Review of Second Half of 2011 Details Rising Cyber Threats Including Sophisticated Targetted Attacks Using Stolen Digital Certificates, Fraudulent Social Media Scams and the Dominance of the Blackhole Exploit Kit
Singapore -- (SBWIRE) -- 02/09/2012 -- M86 Security, the global expert in real-time Web and email threat protection, today released its latest bi-annual M86 Security Labs Report, which details a significant growth in cybercrime via sophisticated targetted attacks and social-media scams, as well as a rise in malicious email attachments, despite a four-year low in spam volumes last year.
Investigating the Web and email-threat trends in the second half of 2011 for its bi-annual report, M86 Security Labs analysed spam and malware activity, including the current use of exploit kits, fraudulent digital certificates and social-networking schemes, and tracked global Internet-security trends. The M86 Security Labs noted that whilst spam levels have declined, the proportion of malicious spam has increased from 1 per cent to 5 per cent in the last half of the year.
"We already know that cybercriminals have become adept at circumventing mainstream security solutions, and as we find more fraud perpetrated through social-networking sites and mobile devices, it is imperative for organisations to educate their users and complement their reactive protection with proactive, real-time technologies to enhance their security posture," said Bradley Anstis, Vice President of Technical Strategy, M86 Security. "Many of the trends we forecast in our 2011 predictions report, such as the increased use of stolen digital certificates in targetted attacks, have occurred. Our goal is to help organisations preempt these complex attacks before malware has a chance to infiltrate networks and cause very real damage."
Key findings by the M86 Security Labs for the second half of 2011:
- Critical national infrastructure is targetted
As targetted attacks become more sophisticated, cybercriminals are pursuing a wider range of organisations, including commercial, national critical infrastructure and military targets. Confirmed attacks in 2011 include RSA, Lockheed Martin and the Asia-Pacific Economic Cooperation (APEC). Dutch company DigiNotar, for example, detected an intrusion that resulted in the fraudulent issuance of hundreds of digital certificates for a number of domains, including Google, Yahoo, Facebook, the CIA, the British MI6 and the Israeli Mossad.
- Stolen digital certificates are increasingly used in successful targetted attacks
Stealing or faking digital certificates has become an important component of a targetted attack. Digital certificates are used to confirm and assure a user that the downloaded application truly is from the trusted vendor. With the stolen certificates, cybercriminals can distribute malware and sign it with a legitimate company certification; thus, tricking users to confidently download the application.
- The Blackhole exploit kit dominates the exploit kits market
In late 2011, Blackhole established itself as the most successful exploit kit. Its authors increased its update frequency and added new ways to evade detection, such as checking the software version on the client machine before attempting to exploit it.
- The volume of malicious spam escalated in 2011
Though overall spam volume decreased as of December 2011, the proportion of malicious spam rose in the second half of the year from less than 1 per cent to 5 per cent – with a spike in malicious attachments occurring in August and September. As noted previously, there was a shift from malicious attachments to the use of embedded links to infected content later in the year.
- Social media is a haven for fraudulent posts and scams
It is now mainstream practice for spammers to use bogus social-media notifications to dupe users into clicking on infected links. Perhaps even more troubling is the success with which cybercriminals capitalise on user trust and familiarity to make Facebook, for example, a conduit for spam and malware propagation. Many of these campaigns are spread virally by enticing users to share posts for “rewards” or “gift cards” with their friends.
The complete version of the latest M86 Security Labs Report, can be downloaded directly at: http://m86.it/2HSecReport
About M86 Security Labs
M86 Security Labs is a group of security analysts specialising in Email and Web threats, from spam to malware. They continuously monitor and respond to Internet security threats. The Security Labs' primary purpose is to provide a value-added service to M86 customers as part of product maintenance and support. This service includes frequent updates to M86's unique, proprietary anti-spam technology, SpamCensor, as well as Web threat and vulnerability updates to the M86 Secure Web Gateway products. The updates allow M86 customers to proactively detect and block new and emerging exploits, threats and malware.
Data and analysis from M86 Security Labs is continuously updated and always accessible online at http://www.m86security.com/labs and on Twitter at http://twitter.com/m86labs
About M86 Security
M86 Security is the global expert in real-time threat protection and the industry’s leading Secure Web Gateway provider. The company’s appliance, software, and Software as a Service (SaaS) solutions for Web and email security protect more than 25,000 customers and 26 million users worldwide. M86 products use patented, real-time code analysis and behaviour-based malware detection technologies, as well as threat intelligence from M86 Security Labs, to protect networks against new and advanced threats, secure confidential information, and ensure regulatory compliance. The company is based in Irvine, California with international headquarters in London and development centres in California, Israel, and New Zealand. For more information about M86 Security, please visit: www.m86security.com.
Follow M86 Security on Twitter at: http://twitter.com/M86Security
Facebook at: http://www.facebook.com/M86Sec
M86 Security Labs Blog at: http://labs.m86security.com