WebSense has published a new interesting study, 2013 Threat Report, that confirms an extraordinary growth of cyber threats, the data that most of all alert the security community is the increasing number of sophisticated attacks able to elude traditional defense mechanisms.
The analysis revealed that technologies most exposed to cyber attacks continue to be mobile platforms and social media, internet is confirmed as primary channel for cyber menaces, let's consider in fact that number of malicious web sites grew nearly 600% and 85% are represented by legitimate web hosts.
Another concerning phenomenon is the use of Email as vector for cyber menace, attackers consider this carrier as a fundamental component for their attacks, only 20% emails sent was legitimate, phishing messages and spam are monopolizing to totality of email traffic, email is typically used to infect victims carrying a malware or proposing infected link to compromised web site.
Principal Categories of Malicious Web Links in Spam Email found by WebSense are:
- Potentially Damaging Content | Suspicious sites with little or no useful content.
- Web and Email Spam | Sites used in unsolicited commercial email.
- Malicious Websites | Sites containing malicious code.
- Phishing and Other Frauds | Sites that counterfeit legitimate sites to elicit |user information.
- Malicious Embedded iFrame
In 2012 majority of cyber attacks hit businesses and governments organizations, WebSense revealed that about 70 % of its customers experienced a weekly average of 1,719 attacks per 1,000 users, and confirming the above statements the attackers have benefited of social networks, mobile devices and email as attack vectors. France, China and Mexico are at the top of worldwide Top 10 "Victim country" respectively for EMEA, APAC and CALA areas.
Social Media represent a privileged target due the large audience and leak of awareness of users on cyber threats , shortened web links in 32% of the cases hide malicious content, particularly critical are periods in which introduction of new features and changing services creates confusion that advantage attackers.
Mobile Threats are considered one of principal concerns for security experts , rapid diffusion of malicious apps and wrong habits of users (e.g. jailbreaking and absence of defense systems) expose them to serious risks.
In mobile environment also legitimate app may be hidden pitfalls, a study by Philipps University and Leibniz University in Germany involving 13,500 free apps downloaded from Google Play found that 8 % of these apps were vulnerable to man-in-the-middle attacks, and approximately 40% enabled malicious activities such as credentials stealing for popular services, such as American Express and Paypal, and remote control servers.
WebSense reported that malicious apps mainly need three permission requirements that are worth pointing out:
- 82% of malicious apps send, receive, read or write SMS messages. Very few legitimate apps require any SMS permissions.
- 12,5% malicious apps required RECEIVE_WAP_PUSH permission, something legitimate apps rarely require.
- 10% malicious apps asked for permission to install other apps—another rarity among legitimate apps.
Between most aggressive cyber threats WebSense include of course malware, the level of complexity of malicious code in sensible increasing, the security firm detected sophisticated agent designed to hit specific targets and platforms circumventing defense countermeasures.
Report key finding are:
- 50% Fifty percent of web-connected malware became significantly bolder, downloading additional malicious executable within the first 60 seconds of infection.
- The remainder of web-connected malware proceeded more cautiously, postponing further Internet activity by minutes, hours or weeks, often as a deliberate ruse to bypass defenses that rely on short-term sand-boxing analytics.
The report concludes with a session dedicated to Data Theft/Data loss incidents that mainly target to gather access to intellectual property (IP), payments credentials, credit card numbers and other Personally Identifiable Information (PII). To reach the scope the principal methods of attacks are malware and hacking techniques.
