May 22, 2012

Websense Threat Report – Advanced Malware Invading, Stealing Data

Tom Clare

We recently released findings on the current state of security in Canada. If you’ve read that piece, you may now be wondering how that compares with the rest of the world. The Websense Security Labs recently released our2012 Threat Report exploring the biggest threats, trends, and themes collected by the Websense ThreatSeeker Network and investigated by our security lab research teams.

 2011 redefined the way many think of and view internet and corporate security. 2012 is continuing this trend. From high profile targeted attacks, hacktivism, data theft and the leverage of exploit kits to selectively deliver malware dropper files when vulnerabilities are detected on user systems, the year forced everyone to think, “Am I next?”

 In the report, the Websense Security Labs looks closely at:

  • The trifecta that is driving epidemic levels of data theft: 1) extremely effective lures in web, social media and email; 2) evasive and hard-to-detect infiltration of malware in targeted attacks; and 3) sophisticated exfiltration of confidential data.
  • Advanced threats can be described in six stages: lures, redirects, exploit kits, dropper files, call-home communications, and data theft.
  • We’ve looked at the ways these steps are morphing and being used to propagate attacks. While we definitely see an increase in targeted attacks, the mass compromise continues to occur on a regular basis. What has changed is the way these criminals are luring their victims to click. And, it is often involving more social media lures.

Other key findings include:

  • 82 percent of malicious websites are hosted on compromised hosts.
  • 55 percent of data-stealing malware communications are web-based
  • 43 percent of Facebook activity is streaming media, including viral videos. That's more than five times the next largest category of news and media within Facebook. The streaming media percentage is important because web lures (like videos, fake gift offers, surveys, and scams) prey on human curiosity and have moved onto the social network. Websense has partnered with Facebook to scan all clicked Facebook web links so that Websense researchers have unprecedented visibility into the social network's content.

The Websense Security Labs Threat Report provides metrics and practical advice for IT Security professionals. Take a read and let us know if you have any questions about the findings.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.