Thursday, March 02, 2006

Websense Security Trends Report for Second Half of 2005

Websense has published their report on internet criminal activity for the second half of 2005.

They are seeing an increase in the number of malicious websites containing crimeware on the rise. Phishing attacks are also changing (mutating) to account for greater awareness and defenses out there against them. One of the mutations is spear phishing, where specific groups are targeted, often (allegedly) with the use of inside information, which was probably stolen. They are also seeing an increase in attacks against non-finanical institutions, which were the traditional targets of this sort of activity.

The conclusion in the report is:

"The use of the web to launch attacks increased during the second half of the year, and the variety of methods used to launch attacks mirrored this increase. We saw criminals adapt to changing conditions by creating new exploits, capitalizing on inherent vulnerabilities, increasing the quality and stealth of their exploits, and cooperating among themselves."

"We saw browser and operating system exploits used more frequently and more effectively in H2 2005. These included zero-day exploits targeting browser and operating system vulnerabilities. Cyber criminals improved the timing of such exploits in H2 2005 by detecting vulnerabilities, designing attacks, and launching them before the vulnerabilities were widely known, and before patches could be provided for computer users."

"Infections resulting from visits to websites surpassed other infection methods during the second half of the year. We determined that this method of infection has begun to be used in combination with other methods."

"Hand-in-hand with the increased involvement of organized criminal groups, we saw a movement away from nuisance attacks toward exploits and malicious websites intended for criminal purposes. Successful exploitation of these vulnerabilities enabled attackers to execute code on the workstations of unsuspecting users without their knowledge or consent — even fully patched workstations. We also saw an increased use of affiliates to spread infections."

"New targets for exploitation appeared in the second half of the year, as cyber criminals compensated for increased sophistication and wariness among computer users who have become more aware of luring techniques. Spear phishing was introduced in an effort to deliver more convincing lures to targeted audiences."

"Attacks were increasingly launched against smaller domestic financial institutions in H2 2005, and more frequently against non-financial targets. We saw an increase in cyber extortion attacks in which money was requested to resolve problems introduced by those requesting money for the repairs."

Internet crime is on the rise. In fact, it seems that it is becoming more organized and that it is becoming more devious to thwart recent awareness campaigns. Recently, when addressing the RSA conference, FBI Director Robert Mueller called for greater cooperation between business sector and law enforcement to combat cyber crime throughout the world. If we fail to heed this wise advice, I fear the consequences could be serious.

On a personal level, I would like to commend the good folks at Websense, who are part of the business sector and seem to be contributing to the atmosphere that Director Mueller speaks of.


Anonymous said...

In the end, it's all up to IETF to change this stablished web chaos by means of RFCs which contemplates more rigorous routing policies.


Anonymous said...

In the end, it's all up to IETF to change this stablished web chaos by means of RFCs which contemplates more rigorous routing policies.


Rechtsberatung said...

Its a really nice to see the report on the criminal activities. Its truly a great work to posting a Websense report at your blog.