Understanding network traffic: insights from the Cisco Cyber Threat Trends Report.
In today's rapidly evolving cyber threat landscape, staying ahead of potential security breaches is a relentless challenge. As tactics and techniques of malicious actors evolve, so should the strategies employed by security practitioners. At Unifi, a proud Cisco partner, we leverage Cisco’s comprehensive security insights to offer top-tier managed services. In this blog, we’ll delve into the findings from the latest Cisco Cyber Threat Trends Report and explore how these insights can help protect your network.
The importance of monitoring DNS activity.
A significant portion of malicious activity relies on an internet connection to function effectively. Whether it’s a backdoor communicating with a remote system or ransomware needing to activate encryption commands, DNS activity often reveals the footprints of these threats. Cisco’s extensive DNS-layer security, particularly through Cisco Umbrella and Cisco Secure Access, allows for unparalleled monitoring and blocking of malicious domains—over one million every hour.
Analysing malicious DNS data.
To uncover trends in the threat landscape, Cisco analysed an immense volume of DNS data, focusing on the period from August 2023 to March 2024. The report categorises threats into distinct types based on their techniques, offering a clear view of how these threats evolve over time. Here, we’ll highlight some key findings from the report.
Information stealers.
Leading the activity charts were information stealers, which showed consistent high activity due to their role in exfiltrating vast amounts of data. These threats generate substantial DNS traffic as they siphon off sensitive information. Interestingly, a pattern emerged where three months of high activity were often followed by a drop, possibly indicating periods where attackers paused to process the stolen data.
Trojans.
Trojans disguise themselves as legitimate software to deceive users. Once installed, they can steal data, provide backdoor access, and perform various other malicious activities. On average, Trojan activity involved 175 million monthly blocks, making it the second most common cyber threat. The highest activity was observed in August and September 2023, followed by a decline. This decline often coincides with increases in ransomware activity, suggesting a strategic shift by attackers. A notable example of a sophisticated Trojan is Qakbot, known for stealing banking credentials and spreading across networks through vulnerabilities and brute force attacks.
Ransomeware.
Ransomware encrypts victims’ data, demanding a ransom for decryption. It often threatens permanent data loss or exposure if the ransom is not paid. On average, ransomware threats involved 154 million monthly blocks. A significant spike in ransomware activity occurred in January, maintaining high levels thereafter. This trend closely mirrors dropper activity, suggesting a correlation between the two. LockBit, a major ransomware variant, accounted for a substantial portion of ransomware incidents. Despite law enforcement disruptions, LockBit quickly resumed operations, highlighting its resilience and adaptability.
Enhancing network security.
Given the reliance on internet connectivity for these threats, monitoring and controlling DNS queries becomes crucial. Here are some strategies to bolster your network’s defences:
- Leveraging DNS security: Utilising tools like Cisco Umbrella helps identify and block malicious traffic at the DNS level, often before it can reach end-user devices.
- Protecting endpoints: Ensuring robust security measures at endpoints can prevent threats from gaining a foothold.
- Implementing a comprehensive defense strategy: A layered security approach, combining DNS security with other measures such as secure web gateways and zero trust network access, provides a stronger defence against evolving threats.
Cisco’s unique advantage point—resolving an average of 715 billion daily DNS requests—allows it to detect and block more threats than most other security vendors. With over 30,000 customers trusting Cisco for DNS-layer security, their tools are essential for organisations navigating hybrid work environments, cloud transformations, and distributed networks.
Staying ahead of cyber threats requires continuous vigilance and adaptation. By understanding the latest trends and employing robust security measures, organisations can significantly reduce their risk. At Unifi, we are committed to providing cutting-edge Cisco services as managed services, ensuring your network remains secure against ever-evolving threats.
For more detailed insights, be sure to check out the full Cisco Cyber Threat Trends Report.