April 7, 2015

Websense Security Labs Publishes 2015 Threat Report

Carl Leonard Principal Security Analyst

The Websense® Security Labs™ team has produced our annual Threat Report, the must-read analysis of what’s really happening in the cyber landscape.

The human and technical aspects of cyber threats changed dramatically in 2014. We saw new techniques blended with the old, resulting in highly evasive attacks. While vulnerabilities were found and exploited in old infrastructure standards, developments such as the Internet of Things have emerged to present a completely new set of infrastructure challenges.

2015 Threat Report

There are eight trends definitely worth noting due to the significant risk they pose for data theft this year. These are reviewed across two categories: Human Behavioral Trends and Technique-based Trends, to examine who’s doing what and how they are doing it. Each of the two categories will look at 4 topics of interest, to include data on:

Cybercrime Just Got Easier: In this age of MaaS (Malware-as-a-Service), even entry-level threat actors can successfully create and launch data theft attacks due to greater access to exploit kits for rent, MaaS, and other opportunities to buy or subcontract portions of a complex, multi-stage attack. We review how 99.3 percent of malicious files used a Command & Control URL that has been previously used by one or more other malware samples and what this means for an attacker and a defender.

Something New or Déjà Vu?: Threat actors are blending old tactics, such as macros, in unwanted email with new evasion techniques. Old threats are being “recycled” into new threats launched through email and web channels, challenging the most robust defensive postures. We review how a business can adapt to protect itself from increasingly advanced threats and capable threat actors.

Digital Darwinism - Surviving Evolving Threats: Threat actors have focused on the quality of their attacks rather than quantity. Websense Security Labs observed 3.96 billion security threats in 2014, which was 5.1 percent less than 2013. Yet, the numerous breaches of high-profile organizations with huge security investments attest to the effectiveness of last year’s threats. We review what has changed in the threat landscape and what actions businesses can take to bolster their security posture.

Additional topics include how to face the challenge presented by the IT security skills shortage, how to build on infrastructure made brittle by OpenSSL Heartbleed and similar vulnerabilities, and how to handle the difficulties in correctly attributing an attack to an adversary.

Live Webcasts

We shall present our Threat Report 2015 in a series of webcasts, with key security experts discussing the past impact and future implications of these trends. Register now for your regional webcast, after which you will be a sent a copy of the report:

  • EMEA: Tuesday, April 14, 10:30 a.m. BST / 11:30 a.m. CEST – register now >


Download the 2015 Threat Report

To download the Websense 2015 Threat Report, visit http://www.websense.com/2015ThreatReport


Carl Leonard

Principal Security Analyst

Carl Leonard is a Principal Security Analyst within Forcepoint X-Labs. He is responsible for enhancing threat protection and threat monitoring technologies at Forcepoint, in collaboration with the company’s global Labs teams. Focusing on protecting companies against the latest cyberattacks that...

Read more articles by Carl Leonard

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.