Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security. Go
Contact us>
Websense Security Labs™ and The Websense® ThreatSeeker™ Network have detected that the government-related websites ict.org.il and herzliyaconference.org have been involved in a 'waterhole' attack and are injected with malicious code that serves as an exploit for Internet Explorer vulnerability CVE-2012-4969. The first website describes itself as the “International Institute for Counter-Terrorism”. Both websites seem to be connected and governed by a leading Israeli academic institution called the IDC.
The malicious code found on the websites is identical and was identified as CVE-2012-4969 - an Internet Explorer vulnerability that was verified as a zero-day at the time and was found to be exploited in the wild on September 2012. It was found by Eric Romang from Zataz.
From our initial checks, the websites still serve the malicious code on specific paths, and have been serving the malicious code from as early as the 23rd of January 2013. At the time of this writing, the malicious code on ict.org.il appears to be fully functional, but the malicious code on herzliyaconference.org doesn't seem to be functional (the main page that initiates the exploit seems to have been removed; although subsequent pages are still available, on their own they won't serve a successful exploit).
I recently hosted a Websense customer round-table discussion with 20 CSOs from top U.S. companies. We swapped war stories, hashed out the security challenges they face every day and they shared how they’ve been successful. These CSOs work in a variety of industries, including federal, finance and healthcare. Recently, there have been a number of highly public targeted attacks, which led to a lengthy discussion on spear-phishing. I found their insights very valuable and I wanted to share some key points...
Every day, organizations worldwide are targeted by data-stealing attacks. While these attacks have evolved in frequency and sophistication, many security defenses have failed to adapt. Old techniques don’t address containment against data theft and cybercrime call-home communications. The growing prevalence of cloud apps, along with increases in SSL traffic, mobility and remote users are also adding more blind spots to traditional defenses.
It’s imperative that we continue to stay up-to-date on the latest tactics and tricks. Join me this Wednesday, August 8, 2012 from 10 a.m. - 11 a.m. PT for a webinar on the seven stages of data theft. We’ll be covering each of these steps:
Reconnaissance - Targeted attackers access credentials and research online profiles, email IDs, org. chart information, hobbies and interests from social profiles to gain insight on their victims.
Lures - Designed to prey on human curiosity, web lures often link to videos or breaking news, while email lures are more business-focused on transaction and fake delivery notices.
Redirects - Users are usually directed to a survey, rogue anti virus offer or a fake web page where an exploit kit is waiting. Traditional redirects are injection attacks, while newer ones focus on social networking wall postings, fake plug-ins, fake certificates and heavily obfuscated java script.
Exploit Kits - The exploit kit objective is like that of a sniper: take the shot with a malware dropper file only when an open door for tested vulnerabilities is found.
Dropper Files - This stage is what most people consider the focus of their forward-facing defenses: analyze every file that comes into the network for malware. The problem is dropper files use dynamic packers, so known signatures and patterns are not available.
Call-Home - This stage involves calling home for malware downloads and tools, and for sending back information, standard procedure for any successful online attack. The problem is that most defenses are only forward-facing and do not analyze the outbound traffic from infected systems.
Data Theft - This is what they are after. The ability to contain an attack and stop data theft raises many questions that we will address. Can your defenses detect password files leaving your network or the use of custom encryption on outbound files?
In addition, we’ll be covering: why current defenses are failing; today’s new security requirements; and the newest, bleeding edge advanced threat and data theft defenses to emerge thus far.
We look forward to having you join the webinar. Bring your questions and be ready to talk threats!
With the hectic travel schedule of first quarter wrapping up I had some spare time to think about advocating a fresh approach to security for the spring. I know it’s not the beginning of the year, but if your schedule is anything like mine, this may be the first time you’ve had a minute to spare since the calendar moved to 2012. With everything in the threat landscape changing so frequently, it’s important to reassess your current status and plan for the coming year, whenever we can come up for air. So, I came up with the following nine tips to help you get a fresh start this spring:
<CONTINUE>
This Sunday at 2:00 a.m. many of us will be moving our clocks ahead one hour to “spring forward” for daylight savings time. We’ve all heard the suggestion that daylight savings is a good reminder to check your smoke detector or carbon monoxide detector batteries. I’d like to add to that—this is a great time of year to remind yourself to change your passwords for your email, social media, banking accounts and mobile phone.
Also, remember to change the passwords of any application or API that plugs into your credentials, like HootSuite, Tweetdeck or Twitpic.
Here are a few guidelines to get your passwords in the most secure shape:
The media is buzzing with stories of state-sponsored hacking and so-called advanced persistent threats, as well as high-profile data-theft attacks by cybercriminals. So what does this mean to everyday businesses owners and managers, companies that aren’t defense contractors or giant corporations?
It means watch out. The wildly successful techniques used in state-sponsored attacks are moving down a malware adoption lifecycle. Yesterday’s million-dollar, well-planned, high-profile attack quickly becomes a $25 exploit kit available online to armies of low-level hackers.
This is phase two of advanced threats. This army of profit-driven hackers is using the same advanced techniques to steal any data that they can get their hands on to sell, fence or ransom. No one is safe, because traditional defenses don’t work against advanced malware. And the cybercriminals are targeting every kind and size of business.
This is the part of the story that people need to hear: While the big-name breaches get the headlines, too many companies get lulled into a false sense of security thinking that they are safe because they don’t have state secrets. Our research shows how the advanced techniques used in APT attacks move downstream. From state-sponsored groups, to criminal gangs, and ultimately to individual hackers—they are hitting any business with anything of value. Because that’s where the money is. And it’s easy pickings because their antivirus software is defenseless against these advanced methods. Here’s how we see the malware adoption lifecycle playing out in the wild:
Recently, I was speaking with a CSO of a major corporation and the topic of how much money is made with cybercrime came up. Now, many of us talk about the proliferation of easily monetizable cybercrime, but because it is an invisible enemy, some people have trouble understanding the threat. I wanted to quickly share with you a great article that should be required reading for everyone in IT security:http://www.wired.com/magazine/2011/01/ff_hackerville_romania/all/1
The story covers the evolution of the small town of Râmnicu Vâlcea, Romania and how it went from having “a decades-old chemical plant and a modest tourism industry” to become what the article calls “Cybercrime Central.”
The Board of the Internet Corporation for Assigned Names and Numbers (ICANN) this week gave final approval to what some are calling “the most dramatic change to the Internet in four decades,” allowing the expansion of new Top-Level Domains (TLDs).
There’s a lot of pushing and shoving in the media about this decision, with some very vocal proponents and those who have fought against this move.
Some argue this ICANN initiative could force a land grab of domains by businesses to protect their company reputation. However, they aren’t the only ones who are likely to try to snag these new top level domains. There’s a very legitimate concern that cybercriminals could also seek these new domains to create legitimate looking websites using well-known brand names. (read more)
Cybercriminals are on the move again. And, this time, Canada is the prime target. IP addresses in China and Eastern Europe are highly scrutinized and undergoing intense evaluation. So hackers are on a quest to move their networks to countries, like Canada, that have better cyber reputations.
It's a little surprising to me as well. Previously, Canada was a place of great beer and hockey (next year, Habs!). But Websense recently conducted an analysis of Canada’s cyber security risk profile, and all trends pointed to Canada as the new launchpad for cybercriminals. For example:
Jump in Hosted Phishing Sites - Canada saw a huge increase in the number of servers hosting phishing sites, jumping 319 percent in the last year. This tremendous increase over the last 12 months is second only to Egypt in terms of the growth of sites hosting crime ware.
Increase in Bot Networks – Cyber criminals are moving their command and control centers to safer grounds. In the past eight months, Canada saw a53 percent increase in bot networks. In fact, Canada scored the second highest for hosting bot networks, when compared to the U.S., France, Germany and China.
Malicious Websites – We’re seeing a trend of malicious websites decline across the board. However, Canada’s decline is tremendously slower, when compared to the countries listed above.
Overall Increase in Cyber Crime – In Websense’s most recent Threat Report, Canada is #6 in the world for hosting cyber crime . And, this number continues to rise.
How many letters have you received? You know what I’m talking about. Let’s talk data breaches. Let’s avoid the hype of the headlines and some of the sensationalism of the media coverage. And look at a few facts from recent episodes to see if we can identify the root issue at the heart of the breaches.
I’ve already posted a first glance look at the Epsilon breach, but, let’s talk about this in a little more detail. There are three critical elements that need to be addressed here.
1. The business imperatives that lead to this episode
2. Why most organizations aren’t currently equipped to prevent such breaches
3. What companies need to do to protect themselves from third part breaches
The parade of large data breaches just came knocking on my front door. Or more accurately, in my home email. I received *three* almost identical messages from three different companies that told me in almost identical language that my name and email address had been leaked and, “you may receive spam email messages as a result. We want to urge you to be cautious when opening links or attachments from unknown third parties.” Epsilon, an online marketing firm with a huge portfolio of diverse clients, lost a huge amount of customer data. In volume, it might be the largest breach in history.
At little risk of overstatement, let us rephrase the warning: “Don’t feel safe just because they only got your name and email and not your social. Make no mistake about it, you are about to become the target of a spear phishing attack.” For the uninitiated, spear phishing attacks take advantage of trusted relationships. You expect emails from these trusted companies, so you are less suspicious, less vigilant, and more likely to fall for a scam. Think you are too savvy? This is exactly how RSA just lost their valuable data—by an executive clicking on an email with a link to a web site that looked like it was from a known vendor.
Follow us on SpiceWorks
BlogRoll
We want to hear from you!
