For the majority of 2020, in the face of a global pandemic, the entire world grappled with massive change — in how we lived, how we worked, how we connected. But one area that’s always been dynamic and rapidly evolving is the cyberthreat landscape.
Here at Cisco, we saw first-hand how common place threats quickly evolved into complex, multi-stage attacks that use tried and-true malware methodology paired with innovative new tactics to cover their tracks. In the face of these new threats, InfoSec teams have been feeling increasingly overwhelmed. The right information, however, can prepare you for what’s out there.
Leveraging data from Cisco Talos, one of the largest commercial threat intelligence teams in the world, Cisco Umbrella protects against more than 7 million malicious domains and IPs – while discovering over 60,000 new malicious destinations every day.
When it comes to security, deciding where to dedicate resources is vital. To do so, it’s important to know what security issues are most likely to crop up within your organization and their potential impact. The challenge is that the most active threats change over time, as the prevalence of different attacks ebb and flow. Reading up on these trends can inform you as to what types of attacks are currently active. That way you’ll be better positioned to determine where to dedicate resources.
Our Threat Trends blog series takes a look at the activity that we see in the threat landscape and reports on those trends. After examining topics such as the MITRE ATT&CK framework, Lublin’s, and others, this release will look at DNS traffic to malicious sites. This data comes from Cisco Umbrella, our cloud-native security service.
Umbrella combines multiple security functions into one solution, so you can extend protection to devices, remote users, and distributed locations anywhere. Umbrella is the easiest way to effectively protect your users everywhere in minutes. Want to learn more? Check out https://umbrella.cisco.com/ for more details.
Key threat trend highlights
- 70 percent of organizations had users that were served malicious browser ads.
- 51 percent of organizations encountered ransomware-related activity.
- 48 percent found information-stealing malware activity.
So, where did the data come from?
We believe it’s better to predict and prevent cyberattacks than to respond and remediate after they strike. Stop it before it happens! Doing this means we need data.
Every day, Cisco Umbrella’s 33+ data centers process more than 620 billion internet requests from across 190 countries. This real time DNS data is further enriched with data from both private feeds and a handful of public ones. With such a massive and diverse data set, our threat analysis can uncover patterns that signal malicious behavior.
This analysis is based on an aggregated data set of overall percentages and month-on-month trends, by the number of endpoints that have attempted to visit certain websites flagged as malicious and the total number of times malicious sites were visited. Together, they give us a unique perspective on global DNS traffic, which helps us identify trends and defend against potential threats.
Leveraging data from Cisco Talos, one of the largest commercial threat intelligence teams in the world, Cisco Umbrella protects against more than 7 million malicious domains and IPs – while discovering over 60,000 new malicious destinations (domains, IPs, and URLs) every day. Each piece of attack infrastructure is an opportunity to identify and neutralize threat architecture before it can be used for new attacks.
Interested in learning more about these new threat trends? Check out Part 1 of our threat blog series – Threat Trends: DNS Security.