C‭isco, in its midyear security report, notes that although vulnerability and threat activity has been off to a slower start security keythis year compared to 2008, we should expect spam volumes to rise to record levels. Cisco says that Memorial Day on May 25, 2009 was the third-highest volume day ever recorded for spam. The report also suggests that criminals are expected to maintain their aggressive targeting of legitimate websites to create botnets through the propagation of malware.

Cisco also warns that until social networking sites use “more robust protection”, cyber criminals will continue to target popular online communities to lure unsuspecting users to click to fraudulent sites or to download malware.

But it’s not all gloom and doom. Cisco says this year was a turning point in the ongoing battle against cybercrime as the security community and industry collaborated to fight the Conficker worm. Cisco praised the work of the Conficker Working Group.  At the Conficker Working Group website, you can check to see if you are infected with the Conficker worm, and access other resources.

Cisco recommends the following actions to ensure network security:

  • Be proactive. Don’t wait to patch your systems.
  • Understand the anatomy of an attack and use multiple types of security products and techniques that work well together to prevent the threat from moving to the next phase.
  • Train end users to be security-aware. Ensure they understand the risks of using Web 2.0 collaborative tools, applications and mobile devices that you may not support.
  • Know that older and unpatched machines could be compromised by hackers.
  • Beware of the risk of insider attacks.
  • Create policies that include antimalware, acceptable use policies, and data loss prevention.

Cisco NetFlow can be used to monitor your networks for malicious behavior. Here are a couple of interesting ways that NetFlow can be used for network traffic monitoring of suspect activities:

The Null Scan – You’re being watched
How using Cisco NetFlow with a behavior analysis tool can help identify Null scans, a type of TCP scan that hackers use to identify listening TCP ports.

How to detect spambots with Scrutinizer NetFlow Analyzer
How one company used Scrutinizer NetFlow to discover an authorized host sending mail through the corporate network.

Read Cisco 2009 Midyear Security Report here.

Jake Bergeron author pic


Jake Bergeron is currently one of Plixer's Sr. Solutions Engineers - He is currently responsible for providing customers with onsite training and configurations to make sure that Scrutinizer is setup to their need. Previously he was responsible for teaching Plixer's Advanced NetFlow Training / Malware Response Training. When he's not learning more about NetFlow and Malware detection he also enjoys Fishing and Hiking.


Leave a Reply