San Diego, California – (The Hosting News) – October 3, 2005 – Internet management solutions company, Websense, Inc., has announced the release of the 2005 Semi-Annual Web Security Trends Report issued by Websense Security Labs.
In the first half of 2005, Websense Security Labs was successful in identifying and hindering several new high-profile exploits, including a new type of “ransom-ware” attack in which money was extorted from users in order to unlock files held hostage by the cyber criminal.
Websense Security Labs discovers and investigates today’s advanced Internet threats and publishes its findings enabling organizations to protect employee computing environments from increasingly sophisticated and dangerous internet threats. The new report summarizes findings for the first half of 2005 and presents projections for the upcoming year.
According to the report, the web continued to evolve and grow as an attack vector in the first half of 2005. The report found a marked increase in the number of malicious websites and in the amount of “crimeware,” a term which refers to using malicious code written with criminal intent. The phishing landscape also changed considerably, and the report identified significant differences in the types of targets and variety of attacks. Spyware has also changed in the way that it is being used, with increasing use of keyloggers and “screen scrapers,” which are Trojan horses designed to capture end-user screenshots, in acts of industrial espionage.
Leo J. Cole, Vice President of Marketing for Websense, Inc. commented on the report, “Websense Security Labs mines more than 60 million websites per day, looking for malicious activity. With our extensive malicious code detection and classification expertise, we have discovered many new attacks such as ‘cyber-extortion’ before our competitors. As Websense Security Labs continues to discover these new high-level security threats, we utilize these findings to provide unsurpassed and timely web security protection and increased value to our customers.”
Key findings in the report include:
As in 2004, Websense Security Labs saw several software vulnerabilities disclosed in the first half of 2005 and followed shortly thereafter by exploits. The Labs also saw an increase in the number of exploits against Firefox in order to spoof the browser toolbar and others.
Even though several browser vulnerabilities were exploited, traditional deception through social engineering is still the method used most often to infect end users with malicious code. Well-crafted emails, IMs, and a variety of other devious methods are still being used to entice users to visit websites in order to infect them. These methods are often combined with vulnerability exploits; however, in most cases an executable sits on a website waiting for an end user to run it so it can work.
The motive for creating malicious websites is shifting away from annoyances such as changing the default homepage and adding bookmarks to a browser. Hackers have advanced to more nefarious purposes such as running exploit code to open a backdoor and changing browser address bars to spoofed websites such as banking phishing sites.
Additionally, in early 2005, Websense Security Labs saw a dramatic increase in the volume of phishing-based malicious code — specifically this code was used most frequently to target Brazilians. This code was designed to run on a machine and log keystrokes when a connection is made to predetermined websites. The keylogger then sends that information to a remote location for the purpose of identity theft.
In the first half of 2005, Websense Security Labs saw the phishing attack landscape change considerably with new targets and types of phishes. The Labs also observed an increase in the number of international brands targeted as well as a dramatic increases in the number of smaller, regional banks being targeted — credit unions, in particular. The Labs saw a growing number of small credit unions targeted by “puddle phishing” scams — more than 30 since the beginning of the year. Interestingly, at least one of the community banks recently targeted operates with as few as 11 branches.
Websense Security Labs predicts that changes in the phishing landscape are due in part to the countermeasures and increases in end user awareness put in place by large financial institutions and e-commerce organizations. In response to successful counterattack measures, the attackers are setting their sights on other targets and changing their tactics. Attacks are also becoming more sophisticated and difficult to detect. With regard to the future of phishing, as banks and other organizations deploy more sophisticated anti- keylogging measures and other robust authentication methods, attackers will respond with new, more intricate approaches. The cat and mouse game will continue, and new attacks will evolve as defenses become stronger.
The Labs also predicts that there will be continued “hunting in packs,” in which criminal groups share tools to create large-volume attacks with similar attack characteristics. Criminals will be able to leverage attack components easily and simply modify their targets.
Additional Research and Analysis in the Web Security Trend Report
The Websense Security Labs’ Web Security Trend Report also discusses the growing use of blogs and personal websites as a means to distribute malicious code, an increase in new technologies, such as “screen scrapers” to obtain end-user information, and cyber-extortion scams. In addition, the report analyzes the increased spread of malcode propagating on the Internet, including Trojan horses, spyware, and BOTs. Furthermore, the report discusses the advancement and development of hacking websites and hacking tools as well as offers predictions as to what to expect in the remainder of 2005.
To view the report in its entirety please visit: http://www.websensesecuritylabs.com/docs/WebsenseSecurityLabs20051H_Report.pdf.