One of the easiest section of a news service to fill the one called “Security.” There’s no shortage of stories about malware taking down an organization’s Web site or stealing sensitive information.
According to Websense Inc.’s annual threat report, issued this week, attacks or organizations are increasing in numbers and sophistication, and that won’t change in 2013.
The report says there’s a “crisis of trust”—that mobile devices can’t be trusted on corporate networks, that users can’t trust IT for protection from attacks, that organizations can’t trust their current defences to protect against emerging attacks.
“The Web became significantly more malicious in 2012,” the report says in part.
Which begs the question: Have we lost the security war?
It’s a difficult question to ask an official of a security vendor – Websense makes Web filtering software – and one that the company's manager of security research was reluctant to answer yes.
“Security is constantly a cat and mouse game because the Web is really open, so we’re constantly on the lookout for stuff,” said Chris Astacio.
“But to stay we’ve lost the war is difficult to swallow.
“There are always things that can be done to prevent attacks, and that’s by using a layered approach to security. You never expect there’s going to be one silver bullet to and one layer of protection that’s going to cover everything.”
Malicious binary codes change hourly, he pointed out, a pace that antivirus software can’t match. So layers analyze what’s coming into the network, the binaries themselves, and what’s going out.
Among the report’s highlights:
-- Malicious URLs increased more than 600 percent over 2011 levels;
-- 85 per cent of malicious web sites were found on compromised hosts sabotaged by cybercriminals;
-- Only 1 in 5 emails sent in 2012 were ‘legitimate’;
-- 1 in 10 malicious mobile apps asked for permission to install other apps, something rarely required by legitimate apps;
-- 32 per cent of shortened URLs in social media were used to disguise malicious links to other Web sites;
-- Attackers are getting more sophisticated, using social media to find individuals to target. For example, one victim looking for a used car received an email with an infected document purporting to be from someone with a car to sell;
-- It’s also common for attackers to send email with malware on weekends or Monday morning, when they figure people have their guards down and are more likely to click on links or open attachments;
-- Half the 2012 malware that connected to the Internet after infection downloaded additional malicious programs
“Taken together, these indicators made it clear that those who treat mobile threats, email threats, Web threats and other cyberthreats as separate and distinct risks will be left behind,” the report concludes.
(By Howard Solomon)