If you have clients who block online to adult content on work computers, but allows access to the news, you may want to have a chat with them about their policies.
According to the 2010 Threat Report from security vendor Websense, Web-based news sources are now more likely to feature unexpected malware than are adult entertainment sites. Patrik Runald, senior manager for Websense security research, said there has been a dramatic uptick in the amount of “black-hat SEO” (search engine optimization) being done. In the latter half of 2009, searching for the latest trending topics or buzzwords landed you somewhere with malware about 14 per cent of the time. Now, that’s 22.4 per cent. Compare that to 21.8 per cent infection rates for “objectionable content.”
“If you take any current topic and search on Google or any other search engine, almost a quarter of the top results will lead to dangerous Web sites,” Runald said. “It’s pretty staggering.”
That uptick is especially staggering given the increased efforts of the search engine operators to stamp out just this kind of activity. By way of comparison, Runald said searching for a business-related term would only land you somewhere you probably don’t want to be one per cent of the time.
For VARs and MSPs, Runald said this means education is needed, and that security efforts need to be real-time, analyzing content as its being pulled down by users.
Changing vectors for attacks also suggest that companies should carefully consider their policy towards sites like Facebook. On one hand, blocking access to the site in its entirety can be an impediment to both business and morale. On the other than, along with time-wasting concerns, there’s a real security issue. Runald said that today, 40 per cent of status updates on Facebook contain a link, and 10 per cent of those statues lead to spam or malicious content.
This year has seen its share of high profile attacks, starting with the Aurora attack on Google et al earlier this year, and continuing through the more recent Stuxnet attack, which set a new bar by combining four zero-day exploits and brought with it whispers and accusations of state sponsorship of malware.
“It’s not getting better,” Runald said. “It’s been an all-out barrage against enterprises and corporations around the world.”
Compared to 2009, the company’s 2010 report found a 111 per cent increase in the number of malevolent Web sites, which have long been the number one source of infection. Eighty per cent of those infected Web sites are perfectly legitimate sites that have been unknowingly compromised, Runald said.
After just crossing the one million malicious Web sites per month barrier in April, the company is now tracking almost two million new malicious Web sites every month. And the attacks aren’t coming from where you might think they are – while malware has long been associated with Eastern Europe and Asia, the top hoster of malware is now much closer to home – the United States. Runald admits that could easily be a function of the greater number of servers in the U.S. and the greater connectivity of those servers.
Websense also noted a large increase in the number of small businesses’ banking information being targeted. While malware writers and phishers have long gone after home users’ bank accounts through a variety of attempts, 2010 marks the year when the attackers started moving up into business users, who typically have more cash around anyway.
When it comes to what to expect next, Runald said “the safe prediction” for 2011 is the evolution of the smartphone as an attack vector – especially given how many users are now relying on mobile apps to connect to their banking institutions. “It makes sense for the bad guys to go after the smartphones because we don’t have the same kind of protection options we do on the desktop,” Runald said, even though the kind of power and connectivity encased in smartphones has skyrocketed in recent years. “The sky’s the limit because these are now miniature PCs.”
Runald said Websense saw “baby steps” towards this during 2010, including Android applications that had to be removed from the market because they turned out to be malicious. While the iPhone didn’t see any significant attacks, the popularity of the jailbreakme.com Web site shows what could happen. The site allows users to “jailbreak” their iPhones (download software through sources other than Apple’s iTunes Store) via a “drive-by download,” a technique often used by malware authors.
“In this case, it pushed something the user wanted,” Runald said. “But it could have just as easily been malware, a key logger, a phone call recorder or a spambot.”
Other predictions for 2011 including attacks on dynamic Web content and social media becoming more prominent, and “combination packs of attacks” that are integrated across a variety of platforms. Runald said this would require a more integrated approach to security. Systems will not only have to understand e-mail protection and data loss prevention, but will “really need to understand the Web because the Web is the main driver.”