WebSense has just released 2013 Threat Report, an interesting analysis of cyber threats based on data collected by the Websense ThreatSeeker Network. The study confirmed the growth of cyber threats able to elude traditional defense mechanisms and that mainly targeted mobile platforms and social media.
Internet is confirmed as primary vector for cyber menaces, web threats have increased significantly respect 2012, both as an attack vector and as the primary support element of other attack trajectories (e.g., social, mobile, email).
Number of malicious web sites grew nearly 600% and 85% are represented by legitimate web hosts that had been compromised by attackers, it is interesting to note that growth was on global scale registering a peck in North America.
The attackers mainly targeted legitimate websites belonging to following categories:
Last year cyber offensive mainly targeted businesses and governments organizations, about 70 % of Websense customers experienced a weekly average of 1,719 attacks per 1,000 users, the attacks initiated through social media, mobile devices, email and other attack vectors.
As anticipated Social Media represent a privileged channel for cyber threat due the large audience, shortened web links in 32 percent of the time hid malicious content, majority of cyber attacks also took advantage of the confusion related to the introduction new features and changing services.
High concern is related to the use of social media in the workspace that could expose company information and sensible data managed by employees.
Mobile Threats are considered one of principal concerns for security experts , rapid diffusion of malicious apps and wrong habits of users (e.g. jailbreaking and absence of defense systems) expose them to serious risks.
The report states:
“Legitimate apps were also a cause for concern; many proved less secure than expected. Consider a study by Philipps University and Leibniz University in Germany involving 13,500 free apps downloaded from Google Play. Researchers found that 8 percent of these apps were vulnerable to man-in-the-middle attacks, and approximately 40 percent enabled the researchers to “capture credentials for American Express, Diners Club, Paypal, bank accounts, Facebook,Twitter, Google, Yahoo, Microsoft Live ID, Box, WordPress, remote control servers, arbitrary email accounts, and IBM Sametime, among others.””
WebSense reported that malicious apps mainly need three permission requirements that are worth pointing out:
Another privileged vector for cyber attacks is the Email, only 20% emails sent was legitimate, phishing messages and spam are monopolizing to totality of email traffic.
Email represented an essential component for success of a cyber attacks, it is used to infect victims carrying a malware or proposing infected link to compromised web site. Attacks such as Flame, Stuxnet and recent Red October were advantaged by highly targeted spear-phishing messages sent to circumscribed group of individuals.
Email-based threats are becoming significantly sophisticated, they are able to circumvent traditional defense, the report refers to the introduction of “time-delay” to some targeted attacks, “in which embedded web links are kept benign until after traditional email security defenses are bypassed”.
Principal Categories of Malicious Web Links in Spam Email found by WebSense are:
Malware could not miss in the list of the main threats, also in this case sophisticated malicious code have been designed to hit specific targets and platforms circumventing defense countermeasures.
Report key finding are:
From the analysis of CnC Communication Protocol emerged that HTTP is most used protocol, however Social media and other popular websites are increasingly use HTTPS to encrypt traffic between their services and their customers, this eventuality allows the “safe passage” of malicious code complicating detection activities.
“The type of CnC communications represented in the table happen only after infection. To avoid detection, such communications are typically short and contain no obviously malicious content. When something significant needs to be transmitted, such as a malware update or stolen data, these communications often use simple but proven data encryption,then send it through HTTP or another channel.”
In the last part of the report is reported the incidence of data Theft/Data loss incidents that mainly target to gather access to intellectual property (IP), payments credentials, credit card numbers and other Personally Identifiable Information (PII). To reach the scope the principal methods of attacks are malware and hacking techniques.
The cyber threat landscape proposed by WebSense describes a reality in constant growth, cyber menaces are increasing in numbers and sophistication level targeting mainly new platforms such as social media and mobile.
“Solutions that focus solely on mobile, email, web or otherwise can no longer be trusted to defend against complex, multistage attacks that can move between attack vectors.”
(Security Affairs – WebSense)