Cyberthreats broke new ground with mobile devices, while reaching deeper into social media. Online criminals also stepped up attacks via email, web and other traditional vectors. Websense® Security Labs released “2013 Threat report” and their researchers measured a nearly 600 percent increase in the use of malicious web links, representing over 100 million new global malicious websites. More alarming was the news of CISOs reporting that most threats bypassed their traditional controls, and they feel unprepared to meet emerging threats such as spear-phishing.
Some of the key findings of the report are:
1. Web Threats. The web became significantly more malicious in 2012, both as an attack vector and as the primary support element of other attack trajectories (e.g., social, mobile, email). Websense recorded a nearly 6-fold increase in malicious sites overall. Moreover, 85 percent of these sites were found on legitimate web hosts that had been compromised.
2. Social Media Threats. Shortened web links— used across all social media platforms—hid malicious content 32 percent of the time. Social media attacks also took advantage of the confusion of new features and changing services.
3. Mobile Threats. A study of last year’s malicious apps revealed how they abuse permissions. Especially popular was the use of SMS communications, something very few legitimate apps do. Risks also increased as users continued to change the way they used mobile devices.
4. Email Threats. Only 1 in 5 emails sent was legitimate, as spam increased to 76 percent of email traffic. Phishing threats delivered via email also increased.
5. Malware Behavior. Cybercriminals adapted their methods to confuse and circumvent specific
countermeasures. Fifty percent of web-connected malware became significantly bolder, downloading additional malicious executables within the first 60 seconds of infection. The remainder of web-connected malware proceeded more cautiously, postponing further Internet activity by minutes, hours or weeks, often as a deliberate ruse to bypass defenses that rely on short-term sandboxing analytics.
6. Data Theft/Data Loss. Key changes in data theft targets and methods took place last year. Reports of intellectual property (IP) theft increased, and theft of credit card numbers and other Personally Identifiable Information (PII) continued to grow. Hacking, malware and other cyberthreats continued to be a common method of attack.
Some other interesting data –
|Top 10 Countries Hosting Malware
||Top 10 “Victim” Countries
|1 United States
||1 United States
|2 Russian Federation
||3 United Kingdom
|6 Czech Republic
|7 United Kingdom