websense: threat report 2013

Posted by trammel at 2020-03-03

Today I read the 2013 threat report released by Websense in February 2013.

The report provides multiple sets of statistics, such as:

1) The number of malicious websites has increased six times year on year;

2) 85% of malicious websites are on legitimate web hosts;

3) Only a fifth of the mail is legal, while 76% of the spam traffic;

4) Half of the malicious code based on Web connection will start to download additional malicious code within 60 seconds after infection;

5) The top 10 host countries of malicious websites are: USA, Russia, Germany, China, Moldova, Czech Republic, UK, France, Netherlands and Canada;

6) The largest recipient country is the United States;

7) 32% of social media malicious websites use short connection;

8) The top 10 host countries of CNC server are: China, the United States, Russia, Germany, the Netherlands, Turkey, Ukraine, Canada, Moldova, Latvia;

Recommendations in the report:

1. Inline, real-time information security is necessary to help prevent web-borne threats.2. Integrated security solutions are required to control inbound and outbound threatsbrought about through increasing use of social media by on-site, remote andmobile users.3. Mobile device management (MDM) capabilities must be augmented with defensesthat can control mobile access to key resources, and perform real-time analysis ofpotentially malicious content in all vectors.4. Email security requires real-time threat analysis that coordinates with web, mobileand other defenses.5. Malware defenses need to monitor both inbound and outbound HTTP and HTTPStraffic to prevent infection and detect command and control (CnC) communications.6. Data loss prevention (DLP) approaches must address encrypted communications,and better control both inbound and outbound content flow.

There is also an appendix to the report that lists the seven steps of apt or ADT (advanced data theft):

1) Stampede point;

2) Baiting;

3) Redirection;

4) Exploitation of loopholes;

5) Release documents;

6) Call;

7) Stealing;

The report finally refers to IDC's report:

IDC stating “Signature based tools (anti-virus, firewalls and intrusion prevention) are only effective against 30-50 percent of current security threats.Moreover, customers expect the effectiveness of signature-based security to continue todecline rapidly.” Much of this can be attributed to how attacks evolved to specifically counter those defenses. To address this exposure, IDC recommended that organizations consider“a shift in security posture toward being more proactive.”