Choose from several options for complete web, email and data security.
Learn more
Evaluate Websense products by watching demos and installing evaluation software.
Learn how Websense solutions help keep our customer safe, secure and productive
Get information on product updates, support resources and more.
Get the most out of support in five simple steps.
Find tools and assets to help sell Websense solutions.
Come work for the global leader in unified information security. Go
we want to hear from you >
The media is buzzing with stories of state-sponsored hacking and so-called advanced persistent threats, as well as high-profile data-theft attacks by cybercriminals. So what does this mean to everyday businesses owners and managers, companies that aren’t defense contractors or giant corporations?
It means watch out. The wildly successful techniques used in state-sponsored attacks are moving down a malware adoption lifecycle. Yesterday’s million-dollar, well-planned, high-profile attack quickly becomes a $25 exploit kit available online to armies of low-level hackers.
This is phase two of advanced threats. This army of profit-driven hackers is using the same advanced techniques to steal any data that they can get their hands on to sell, fence or ransom. No one is safe, because traditional defenses don’t work against advanced malware. And the cybercriminals are targeting every kind and size of business.
This is the part of the story that people need to hear: While the big-name breaches get the headlines, too many companies get lulled into a false sense of security thinking that they are safe because they don’t have state secrets. Our research shows how the advanced techniques used in APT attacks move downstream. From state-sponsored groups, to criminal gangs, and ultimately to individual hackers—they are hitting any business with anything of value. Because that’s where the money is. And it’s easy pickings because their antivirus software is defenseless against these advanced methods. Here’s how we see the malware adoption lifecycle playing out in the wild:
Recently more than 150 IT security professionals joined a panel of experts for our first-ever live interactive SpeakUp debate in London. The debate focused on social media, covering the legal and security issues as well as the psychology of falling for Internet scams. What struck me the most was the final audience poll: “From what you’ve heard today, would you do something differently?” More than half the audience replied yes.
Interestingly, 21% of the audience allow company-wide access to social media and don’t monitor employee content. Seemingly, around the same number (19%), have suffered a social media related security incident. Just over half (54%) have not had an incident and over a quarter (27%) answered ‘don’t know’.
It’s still a subject that confuses and divides security professionals, so we used Facebook to demonstrate just how prolific malicious applications are. Without the right protection in place, users could happily click on a link exposing your organization to malware. (read more)
Who: This is nation-state activity to penetrate another nation or corporations computers or networks for the purposes of causing damage, disruption or exploitation with an endgame objective of disabling an opponent's military capability or stealing important source code to increase their own power. These guys are the special forces of the threat landscape; super skilled buzz-cut clean shaven expert hackers. You’d never know who they were however – because if I told you I’d have to kill you.
Why: Cyber Warfare has been described of as the fifth domain of warfare with the Pentagon formally recognizing cyberspace to be just as critical to military operations as land, sea, air and space. It is reported that at least 100 countries have been developing ways to use the Internet as a weapon and target financial markets, government computer systems and utilities. Cyber Soldiers may operate as APT (advanced persistent threat) or corporate spies at times, but everything they learn is geared toward a specific nationalist objective.
What: Stuxnet is a great example of this attack method, a text book case of an APT. The Worm was discovered July 2010 and is the first specialized complex malware to only target industrial software. It was aimed at compromising the Iranian nuclear program and believed to be the work of a well funded group of 5-10 people over 6 months. Speculation: only a nation state has these capabilities.
I’ve been getting a lot of questions about compliance as more companies reveal that they’ve been breached or hacked – so I thought I’d get your feedback on the issue.
While these episodes have businesses and consumers (including me) paying attention, I’ve also started to become more concerned about another source of sensitive, private data: electronic health records (EHR).
Last year, the Identity Theft Resource Center counted 160 breaches in the medical/healthcare industry, representing 24.2 percent of total breaches and close to 2 million records. That’s a huge volume, and a huge concern. Medical records are a veritable gold mine of personal data, often containing a complete package of all the valuable information criminals need to perpetrate fraud, including: SSNs, DOB and in many cases, insurance and credit card information. (more)
Who: These are the heavyweights of the cybercriminal world. Corporate attack and espionage is a stealthy, organised, funded activity by professional agents operating rather like the legitimate companies they hope to steal from. The worker bees are usually found beavering away with state of the art computing equipment, multiple monitors and the blinds well drawn. While the big cheeses are well connected individuals with fingers in pies and eyes firmly on the ball. Together they make a formidable team.
Why: Big Bucks. These guys are out to target company confidential data which can then be sold on to the highest bidder. There are two distinct categories within this group; one aiming long term using Advanced Persistent Threats (APT) and the other group more focused on short- to midterm financial gains.
What: The APT attack nicknamed Operation Aurora in 2009/2010 was aimed at US high tech companies including Google and Adobe. It was thought to originate in China with speculation of Government involvement. Aurora exploited a zero-day vulnerability in Internet Explorer with a goal to steal IP and modify source code.
Alan commented on the initial APT post: I hope you don't spew marketing hyperbole else this will turn dull rapidly. Don’t worry. We are going to stick to the facts. In this piece, I want to separate from the buzz around these attacks and talk about why you should care.
We’ve heard from a lot of executives, “What should we do about APTs?” There is a high level of concern from large organizations with serious IP (like source code) that they know others will try to get. But there’s also a large group that thinks, “I’m a $10M manufacturing company, in Ohio. I don’t think Chinese or North Korean hackers are going to be knocking on my door anytime soon.”
And, they are right. (read more)
Who : This is the largest group of cybercriminals. In another era they would have been found nicking your purse, knocking over old ladies or selling solid gold watches for £10 from a battered old suitcase. These guys have picked up a few skills along the way, nothing too complicated, just straightforward malware, adware or spam. Once they have perfected how to do it once, they do it again and again and again.
Why: Fast, financial gain. The mainstays are fake antivirus programs, manipulating your identity, using your credit card numbers, or stealing passwords. Some make their money through illegal advertising, often paid by a legitimate company for pushing business their way. Cheap pills, anyone? Some members of this group believe they are simply "aggressive marketers." It helps them sleep at night.
What: Phishing and SEO poisoning was used within minutes of the earthquake which hit Japan in March 2011. Emails asking for donations to a rogue cause ‘Humanitarian Care Japan’ did the rounds and searching for the latest news online resulted in several links to malicious sites. Following the link, the victim was redirected to fake antivirus via a "CLICK HERE" button. A warning then appears stating that your computer might already be infected. Whether the "Cancel" or "OK" button is clicked, rogue a Windows OS-like anti-virus interface will popup. The user is then scared into thinking their computer is infected and they must download the scammers' program and pay for it to be cleaned up.
If you are like me, you’ve seen and heard plenty about Advanced Persistent Threats (APTs) this year. It’s the new hot-button term. So popular that everyone has their own definition.
FUD continues to cloud the discussion we should be having. So we are starting a series of posts to separate the fact from fiction and to really nail what you should be concerned about. We will:
- Define what APTs are (and aren’t)
- Examine attacks from a research/technical perspective
- Discuss who should care and what you should do about it
- Talk about why most of today's security technologies aren't stopping these attacks
- Explain the malware technology adoption lifecycle (the dynamic missing from most discussions)
Websense Security Labs has been on the forefront of examining APTs in the wild and have charted the emergence of these exploits. We’ll explain why high-profile attacks seem to work so effortlessly. And we’ll discuss the ongoing evolution of APTs: from government/nationalistic targets to organized criminal gangs and soon individual hackers.
I encourage you to join our June 8 webcast on APTs. It’s being hosted by Patrik Runald, one of our senior security research managers.
Let’s skip the APT hype and FUD. Let’s use real-world examples to talk about what matters most to you.
In the meantime, I have my own question: how many of you have been approached by senior management with any questions about big data breaches, like, “Hey, I saw the news about (insert company) losing company data. What are we doing to avoid that?” What did you say?
We all know how hard it has been to get budget money over the last few years. You identify a problem, you evaluate solutions, and you know what you need to do. Then you hit a roadblock. You need a signature from someone who doesn’t know what you know, so you start looking for evidence that supports your recommendation.
I am very excited to give you some great new evidence. This will support your decision to use Websense to close the holes in your current security that web-based threats can come in through (and also prevent resulting data theft).
Gartner is the leading IT consultancy in the world, and they have named Websense a leader in the Gartner Magic Quadrant for Secure Web Gateway.
This report helps give you the third-party validation that you need to avoid being the next data breach headline. You can download a copy of the report here. For more information, try contacting Websense or one of our resellers.
What other tools are you using to wake up management to the threats and to get your project funded and fast-tracked?
The headlines are bleeding again with news of another HUGE data theft story. How many more will there be in the next week, month, year? In the last few months alone, Sony, RSA, and Oak Ridge National Laboratory lost data. Jai Vijayan at ComputerWorld thinks these breaches are matter of when, not if (“You will get breached. Get over it.”). And at a an average cost of about $200 per record you can multiply the number of customer records that you store and probably get funding for your long-delayed DLP project TODAY.
But is that just the tip of the iceberg?
