How cybercriminals are infecting networks and stealing data undetected

23 April, 2012

A leading data security specialist has outlined its top recommendations and insights for protecting against and containing sophisticated malware and targeted attacks - advice that may prove invaluable for accommodation businesses determined to safeguard their systems.

Research released recently by the Websense Security Labs in the Websense 2012 Threat Report reveals the trifecta that is driving epidemic levels of data theft: extremely effective social media lures; evasive and hard-to-detect infiltration of malware; and sophisticated exfiltration of confidential data. 

The report provides real-world examples, and offers practical advice to IT security practitioners.
"Traditional defences just aren't working any more. Organisations need real-time defences with multiple detection points that deeply analyse both the inbound content of each website and email as well as the outbound transmission of sensitive data," Charles Renert, vice president of research and development for Websense, asserted. 
"Nearly all data-stealing attacks today involve the web and/or e-mail. And many increasingly use social engineering to take advantage of the human element as the weakest link. 
"Since the current generation of attackers use multiple data points and threat vectors to target their victims, only a solution that understands the entire threat lifecycle and combines data from each phase can protect against them."
The key findings of the report include the revelation that 82 per cent of malicious websites are hosted on compromised hosts. If compromised hosts are the norm, cloud and hosting services cannot necessarily be trusted. This threatens to put a damper on our economy, which is tapping the cloud as a backbone for commerce, communications and culture.
Forty-three per cent of Facebook activity is streaming media, including viral videos. That's more than five times the next largest category of news and media within Facebook. 
The streaming media per centage is important because web lures - like videos, fake gift offers, surveys, and scams - prey on human curiosity and have moved onto the social network. 
Websense has partnered with Facebook to scan all clicked Facebook web links so that Websense researchers have unprecedented visibility into the social network's content.
While 74 per cent of email is spam, this is a drop compared to the previous year's figure of 84 per cent. It is therefore clear that efforts to take down spam botnets are showing results. 
However, while overall spam is down, 92 per cent of email spam contains a URL, illustrating the increasingly blended nature of today's email threats. 
The top five email malware lures are: order notifications, ticket confirmations, delivery notices, test emails, and tax refund information. Spear phishing also continues to increase as a delivery vehicle for targeted attacks.
Websense Labs analysed more than 200,000 Android apps and saw a noticeable quantity with malicious intent or permissions. The number of users who will be exposed to a malicious mobile app is increasing quickly.
Advanced threats can be described in six stages: lures, redirects, exploit kits, dropper files, call-home communications, and data theft. Each stage has unique characteristics that need specific real-time defences. 
Traditional defences mainly focus on the fourth stage and known threats by looking at malware files, and in large part that is why they are ineffective. Advanced threats use unique dropper files that go undetected by traditional defences for hours or days.
Source: Websense