Cisco has published its Annual Security Report for 2014. The findings of the report indicate that the threats designed to take advantage of users? trust in systems, applications and personal networks have grown exponentially over the last few years.

According to the report, a worldwide shortage of about a million skilled security professionals is impacting organisations? abilities to monitor and secure networks, while overall vulnerabilities and threats reached their highest levels since 2000. Globally, businesses, IT departments and individuals face multiple challenges regarding the security and privacy of their data. These potential threats emerge from socially engineered theft of passwords and credentials, hide-in-plain-sight infiltrations, and exploitation of the trust required for economic transactions, government services and social interactions.

Cisco states that simple attacks that caused containable damage have given way to organised cybercrime operations that are sophisticated, well-funded, and capable of significant economic and reputational damage to public and private sector victims. Increased complexity of threats and solutions due to rapid growth in intelligent mobile device adoption and cloud computing provide a greater attack surface than ever before. New classes of devices and new infrastructure architectures offer attackers opportunities to exploit unanticipated weaknesses and inadequately defended assets.

The report underlines that cybercriminals have recognised that harnessing the power of Internet infrastructure yields far more benefits than simply gaining access to individual computers or devices. These infrastructure-scale attacks seek to gain access to strategically positioned web hosting servers, name servers and data centers, with the goal of proliferating attacks across legions of individual assets served by these resources. By targeting internet infrastructure, attackers undermine trust in everything connected to or enabled by it.

The findings of the report indicate that overall vulnerabilities and threats reached the highest level since initial tracking began in May 2000. As of October 2013, cumulative annual alert totals increased 14 per cent year-over-year from 2012. The sophistication of the technology and tactics used by online criminals and their nonstop attempts to breach networks and steal data, have outpaced the ability of IT and security professionals to address these threats A large number of organisations do not have the workforce or the systems to continuously monitor extended networks and detect infiltrations, and then apply protections, in a timely and effective manner.

As per the report, one-hundred per cent of a sample of 30 of the world?s largest multinational company networks generated visitor traffic to web sites that host malware. Ninety-six percent of networks reviewed communicated traffic to hijacked servers. Similarly, 92 per cent transmitted traffic to web pages without content, which typically host malicious activity. Distributed Denial of Service (DDoS) attacks, which disrupt traffic to and from targeted websites and can paralyse internet service providers, have increased in both volume and severity. Some DDoS attacks seek to conceal other nefarious activity, such as wire fraud before, during or after a noisy and distracting DDoS campaign.

Further, multipurpose Trojans counted as the most frequently encountered web-delivered malware, at 27 per cent of total encounters in 2013. Malicious scripts, such as exploits and iframes, formed the second most frequently encountered category at 23 per cent. Data theft Trojans such as password stealers and backdoors made up 22 percent of total web malware encounters. The steady decline in unique malware hosts and IP addresses, down 30 per cent between January 2013 and September 2013, suggests that malware is being concentrated in fewer hosts and fewer IP addresses.

Java continues to be the most frequently exploited programming language targeted by online criminals. Data from Sourcefire, now a part of Cisco, shows that Java exploits make up the vast majority (91 per cent) of indicators of compromise.

Ninety-nine per cent of all mobile malware targeted Android devices. At 43.8 per cent, Andr/Qdplugin-A was the most frequently encountered mobile malware, typically via repackaged copies of legitimate apps distributed via non-official marketplaces.  Moreover, specific business sectors, such as the pharmaceutical and chemical industry and the electronics manufacturing industry, have historically had high malware encounter rates. In 2012 and 2013, there was remarkable growth in malware encounters for the agriculture and mining industry, formerly a relatively low-risk sector. Malware encounters also continued to rise in the energy, oil and gas sectors.