Research released by the Websense Security Labs in the Websense 2012 Threat Report reveals the trifecta that is driving epidemic levels of data theft: extremely effective social media lures; evasive and hard-to-detect infiltration of malware; and sophisticated exfiltration of confidential data. The report provides real-world examples, and offers practical advice to IT security practitioners.
“Traditional defenses just aren’t working any more. Organizations need real-time defenses with multiple detection points that deeply analyze both the inbound content of each Web site and e-mail message as well as the outbound transmission of sensitive data,” said Charles Renert, vice president of research and development for Websense. “Nearly all data-stealing attacks today involve the web and/or e-mail. And many increasingly use social engineering to take advantage of the human element as the weakest link. Since the current generation of attackers use multiple data points and threat vectors to target their victims, only a solution that understands the entire threat lifecycle and combines data from each phase can protect against them.”
The key findings are:
- 82% of malicious Web sites are hosted on compromised hosts. If compromised hosts are the norm, cloud and hosting services can’t be trusted. This threatens to put a damper on our economy, which is tapping the cloud as a backbone for commerce, communications, and culture.
- 55% of data-stealing malware communications are web-based.
- 43% of Facebook activity is streaming media, including viral videos. That’s more than five times the next largest category of news and media within Facebook. The streaming media percentage is important because web lures (like videos, fake gift offers, surveys, and scams) prey on human curiosity and have moved onto the social network. Websense has partnered with Facebook to scan all clicked Facebook web links so that Websense researchers have unprecedented visibility into the social network’s content.
- 50% of malware redirects lead to the United States followed by Canada.
- 60% of phishing attacks are hosted in the United States trailed by Canada. The United States is also the top host of malware (36%), followed by Russia.
- 74% of e-mail is spam, compared to the previous year of 84%. It’s clear that efforts to take down spam botnets are showing results. However, while overall spam is down, 92% of e-mail spam contains a URL, illustrating the increasingly blended nature of today’s e-mail threats. The top five e-mail malware lures are: order notifications, ticket confirmations, delivery notices, test e-mails, and tax refund information. Spear phishing also continues to increase as a delivery vehicle for targeted attacks.
- Websense Labs has analyzed more than 200,000 Android apps and does see a noticeable quantity with malicious intent or permissions. The number of users who will be exposed to a malicious mobile app is increasing quickly.
- Advanced threats can be described in six stages: lures, redirects, exploit kits, dropper files, call-home communications, and data theft. Each stage has unique characteristics that need specific real-time defenses. Traditional defenses mainly focus on the fourth stage and known threats by looking at malware files, and in large part that is why they are ineffective. Advanced threats use unique dropper files that go undetected by traditional defenses for hours or days.