WEEKLY DATA SECURITY NEWS ROUND UP Ed. 23 April 8, 2013
Websense’s 2013 Threat Report in a Nutshell
Websense Rundown by the Numbers
600% - Increase in malicious sites worldwide
32% - of malicious links on Social Media used shortened links 1 in 5 E-mails - Sent that were legitimate (spam included)
Websense has just released its new extensive threat report and while some of the findings may not be shocking, they are still a strong reminder that efforts need to be refocused and revitalized in the coming year. The data was collected from over 10,000 different accounts in the Websense Threatseeker Intelligence Cloud that analyzed all of it in real-time using the Websense Advanced Classification Engine. On the right are some of the big takeaway statistics included in the report, and included within the actual report are key takeaways from these statistics. One of the more interesting discoveries was the increase in Cyberattackers using “timedelay” in e-mail attacks to hide malicious links until they bypassed traditional security defenses. The other big threat topics include: Web, Social Media, Mobile, Malware Behavior, and Data Loss. After reviewing its findings, the threat report comes to the following conclusion.
“While security strategies must turn to tighter controls on email, mobile devices and social media, the heart of almost all attacks through these vectors continues to be the web. Regardless of the lures sent through other channels, these attacks all use the web to enhance their social engineering efforts and hide their true intent while waiting for the right moment to install malware, communicate with a CnC server or deliver stolen information. Every industry, region and language saw dramatic growth in malicious web activity as the common conduit through which cybercriminals perpetrated email, mobile and social media attacks.” Check out the Full Threat Report here
“Striking the right balance between security and user experience is challenging” - Mozilla’s Security Community Answers Top Questions The Mozilla Security staff was on hand recently to answer any and all questions that the network industry had for them, and some of the insights were very interesting. One person asked how Mozilla makes sure a product with a “large user-base like Firefox remains secure, while at the same time not burdening the end user with security controls they will most likely just bypass for the sake of convenience?”
Larissa Co, a UX designer at Mozilla, acknowledged that striking this balance is always difficult, and shared the four following insights into how this issue is tackled. 1) Protect the user automatically without requiring them to make a choice. You’ll be viewed as more trustworthy if you only interrupt the user when it’s absolutely necessary 2) Warn the user when you can’t protect him automatically, but make sure you respect his time and task. Don’t put a warning where the user can’t see it, or where it just totally interrupts his task pointlessly. 3) Help the user make a thoughtful decision; security is overwhelming for most people. Try to focus the messaging on the impact to the user’s task, not on the big scary consequences. Also try to nudge the user in the direction of safety by the way you phrase things and the kind of UI you choose 4) Offer the user (especially expert users) control, but keep it away from novices. UI doesn’t have to be over-simplified in all cases. Experts feel in control when they have technical specificity and a way to calibrate things, whereas this overwhelms a novice. For a novice, control means helping them make the right decision. The trick is to keep novice and expert views clearly separate from each other so that both groups feel that they have a sense of control. This is just one of many great insights provided by the Mozilla Security Staff from this “Ask me Anything”, be sure to check out the full thread here.
ISP Advertisement Injection - Is this even legal? Zachary Henkel, a tech blogger, recently found an online ad that seemed even more intrusive than usual. He took a screenshot of what he found on the official Apple website that had a bold green banner at the bottom of the page. Zach, like many others, know that Apple is relentless with its image, and was shocked to see this. Why would Apple allow such an eyesore on its official website?
The “File Free Online” Green banner ad that sparked the investigation is definitely an eyesore
He did a thorough investigation to track where the advertisement was actually coming from, and to make a very long story short, it was being “injected” directly from the Internet Service Provider (ISP) “CMA Communications”. CMA is essentially pocketing cash by throwing unwanted advertisements onto numerous sites ranging from the mainstream to mom and pop sites. If you’re wondering if this is legal, it’s probably not. This discovery from Zach has been widely discussed since it surfaced a couple of weeks ago, and many officials ranging from CMA, the affected websites, and several others have declined to comment. However, CMA did update their “Acceptable Use Policy” (Section 10) on April 4th, and it’s a little frightening to say the least. In the grand scheme of things, a little banner on the bottom of a page shouldn’t mean too much. But when it means somebody else is making a profit by tarnishing your website, isn’t that compromising and effectively harming your business?
Catching up with the “Times” A lot has happened since the last Weekly, so it’s time to do a quick round-up. First up, an Op-Ed piece stresses the importance of software developers putting more emphasis on security rather than just keeping up with their competitors. The ruthless competition between software developers that don’t stress security leads to gaping holes that hackers are so easily able to exploit. When software developers put security of their software at the forefront, all of our jobs will become much easier. Next, an emerging trend finds that corporate cyberattackers are not only looking to delay or steal data, but destroy it entirely. If the trend continues, you could see things like developing IP being completely wiped out and years of data cleaned out. The guys from Office Space might not need to resort to a baseball bat and swift kicks to destroy the next thing that frustrates them. Now more than ever, backing up your data will become necessary. And finally an attack on Spamhaus was one of the largest DDoS attacks the internet has seen, with nearly 300 Gbit/s of traffic at one point completely crippling the service. To compare, some of the DDoS attacks that took down the biggest U.S. banks a few months ago were around 50-100 Gbit/s. The headlines on this were very dramatic with some calling it the biggest internet attack of all time, but the key takeaway is that DDoS attacks are becoming stronger as each day goes by.
Some people just want to see data destroyed