Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Rise of malicious networks noted

Veronica C. Silva | Feb. 16, 2012
Search engines/portals are seen as the most common point of entry into the networks.

A Web security company has noted an increase in the number of malicious sites from which cyber criminals launch their attacks on IT infrastructure. Called malnets or malicious networks, these attacks have increased in number by as much as 240 percent last year, and they are expected to continue threatening IT infrastructures this year.

Blue Coat's 2012 Web Security Report also noted that these attacks are most commonly launched through easy entry points, such as search engines or portals. The report analysed data from the Blue Coat WebPulse service, a cloud-based, real-time analysis and ratings service.

"In 2011, the ease of buying, customising and deploying malicious software kits, coupled with a faster rotation through domain names, drove a 240 percent increase in malicious sites," said Chris Larsen, senior malware researcher, Blue Coat Systems.

Larsen added that an average business is faced with 5,000 threats per month, and that identifying and tracking malnets to block attacks is the "most effective protection." 

The danger with this type of attack is that it is more than a one-shot attack, the report noted. "These infrastructures (malnets) last beyond any one attack, allowing cyber criminals to quickly adapt to new vulnerabilities and repeatedly launch malware attacks," the report stated.

Tracking malnets

Currently, Blue Coat Security Labs is tracking more than 500 unique malnets and subnets which may not be active on any given day. The top five malnets that Blue Coat is currently monitoring are Shnakule, Glomyn, Cavka, Naargo, and Cinbric. Malnets can also create new subnets, and their size may vary from day to day.

"Malnet infrastructures enable cyber criminals to launch dynamic attacks that are often not detected by traditional anti-virus vendors for days or months," the report added.

The attacks are not focused on traditional desktop and laptop computers, said the Blue Coat report. Attacks have also been launched on the mobile platform to include phones, tablets and other bring-your-own devices (BYODs) that plug into the office networks. Though attacks through the mobile devices are currently "limited", but the report warns that growing usage of this platform may make it a "high-value" target in the future.  

Aside from search engines/portals, other vulnerable points of entry are through e-mails and social networks.

The report offers tips to help organisations counter malnet attacks. These tips include knowing network logs and checking them frequently, blocking all executable content from unrated domains, and setting policies around "dangerous and potentially dangerous categories."

Blue Coat provides Web security and WAN optimisation solutions.


Sign up for Computerworld eNewsletters.