and media were right behind. Nation-states, as well as criminals, are behind these attacks, although it isn't always clear what their motivation may be. The agriculture industry in the Asia-Pacific region also saw an increase in attacks.

"Mal-vertising" is the new buzzword as hackers use popular advertising exchanges to plant malware on unsuspecting users' computers. Companies such as Google or AdNexus place the ads in slots on popular websites.

The Senate Homeland Security and Governmental Affairs permanent subcommittee on investigations released a report about mal-vertising in May. Just as an advertiser can target a specific demographic, hackers using mal-vertising can do the same. In other information from the report, Java continues to be the software favored by those searching for vulnerabilities with 93 percent of web exploits using it. Just updating Java isn't always possible for companies, some of which base their enterprise applications on the software. Doing so could break their applications.

In this day of automated technology even for the bad guys, there are a host of new toolkits that allow almost anyone with criminal intent to break into computers. Exploit kits are software packages hackers can purchase for as little as $1,500. They are easy to use. All it takes are basic computer skills to create and launch malware. Blackhole was the most popular kit until its creator ended up arrested last fall.

Since that arrest, there has been a decrease in the amount of traffic driven by exploit kits, but other developers are offering new products. New exploit kit creators are competing with each other on price and customer service. They have turned their enterprises into a software as a service model. Users can log into a control panel, see how many computers in which countries now suffer from infection and which applications caused it.

Click here to register to download the Cisco cyber security report.

Gregory Hale is the editor and founder of Industrial Safety and Security Source (, a news and information website covering safety and security issues in the manufacturing automation sector. This content originally appeared on the ISSSource website. Edited by Joy Chang, Digital Project Manager, CFE Media, 

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Controller programming; Safety networks; Enclosure design; Power quality; Safety integrity levels; Increasing process efficiency
Additive manufacturing benefits; HMI and sensor tips; System integrator advice; Innovations from the industry
Robotic safety, collaboration, standards; DCS migration tips; IT/OT convergence; 2017 Control Engineering Salary and Career Survey
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This article collection contains several articles on how automation and controls are helping human-machine interface (HMI) hardware and software advance.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me