The Online Threat Landscape – Setting The Scene Cristian Rodriguez Enterprise Sales Engineer – Mid Atlantic Websense, Inc.
Waves of Change Rich Internet Applications Social Web and Web 2.0 Cloud Computing
YouTube is the 2nd largest search engine in the world Facebook tops Google for weekly traffic in the US 80% of companies use social media for recruiting 95% are found on LinkedIn 34% of bloggers post opinions about products and brands 78% of consumers trust peer recommendations Imagine what this means for bad customer experiences Social Networking Social Media
Today’s Webscape Web Traffic Source: Alexa Internet, Inc. , January 2010
The evolution of WEB 2.0 is fundamentally changing the way we CONNECT, LEARN, and COMMUNICATE. THE STATIC WEB IS GONE FOREVER !
Zeus gang arrested for stealing over $20M Heartland Payment Systems data case settled for $140M and climbing Stuxnet has geopolitical implications Massachusetts hospital lost 800,000 patient records Aurora went well into 2010 Wordpress got hacked multiple times 2010: High Profile Cases
Blended Attacks are the Norm • Attacks are sophisticated and targeted • Data is the end goal • Web and email are used to extract many types of data • Attachments and HTML files are used to help deliver blended attacks • These attacks simply bypass binary security solutions • SEO poisoning and Rogue AV attacks grew out of control in 2010
Most advanced malware ever? State sponsored: Geo-political implications can cause major problems with this type of attack going forward First malware designed to target SCADA equipment Spread via USB Stick Stuxnet: Rise of the Machines “Stuxnet has the same surgical capabilities as a stealth bomber.” – Ali Mesdaq, Websense Security Researcher
111.4% increase of number of malicious sites from 2009 to 2010 79.9% of malicious sites are compromised legitimate sites Since April, the ThreatSeeker Network has identified between 1 and 2 million malicious sites per month The Web Landscape The graphic below shows examples of how just two clicks can lead from safety to danger. The numbers included with each site show the Alexa traffic ranking. Searching for trending news “buzz” in 2010, resulted in more dangerous results (22.4%) than searching for adult content. Buzz is up from 13.9% in 2009
Bad things exist in the recreational web. You don’t have to go to dark places to find trouble. Buzz is key SEO target: Corey Haim’s death, Chile, Haiti and Hawaii disasters, Lindsay Lohan’s arrest, trending topics… Calendar events (holidays) and seasonal items (taxes) are choice targets SEO poisoning happens as the events unfold (real time) SEO Poisoning Getting Worse
Blended attacks (Email +Web) are increasingly popular 84.3% of all emails are spam 89.9% of all unwanted emails contain a URL, an increase by 4% from 2009 Hackers are getting clever with attachments that look real The body of today’s email attacks are sophisticated and aesthetically pleasing to the eye Email authors focus on key calendar events: Holiday shopping, tax season and major sporting events Email Discoveries Attachment
Shopping is the most common spam theme Pump-and-dump increased due to uncertainty in stock market Spammers are aggressively targeting the walls of Facebook and Twitter Spam Breakdown
Web and Email attacks are converging to steal data Advanced persistent threats are surgical in nature United States hosts the most crimeware files 9% of data stealing attacks happen over email 52% of all data stealing attacks happen over Web China and US top countries hosting drop sites A Massachusetts hospital lost 800,000 data files in 2010 Hackers exposed over 100,000 of AT&T’s iPad customer records in 2010 Heartland Payment Systems Settled biggest data suit in history during 2010 Data Loss And, of course, WikiLeaks…. Need we say more?
“Scam-of-the-day” on Facebook Koobface still a big factor Boonana new malware that works on Windows/Mac/Linux Twitter XSS still a problem Hackers focus on the dynamic nature of these sites Many brands need to enable the use of Social Networking
40% of all status updates have links and 10% of those links are either spam or malicious Facebook Status Updates
Wordpress: The biggest platform is the biggest target 56% of compromised blogs are compromised more than once 2010 saw major many hosting providers get compromised Blogs
The dynamic nature of today’s Web has enabled many new and old threats to emerge in many new forms The methods and means have changed, and so too have the targets Security is challenged not only be the threats, but also by the business itself Security needs to change… it must be more integrated with the business, with itself, and more dynamic to address the ever changing landscape The Online Threat Landscape