Beware: Six stages of malicious cyber crime attacks
Online security is no longer a simple matter of patching software and keeping your anti-virus solution up-to-date. To put an effective IT security solution in place and secure your business data, you need to have a basic understanding of the six stages of today’s malicious cyber attacks.
The recently released Websense 2012 Threat Report makes sobering reading for anyone concerned about the safety of their confidential business data. Prepared by the Websense Security Labs, the study takes a look at the changing nature of threats affecting IT systems
Here are just a few of the findings:
- 82 percent of malicious websites are hosted on compromised hosts. The problem is, if compromised hosts are the norm, how trustworthy are cloud and hosting services?
- 55 percent of data-stealing malware communications are web-based. It’s not just email that we have to be worried about any more.
- 43 percent of Facebook activity is streaming media, including viral videos. The streaming media percentage is important because web lures (like videos, fake gift offers, surveys, and scams) prey on human curiosity and have moved onto the social network.
- 50 percent percent of malware connections lead to the United States, making it the largest host of malware in the world.
- 60 percent of phishing attacks are hosted in the United States.
- 74 percent of all email in 2012 is spam.
- The number of users who will be exposed to a malicious mobile app is increasing quickly.
The report highlights that security is no longer a simple matter of patching software and keeping your anti-virus solution up-to-date (although it’s still a good idea to do both). Today’s threats are more opportunistic, more sophisticated and operate on multiple levels. Because the internet has become pervasive, almost all attacks involve a web component and the majority are designed to take advantage of the human element as the weakest link.
To put in place an effective IT security solution, it is necessary to have a basic understanding of the six stages of today’s malicious attacks:
1. Lures: A web lure is designed to get you to click on a link. It could be the offer of a free gift in return for completing a fake survey. It might be a news update about a celebrity or a natural disaster, a “MUST SEE” video or, using information gleaned from social media sites, news about an ex-partner. Email lures on the other hand have to be a little more subtle if they are to make it through your spam filter. Therefore, they’re more likely to be about something you could reasonably expect to receive such as a courier delivery or a problem with a bank account.
2. Redirects: Once the recipient reaches for the lure the redirect comes into action, funnelling the user to a hidden server. The goal is to herd users onto a desired path for analysis by an exploit kit. This may mean sending the user to a survey, a rogue offer, a fake web page or a social networking wall posting.
3. Exploit kits: This is the stage where the user’s system is inspected for security vulnerabilities in software such as browsers and common applications. The aim is to target the window of opportunity between the identification of a software vulnerability and an organisation’s ability to apply the software patch, thus closing the vulnerability.
4. Dropper files: If a vulnerability is found, malware is promptly delivered in the form of a dropper file. This is the stage that most people focus on for defence, hoping their security software will analyse every incoming file for malware. The problem is attacks now use unique dropper files that are undetected by traditional defences for hours or days during attack analysis.
5. Call-home communications: Unknown to the user, the malware calls home for more malware to expand the attack. This stage highlights the importance of ensuring that a full system defence analyses what’s going out of your organisation as well as looking at what’s coming in.
6. Data theft: It’s no longer simple business disruption that you have to worry about. For cyber criminals, the pay-off is to slowly, automatically drip feed password files or confidential information out of the organisation. One high profile example of data theft occurred last year when the Sony PlayStation Network was breached, exposing an estimated 103 million user names, addresses, passwords and related credit card information.
Each stage has unique characteristics that need specific defences. The big requirements are context and containment in a real-time predictive analysis environment to reduce risk. Every organisation should be protecting its data with web gateways that offer real-time defence by analysing inbound and outbound traffic for all six phases of threat. After all, for the organisation suffering data theft or the operator of a compromised web environment, the implications can be serious, ranging from trust and reputation to compliance and business continuity.