These days, it seems that just about everything IT does opens
potential vectors for attack. When I read through recent threat
analyses and reports from security companies and analysts, it's
clear that there are no more safe havens for enterprises of any
size. Even where no obvious threats appear, there may be more
subtle, "low and slow" attacks under way.
Here's a quick update on the latest threats that jumped out at me
from the recent Sophos plc mid-year 2010 Security Threat Report; a
Forrester Research Inc. report, "
The New Threat Landscape:
Proceed With Caution"; and other sources:
Web Threats. "The Web remains the biggest vehicle
for malware," says Sophos. And the traditional method of luring
victims to malicious sites has been joined by the even more
insidious technique of corrupting legitimate sites with SQL
injection and "malvertising."
E-mail Threats. These types of threats are "far
from dead," according to Sophos. Though eclipsed by the Web, email
threats continue to simmer, including "Bredolab" attacks disguised
as invoices for nonexistent purchases or as shipments via DHL,
FedEx, or UPS.
Search Engine Optimization (SEO). According to
Sophos, "Malicious sites reference trending search terms and are
optimized to maximize traffic from search engines." And a number of
underground forums sell custom tools designed especially to
generate this type of seemingly genuine content.
Personalized Attacks. These days, hackers often
have particular high-value targets in mind. And spam-makers are
using automated techniques to personalize their messages. According
to Forrester, targets now include "not just financial institutions
but business competitors, political groups, or even enemy
countries." Meanwhile Symantec Hosted Services says personalized
spam now accounts for about 10 percent of spam. The company cites
"Cybercriminals behind the Grum botnet [who] send personalized spam
that includes the recipient's email address, a technique often used
in legitimate marketing emails ... The spammer also 'personalized'
the URL, which leads to an online pharmacy website."
Adobe Reader. PDFs have become a "key malware
target," Sophos says. For instance, many of the iPhone threats
recently in the news are delivered via this method.
Social Networking. Even as social networking goes
mainstream in the enterprise, there has been a 70 percent jump in
the number of companies reporting attacks via social networks.
That's why despite the widely acknowledged benefits of social
networking, a third of companies still block Facebook, Sophos says.
More than half of all companies surveyed by Sophos said they had
received spam via social networking sites, and more than a third
said they had received malware.
Perhaps the worst example of this threat is the notorious Koobface
worm, which "is capable of registering a Facebook account,
activating the account by confirming an email sent to a Gmail
address, befriending random strangers on the site, joining random
Facebook groups, and posting messages on the walls of Facebook
friends (often claiming to link to sexy videos laced with
malware)." Yikes!
Data Leaks. Sophos says enterprises' lax data
access and encryption policies were largely responsible for many of
the past year's high-profile data loss incidents.
Mobile Devices. Loss and theft may be the biggest
problems for mobile device users, but that is definitely changing.
While they have avoided truly common or widespread attacks, Sophos
says, mobile devices are still vulnerable -- and mobile devices'
small screens can make it harder to detect attacks and bogus
offers.
I'm afraid of all 8 of these things. How about you?