Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Stay informed on the latest security exploits, industry news, research, solutions, and more.
Contact us>
Websense Security Labs™ and The Websense® ThreatSeeker™ Network have detected that the government-related websites ict.org.il and herzliyaconference.org have been involved in a 'waterhole' attack and are injected with malicious code that serves as an exploit for Internet Explorer vulnerability CVE-2012-4969. The first website describes itself as the “International Institute for Counter-Terrorism”. Both websites seem to be connected and governed by a leading Israeli academic institution called the IDC.
The malicious code found on the websites is identical and was identified as CVE-2012-4969 - an Internet Explorer vulnerability that was verified as a zero-day at the time and was found to be exploited in the wild on September 2012. It was found by Eric Romang from Zataz.
From our initial checks, the websites still serve the malicious code on specific paths, and have been serving the malicious code from as early as the 23rd of January 2013. At the time of this writing, the malicious code on ict.org.il appears to be fully functional, but the malicious code on herzliyaconference.org doesn't seem to be functional (the main page that initiates the exploit seems to have been removed; although subsequent pages are still available, on their own they won't serve a successful exploit).
Thanks to the ThreatSeeker Network, we have discovered another interesting case of malicious web injection. This one tries to install a Java-based back door on visitors' systems. Its target is the pay-per-click company PocketCents, which has recently been targeted by two additional attacks. This company's business makes it a really interesting target for this type of attack. Given the intensive tracking they advertise in their mission statement, it seems likely that the attackers could be interested in customer information and user accounts. How better to get that information than with a backdoor installed on each visitor machine?
Last week we announced several new, important core security technologies that we added to our TRITON architecture. Websense ACE now includes 10 new defense innovations; seven are focused on outbound traffic to keep data theft and call-home communications contained, preventing theft or loss. Because so many of them are industry firsts, I wanted to take a moment to explain what many of these do and why we created them.
Truth is, the bad guys are stealing corporate data and avoiding detection using advanced techniques. In just the last year, we've seen key intellectual property and user identities stolen from corporations and government agencies, including some you would least expect-including entertainment (gaming) and security companies!
Below are a few examples of how cyber criminals are going undetected, stealing your IP, and how we can stop it from happening.
More
Every day, organizations worldwide are targeted by data-stealing attacks. While these attacks have evolved in frequency and sophistication, many security defenses have failed to adapt. Old techniques don’t address containment against data theft and cybercrime call-home communications. The growing prevalence of cloud apps, along with increases in SSL traffic, mobility and remote users are also adding more blind spots to traditional defenses.
It’s imperative that we continue to stay up-to-date on the latest tactics and tricks. Join me this Wednesday, August 8, 2012 from 10 a.m. - 11 a.m. PT for a webinar on the seven stages of data theft. We’ll be covering each of these steps:
Reconnaissance - Targeted attackers access credentials and research online profiles, email IDs, org. chart information, hobbies and interests from social profiles to gain insight on their victims.
Lures - Designed to prey on human curiosity, web lures often link to videos or breaking news, while email lures are more business-focused on transaction and fake delivery notices.
Redirects - Users are usually directed to a survey, rogue anti virus offer or a fake web page where an exploit kit is waiting. Traditional redirects are injection attacks, while newer ones focus on social networking wall postings, fake plug-ins, fake certificates and heavily obfuscated java script.
Exploit Kits - The exploit kit objective is like that of a sniper: take the shot with a malware dropper file only when an open door for tested vulnerabilities is found.
Dropper Files - This stage is what most people consider the focus of their forward-facing defenses: analyze every file that comes into the network for malware. The problem is dropper files use dynamic packers, so known signatures and patterns are not available.
Call-Home - This stage involves calling home for malware downloads and tools, and for sending back information, standard procedure for any successful online attack. The problem is that most defenses are only forward-facing and do not analyze the outbound traffic from infected systems.
Data Theft - This is what they are after. The ability to contain an attack and stop data theft raises many questions that we will address. Can your defenses detect password files leaving your network or the use of custom encryption on outbound files?
In addition, we’ll be covering: why current defenses are failing; today’s new security requirements; and the newest, bleeding edge advanced threat and data theft defenses to emerge thus far.
We look forward to having you join the webinar. Bring your questions and be ready to talk threats!
We recently released findings on the current state of security in Canada. If you’ve read that piece, you may now be wondering how that compares with the rest of the world. The Websense Security Labs recently released our 2012 Threat Report exploring the biggest threats, trends, and themes collected by the Websense ThreatSeeker Network and investigated by our security lab research teams.
2011 redefined the way many think of and view internet and corporate security. 2012 is continuing this trend. From high profile targeted attacks, hacktivism, data theft and the leverage of exploit kits to selectively deliver malware dropper files when vulnerabilities are detected on user systems, the year forced everyone to think, “Am I next?”
The Websense Security Labs Threat Report provides metrics and practical advice for IT Security professionals. Take a read and let us know if you have any questions about the findings.
With all of the crazy 2011 security breaches, exploits and notorious hacks, what can we expect for 2012? Last year’s Websense Security Labs predictions were very accurate, so these predictions should provide very useful guidance for security professionals. Here are the highlights; the full report can be downloaded here.
Read more commentary and watch the video here.
In my last post I discussed a push toward a more unified security strategy within the public and private sector. Today, I want to discuss why companies need to change their security strategy to stay ahead of the threats they face. This topic was something that came up a lot last week at the Austin NG security summit.
Ten years ago a great security program consisted of anti-virus, IDS, and firewalls – but now those protections have lost their effectiveness. Unfortunately, those three outdated security technologies now make up a huge portion of InfoSec spend. And the remaining small pittance is allocated to deal with the most advanced threats we have seen. Doesn’t seem like a fair fight does it?
Research from Poneman says 90 percent of all companies have been compromised in the last year. Many were targets of advanced malware that compromised web and email channels. Traditional signature-based security measures DO NOT catch these threats. They are too complex and change too fast for those old security measures to keep up.
Compound that with the fact that IT security is now on the CEO’s radar and the board is asking questions about security strategy. I’ve spoken to hundreds of CISOs and CSOs over the last year and the recent data breach headlines are catching their attention. More than ever the IT team is being asked: What is our current risk posture? How do we reduce risk? What is our situation? Are we going to be compromised? What is our strategy? This is our chance. Using this momentum and interest we must change the way we operate and the way executives think about security programs.
The first step is acknowledgement: You have to realize that at some point you will be compromised and the bad guys will get in. It’s not a matter of IF an APT or a targeted attack will strike; it’s a matter of WHEN. There is no silver bullet.
But, all is not lost! Once you’ve accepted this, the next step is to begin to change the way you plan. You need to be able to get the tools in place to be able to communicate to executives:
“I am going to prevent X amount of attacks. And of the guys that get in, I’m going to know in X amount of time, and I will have them contained in X amount of time. We can significantly reduce the probability that they will be able to access, our most important data.” Make sure you have the technology, people, and processes to back up your claims.
This is the new strategy we have to adopt and share. In the next blog, I’ll share the successful strategies I’ve seen from some of the best organizations and CSOs who have adopted this approach. We’ll look at the most common entry and exit points of attacks and how these successful CSOs are focusing their technology investments in those areas.
In the meantime, how many of you have had conversations with your executive team about your security posture? Has this increased in frequency in the last year? Let me know in the comments below.
The media is buzzing with stories of state-sponsored hacking and so-called advanced persistent threats, as well as high-profile data-theft attacks by cybercriminals. So what does this mean to everyday businesses owners and managers, companies that aren’t defense contractors or giant corporations?
It means watch out. The wildly successful techniques used in state-sponsored attacks are moving down a malware adoption lifecycle. Yesterday’s million-dollar, well-planned, high-profile attack quickly becomes a $25 exploit kit available online to armies of low-level hackers.
This is phase two of advanced threats. This army of profit-driven hackers is using the same advanced techniques to steal any data that they can get their hands on to sell, fence or ransom. No one is safe, because traditional defenses don’t work against advanced malware. And the cybercriminals are targeting every kind and size of business.
This is the part of the story that people need to hear: While the big-name breaches get the headlines, too many companies get lulled into a false sense of security thinking that they are safe because they don’t have state secrets. Our research shows how the advanced techniques used in APT attacks move downstream. From state-sponsored groups, to criminal gangs, and ultimately to individual hackers—they are hitting any business with anything of value. Because that’s where the money is. And it’s easy pickings because their antivirus software is defenseless against these advanced methods. Here’s how we see the malware adoption lifecycle playing out in the wild:
Follow us on SpiceWorks
BlogRoll
We want to hear from you!
