2013 Threat Report: More Than Scary Stats and Chilling Charts
13 Feb 2013 08:30 AM
The 2013 Threat Report from the Websense® Security Labs™ is now available.
The report details mobile, social, email and web-based threats, and while it is full of ominous data points, it is a very interesting read. The report is designed to help security professionals keep current with threat trends and improve the effectiveness of existing security solutions. It can also be used to identify and prioritize security gaps that may require new approaches and more innovative strategies.
Creating the report began with the Websense ThreatSeeker® Network,
composed of big data clusters used by the WSL to collect and manage up
to 5 billion inputs each day from 900 million global endpoints. Malware
samples, mobile applications, email content, web links and other
information were then passed through deep analysis processes including Websense ACE (Advanced Classification Engine), which applied over 10,000 different analytics.
Here is a sampling of key findings from this year's report:
- Web Security. The web became significantly more malicious in 2012, both as an attack vector and as the primary support element of attacks originating through social media, mobile devices, and email. Researchers measured an alarming 600 percent increase in the use of malicious web links through all vectors.
- The Social Web. Malicious content was hidden within social media behind shortened web links 32 percent of the time. Social media attacks took advantage of the confusion of new features, changing services and unsophisticated users.
- Mobile Security. A study of last year's malicious apps revealed how they often abuse permissions; especially in the use of SMS communications, something very few legitimate apps do. Risks also increased as mobile devices were used for social media and web surfing more often than actually making a phone call.
- Email Security. Only 1 in 5 emails sent were legitimate, as spam increased to 76 percent of email traffic, and 92% of spam included links to potentially malicious content. Phishing threats delivered via email also grew.
- Malware Behavior. Forensic analysis identified that registry modification behavior in malware has declined to 7.7%. Once a key indicator of malicious behavior, malware has now become increasingly Internet-connected. Half of all malware that used the Internet for communications and downloaded additional malicious executables to extend their attack capabilities in the first 60 seconds.
- Data Theft. Key changes in data theft targets and methods took place last year. Reports of intellectual property (IP) theft increased, and theft of credit card numbers and other Personally Identifiable Information (PII) continued to grow. Hacking, malware and other cyber-threats continued to be common methods of attack. However, some of the largest thefts involved physical penetration of security as well, often by willful employees.
Because today's attacks occur in multiple stages through numerous vectors, the report includes an appendix on The Seven Stages of Advanced Threats. This methodology for analyzing and classifying cyber-attacks provides a useful framework for organizations to assess their current defenses against their security profile, identify weaknesses and develop a more comprehensive strategy for withstanding next-generation attacks. A summary of the Websense 2013 Security Predictions report is also included for planning purposes.
Click for a video introduction or download a copy of the 2013 Threat Report.
Filed under: Compromise, Facebook, Malware, Social Networks, Malicious emails, Research, Spam, Phishing, 0-day, Mass Injection, Data loss, Web Research, ThreatSeeker, Spear Phishing, Threat Report
16 Jul 2012 06:23 PM
Here in Websense's own backyard, the 2012 San Diego Comic-Con has just folded up its superhero cape after four days of workshops, film screenings, panel discussions, and collectible exhibits. Beginning in 1970 with a one-day event and 145 attendees, Comic-Con now caps attendance at about 130,000 and brings in about $162.8 million to our local economy.
Judging by some of the costumed attendees we spotted downtown over the weekend (at least we hope that's what they were), zombies are an increasingly popular theme. As we observed the undead shuffling around near the Convention Center in search of human brains, we couldn't help but reflect on some obvious parallels between the zombie apocalypse and the security threats we face down every day here at Websense.
Night of the Living Bots! Compromised hosts as digital zombies!
Think about it:
- Zombies eat brains; in the security world, “brains” are confidential/proprietary data, customer data, and secrets.
- Zombies take over their hosts, so do bot networks.
- Zombies attack in hordes, just like huge scale SPAM and DoS attacks.
Coincidence? We think not.
Fortunately, the world has been dealing with the zombie threat long enough to have established some Best Practices from the movie "Zombieland" to help survive an attack. These also have parallels in the security arena.
- Rule No. 1: Cardio. "Zombies lead a very active lifestyle. So should you." The fitter you are, the better your chances of outrunning the undead. Websense pumps it up with up-to-the-millisecond proactive classification in real-time, keeping you a step ahead of security threats--always the safest place to be.
- Rule No. 2: The Double Tap. "Just because the zombie is down is no reason not to finish it off." The Websense double tap is to classify and block both outbound malicious traffic and outbound proprietary data. Threats are down and OUT.
- Rule No. 3: Beware of Bathrooms. "Zombies smell when you are at your most vulnerable." Websense classifies and blocks cesspool websites based on poor web reputations, keeping you, your systems and your data clean and minty fresh.
- Rule No. 4: Avoid Strip Clubs. "Hang out in sleazy places, and bad things are likely to happen." Websense goes there so you don't have to, hanging out where malware does in order to classify objectionable content before it finds you.
- Rule No. 5: The Buddy System. "Why don’t zombies attack each other? Possibly a herd instinct keeps them safe and you should do the same." The ThreatSeeker network has your back.
Beyond the established and internationally-recognized canon of zombie fighting rules, we've added a few new wrinkles. Bona fide professional zombie hunters Columbus, Tallahassee, Wichita, and Little Rock are available through Websense CSI to help you determine if you are under a zombie attack, and more important, to help you fight back and survive. ThreatScope, our very own version of Pacific Playland, lures the zombies out to play and reveals their true flesh-eating colors. Check out a sample report that helped avert a zombie apocalypse!
Another essential rule is "Get a ...gnarly... partner," and nobody fills that bill better than Websense.