The newest Websense Security Labs 2014 Threat Report reveals that cybercriminals endure to evolve their attack planning and execution to be able to stay ahead of most existing security measures. Charles Renert, vice president of security research for Websense held that while determined, persistent attackers persist to have success in advanced, strategic attacks making use of zero-day exploits and advanced malware, there has also been a boom in cybercriminal activity on a massive scale. “Even these more ‘common’ forms of attack are easily slipping past organizations without real-time defences,” he expounded.
The report from its quarter fine points the global criminal-infrastructure-as-a-service economy on the rise through exploit kits and compromised websites redirection chains. By way of an analysis involving the latest attack methodology, Websense’s security researchers have analyzed the seven threat stages entailing advanced attacks. Furthermore, upshots comprise the modification and repurposing of existing malware source code.
Other key findings from the report read in the order as, viz:
- 85 percent of malicious links used in web or email attacks were located on compromised legitimate websites
- 3.3 percent of all spam contained malicious links and other malicious content
- The average number of website redirects used per attack in 2013 was four
- The maximum number of redirects used in a fully documented attack was 20
- Websites classified as Business and Economy, Information Technology, Shopping and Travel made the top 10 list of compromised redirect destination categories
- The Magnitude and Neutrino Exploit Kits experienced the largest surge in adoption following the arrest of Blackhole’s creator
- 30 percent of malicious executable files sampled included custom encryption of command and control communication or data exfiltration
The report from its part also documents as to how the infrastructure of an attack campaign is constantly developed, enhanced and reused all the way through the entire threat lifecycle. Websense states that – in order to avoid detection while reusing components in subsequent attacks, criminals from their bastions are all the time more taking an approach that consists of modification and modulation of existing attack tools. Every so often, this means cherry-picking to take advantage of the exact strength of a particular piece of malware to target fresh industries.
Moreover, Websense security researchers observed the Zeus malware, which was originally designed as a financial threat and keylogging Trojan, dramatically increased in use as it was repurposed for other vertical markets. In the previous year the government and the communications industry joined financial firms among the top five verticals targeted with Zeus malware. The top two industries which were hit the hardest with Zeus attacks read as the services and manufacturing sectors.