Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Researchers Predict Advanced, Blended Threats Focused Business and Infrastructure in 2011

Researchers Predict Advanced, Blended Threats, Laser-Focused on Attacking Business and Infrastructure

Web security researchers say that recent evidence and metrics suggest that cybercriminals and their blended attacks are having a field day taking advantage of security gaps left open by legacy technologies like firewalls, antivirus, and simple URL blockers.

Researchers Predict Advanced, Blended Threats, Laser-Focused on Attacking Business and Infrastructure

Web security researchers say that recent evidence and metrics suggest that cybercriminals and their blended attacks are having a field day taking advantage of security gaps left open by legacy technologies like firewalls, antivirus, and simple URL blockers.

The researchers are also saying that the latest tactics have moved to a political — and nationalistic – stage, and that 2011 will bring blended threats and data loss over the Web that demonstrate the potential for targeted cyberterrorism attacks.

Cyber Threats

These conclusions come from the Websense 2010 Threat Report, and are based on the analysis of Websense Security Labs researchers, who rely on the ThreatSeeker Network, which every hour scans more than 40 million websites for malicious code and nearly 10 million emails for unwanted content and malicious code.

The report emphasizes that in today’s threat landscape, legacy defenses simply don’t work. We all have antivirus, firewalls and proxies installed, but that isn’t enough. Threats are no longer binary files delivered in attachments, they are script-based attacks and they are embedded in rich media like Flash. And many spread rapidly on the social Web. Reputation filters provide zero security for threats delivered via top “legitimate” websites like Google, Facebook, and YouTube, where 80 percent of Web traffic goes.

Cybercriminals know that legacy technology simply looks for known information (signatures) or reputation of previously identified threats, which is why they are so successful at exploiting existing defenses. Most of today’s blended attacks are considered “zero-day,” in that they have not been previously identified. They are ever-evolving and pre-tested by cybercriminals on common anti-virus products before they are released. These threats sail through firewalls and open channels. Cybercriminals and business leaders have quickly come to realize that data is the newest form of global currency. 

“Email brings the problem to your doorstep and 75% of the time AV will let it in for dinner. This is why more advanced security analytics are required than just signatures,” said Jon Crotty, Websense Research Marketing Manager.

“The continued rise of organized cybercriminal gangs and the emergence of targeted advanced malware threats are the most concerning trend we’ve seen,” said Dan Hubbard, chief technology officer, Websense. “Security needs to move ahead of the attackers and focus on contextual classification in order to thwart them. Simple binary access controls and castle and moat security will not solve the complex attacks we see today.”

Advertisement. Scroll to continue reading.

Modern blended threats such as Aurora, Stuxnet, and Zeus infiltrate organizations through a variety of coordinated tactics, usually a combination of two or more. Phishing, compromised websites, and social networking are carefully coordinated to steal confidential data, because in the world of cybercrime, content equals cash.

In 2010, cybercriminals adapted their strategies to address the social websites and sites with dynamic user-generated content. Attacks are now more blended, sophisticated, and targeted. Many of these attacks use new tricks and methods of delivery. Script-based attacks, blended email campaigns, and SEO poisoning were all common in 2010.

Even the most easily detected threats and botnets were successfully repurposed with variations that often allow them to slip through outdated defenses. The majority of attacks in 2010 focused on the same thing: stealing data.

Significant findings from the Websense 2010 Threat Report affirm that while broad threats continue, focused, targeted attacks are on the rise.

Key Findings include:

• 111.4 percent increase in the number of malicious websites from 2009 to 2010

• 79.9 percent of websites with malicious code were legitimate sites that have been compromised

• 52 percent of data-stealing attacks were conducted over the Web

• 34 percent of malicious Web/HTTP attacks included data-stealing code

• 89.9 percent of all unwanted emails in circulation during this period contained links to spam sites and/or malicious websites

• 23 percent of real-time search results on entertainment lead to a malicious link

• 40 percent of all Facebook status updates have links and 10 percent of those links are either spam or malicious

“Whether it is your company’s sensitive financial information, your social networking, or online banking credentials, that content has tremendous value,” said Devin Redmond, vice president of Business Development, Product Management and Marketing, Websense.

The report concludes that data loss prevention solutions are no longer a “nice to have” option but should be considered a core requirement, and real world examples of situations like WikiLeaks highlight this.

Real-time social networking sites will continue to dominate the landscape, the report says. Hackers will continue to mix social engineering tricks with modern blended threats making the Web more complicated than ever before. The continued consumerization of mobile devices such as iPhones and Android devices and the increasing amounts of financial data that touch these devices make them ripe future targets. The report also warns that mobile applications will open the door for unintended security vulnerabilities.

The report, along with videos and additional materials can be viewed online (registration required) at:  http://www.websense.com/2010threatreport

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.