Blogs

Many of our colleagues, customers and readers would have now enjoyed their fill of turkey and pumpkin pie for Thanksgiving and are preparing for a second day of festivities with the arrival of Black Friday.  This traditionally, for North American retailers and consumers, marks the start of the holiday shopping season and although it is not observed for many as a national holiday, more and more retailers across the globe are launching Black Friday promotions in order to entice consumers and increase sales.  Additionally, given that Black Friday is typically a physical 'bricks-and-mortar' retail affair, online retailers seek to continue the shopping frenzy with additional offers, promotions and sales with Cyber Monday, a marketing term coined in 2005 by Shop.org.

Of course, retailers and consumers are not alone in their preparations for the shopping period and here at Websense® Security Labs, our ThreatSeeker™ network continues to detect and protect customers from numerous malicious campaigns that look to exploit bargain hunters and shoppers throughout this period.

Malicious campaigns detected and blocked thus far, predominately play upon Black Friday themes to spam-promote scam websites offering loans, fake degrees and such like. We also see scams that entice victims to complete survey scams in order to harvest personal information.

In addition to wearing appropriate clothing and footwear as well as remembering to drink sufficient amounts of water, Websense® Security Labs present our Black Friday / Cyber Monday Survival Guide.

.

The Websense® ThreatSeeker® Network has detected a spam campaign that tries to exploit recipients' interest in the current presidential campaign in the US.  Specifically, we have detected thousands of emails with this kind of content:

As noted recently,  we are seeing an increasing number of spam campaigns with malicious links that lead to BlackHole exploit pages. 

Here at Websense® Security Labs, we often blog about big malicious campaigns and how our products protect our customers from them. But what about smaller campaigns that are no less dangerous? 

Broad campaigns often spoof notifications from well-known businesses, establishments, organizations, and agencies, and are very widespread these days. However, smaller volume campaigns sometimes can be as (or even more) dangerous by bypassing the victim's defenses.

Last week, the Websense ThreatSeeker® Network intercepted one such campaign. This small-volume, malicious campaign targeted businesses with legitimate-looking email that refer to items like purchase orders, quotes, and supply information. All of these email had attachments that install variants of the popular Zeus malware on the victim's computer.

Websense Cloud Email Security quarantined these email as containing a potential virus before most of the malicious attachments were detected by antivirus (AV) engines. ACE, our Advanced Classification Engine, provides the extra layers of protection that help Websense Cloud Email Security protect customers against a wide array of threats.

Spamer are using fake booking.com email addresses to send hotel reservation confirmation to spread malwares and Websense  ThreatScope Analysis detected all the specific behavior of the malwares from the attachment of emails:

Recently, I was speaking with a CSO of a major corporation and the topic of how much money is made with cybercrime came up. Now, many of us talk about the proliferation of easily monetizable cybercrime, but because it is an invisible enemy, some people have trouble understanding the threat. I wanted to quickly share with you a great article that should be required reading for everyone in IT security:http://www.wired.com/magazine/2011/01/ff_hackerville_romania/all/1

InfoSecurity Magazine recently published an article on the discovery of SEO poisoning on a web domain owned by the United Nations. The source of the discovery? Websense®Security Researcher Amon Sanniez. Sanniez blogged about the black hat SEO attack on May 27 – he highlighted that the sub-domain under attack was the Sustainable Energy Finance Initiative site of the United Nations. The domain appeared to be compromised by a number of medical spam-related URLs, most of which are compromised sites themselves. Branded drug names such as ‘Viagra’ and ‘Levitra’ were embedded in the code to help result in higher search engine ranking - a classic SEO poisoning tactic.. While most mainstream search engines like Google are aware of these tricks, Sanniez argues that some attacks do slip through the cracks.

"Like most black hat SEO attacks on compromised sites, the site tends to look perfectly fine, and there is no indication that the site has been compromised” –Amon Sanniez, Associate Security Researcher

Why is this significant? Remember the statistic from the Websense Security Labs™2010 Threat Report, which reports that almost 80% of cybercrime scams are on compromised legitimate web servers. Attacks are growing more and more advanced every day – and it’s getting harder for simple security software to detect them. Find out how to prevent the possibility of your organization falling victim to these attacks here.  

Cybercriminals are on the move again. And, this time, Canada is the prime target. IP addresses in China and Eastern Europe are highly scrutinized and undergoing intense evaluation. So hackers are on a quest to move their networks to countries, like Canada, that have better cyber reputations. 

It's a little surprising to me as well. Previously, Canada was a place of great beer and hockey (next year, Habs!). But Websense recently conducted an analysis of Canada’s cyber security risk profile, and all trends pointed to Canada as the new launchpad for cybercriminals. For example:

Jump in Hosted Phishing Sites - Canada saw a huge increase in the number of servers hosting phishing sites, jumping 319 percent in the last year.  This tremendous increase over the last 12 months is second only to Egypt in terms of the growth of sites hosting crime ware.                        

 Increase in Bot Networks – Cyber criminals are moving their command and control centers to safer grounds. In the past eight months, Canada saw a53 percent increase in bot networks. In fact, Canada scored the second highest for hosting bot networks, when compared to the U.S., France, Germany and China.  

Malicious Websites – We’re seeing a trend of malicious websites decline across the board. However, Canada’s decline is tremendously slower, when compared to the countries listed above.

Overall Increase in Cyber Crime – In Websense’s most recent Threat Report, Canada is #6 in the world for hosting cyber crime . And, this number continues to rise.

Since President Obama announced the events in Pakistan over the past weekend, Websense has been monitoring a large wave of scams and malicious content surrounding the death of Osama bin Laden.

Today the US Government has confirmed it will not be releasing the pictures of bin Laden’s body which should help minimize the number of people who are falling for these scams. But as the pressure builds on the US Government to release these photographs, there has been very little written on the impact this would have to the cyber-security space.

Most of these scams have so far relied on social engineering. Judging by the number of people falling for the previously mentioned scams, they have been successfully lured into believing these pictures are available. These have been successful, despite the fact that pictures have not been released.

But what if the US Government were to actually release these photographs - what would happen next?

This morning I spoke with the BBC News to discuss possible explanations about why spam levels appear to be falling in recent months. Are spammers re-grouping? Are they simply moving from targeting email to social media? Click here to read the full BBC News article.

In 2010, Websense Security Labs found that 89.9% of all unwanted emails contained links to spam sites or malicious websites —an increase of 4% over 2009. However, there have been signs that spammers are turning to alternative methods other than e-mail for distributing their messages - such as Facebook and Twitter. As long as spammers can generate a profit from their activities, email spam isn’t going away, and will continue to be spread to other profitable areas, including social media. Check out our recent Threat Report, for more details.

It’s important that individuals, organizations, and celebrities protect their Facebook page and blogs from spam and malicious content. Free for individuals, our Defensio product helps brands protect their reputation and maintain their fans’ trust, by analyzing, classifying and removing unsavory user-generated content (whether it is malicious, spam, or even profanity).

Have any questions/comments? Let me know...