Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

'Sophisticated' attacks on the rise – Websense 2012 report

Veronica C. Silva | May 2, 2012
'Real-time defences' against Web threats recommended

As malicious attacks continue to threaten the Internet users, a new security report recommended "real-time defences" through multiple approaches to guard against such attacks.

The latest Internet security report by Websense Security Labs noted how unwitting Internet users fall prey to malicious attacks which are commonly spread through social media, the Web, and e-mail.

The Websense 2012 Threat Report noted that social media are the common channels for attacks through the use of the "human element as the weakest link."

"Nearly all data-stealing attacks today involve the Web and/or e-mail. And many increasingly use social engineering to take advantage of the human element as the weakest link," said Charles Renert, vice president, research and development, Websense, Inc., a provider of content security solutions.

The Websense report noted the lure of streaming media, including viral videos through Facebook. The report noted that 43 percent of activities on Facebook is streaming media. The videos prey on the users by taking advantage of human curiosity to lure users to click on links that may lead to false websites used in scams.

Multiple attacks

With multiple attacks coming from many fronts - Web, e-mail and social media, Websense Security Labs suggested security measures across all possible entry points.

""Traditional defences just aren't working any more. Organisations need real-time defences with multiple detection points that deeply analyse both the inbound content of each website and e-mail as well as the outbound transmission of sensitive data," said Renert. 

Renert also suggested that organisations wanting to protect their systems from attacks should go for a solution "that understands the entire threat lifecycle and combines data from each phase can protect against them."

The Websense report also cautioned Internet users to be wary of compromised hosts as 82 percent of malicious websites are hosted on these type of hosts. "If compromised hosts are the norm, cloud and hosting services can't be trusted. This threatens to put a damper on our economy, which is tapping the cloud as a backbone for commerce, communications, and culture," the report stated.

Geographies

The United States is the top host of malware, at 36 percent, followed by Russia. Sixty percent of phishing attacks are hosted in the U.S. while 50 percent of malware also redirects lead to the United States. In both cases, Canada trails not far behind the U.S., according to the Websense report.

Websense identified the six stages of advanced threats as lures, redirects, exploit kits, dropper files, call-home communications, and data theft.

Each stage has unique characteristics that need specific real-time defences. Traditional defences mainly focus on the fourth stage and known threats by looking at malware files, and in large part that is why they are ineffective. Advanced threats use unique dropper files that go undetected by traditional defences for hours or days.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.