Attack Intelligence Research Center Monthly Threat Report MalWeb Evolution and Predictions

Similar documents
Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security

Protecting the Infrastructure: Symantec Web Gateway

The Microsoft JPEG Vulnerability and the Six New Content Security Requirements

Inspection of Encrypted HTTPS Traffic

Websense Messaging Security Solutions. Websense Security Websense Hosted Security Websense Hybrid Security

Managing Web Security in an Increasingly Challenging Threat Landscape

Technical White Paper. Two-Factor Authentication The Real Cost of Ownership

Countermeasures against Spyware

User Documentation Web Traffic Security. University of Stavanger

INSTANT MESSAGING SECURITY

Spear Phishing Attacks Why They are Successful and How to Stop Them

SafeNet Content Security. esafe SmartSuite - Security that Thinks. Real-time, Smart and Simple Web and Mail Security Solutions.

Covert Operations: Kill Chain Actions using Security Analytics

Netsweeper Whitepaper

SECURITY REIMAGINED SPEAR PHISHING ATTACKS WHY THEY ARE SUCCESSFUL AND HOW TO STOP THEM. Why Automated Analysis Tools are not Created Equal

K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS. v.109

Advanced Persistent Threats

Secure Your Mobile Workplace

A TASTE OF HTTP BOTNETS

Symantec Advanced Threat Protection: Network

Symantec Protection Suite Add-On for Hosted and Web Security

ENABLING FAST RESPONSES THREAT MONITORING

Endpoint Business Products Testing Report. Performed by AV-Test GmbH

Spyware Doctor Enterprise Technical Data Sheet

White Paper. Why Next-Generation Firewalls Don t Stop Advanced Malware and Targeted APT Attacks

SafeNet Content Security Product Overview. Protecting the Network Edge

Radware s Attack Mitigation Solution On-line Business Protection

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

Endpoint Security Management

White Paper. What the ideal cloud-based web security service should provide. the tools and services to look for

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013

Websense Data Security Solutions

Driving Company Security is Challenging. Centralized Management Makes it Simple.

One Minute in Cyber Security

Cybercrime: evoluzione del malware e degli attacchi. Cesare Radaelli Regional Sales Manager, Italy cradaelli@paloaltonetworks.com

Fighting Advanced Threats

Protect your internal users on the Internet with Secure Web Gateway. Richard Bible EMEA Security Solution Architect

WHITE PAPER. Understanding How File Size Affects Malware Detection

Chapter 9 Firewalls and Intrusion Prevention Systems

STATISTICS ON BOTNET-ASSISTED DDOS ATTACKS IN Q1 2015

Importance of Web Application Firewall Technology for Protecting Web-based Resources

MALWARE THREATS AND TRENDS. Chris Blow, Director Dustin Hutchison, Director

Guideline for Prevention of Spyware and other Potentially Unwanted Software

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Getting Ahead of Malware

Phishing Activity Trends Report for the Month of December, 2007

Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.]

European developer & provider ensuring data protection User console: Simile Fingerprint Filter Policies and content filtering rules

Check Point submitted the SWG Secure Web Gateway for

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

QUARTERLY REPORT 2015 INFOBLOX DNS THREAT INDEX POWERED BY

Lab Testing Summary Report

McAfee Internet Security Suite Quick-Start Guide

SECURE YOUR BUSINESS WHEREVER IT TAKES YOU. Protection Service for Business

IBM Protocol Analysis Module

WEB ATTACKS AND COUNTERMEASURES

Spyware: Securing gateway and endpoint against data theft

Putting Web Threat Protection and Content Filtering in the Cloud

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

Defending Against Cyber Attacks with SessionLevel Network Security

Advanced Persistent. From FUD to Facts. A Websense Brief By Patrick Murray, Senior Director of Product Management

SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)

INTRODUCING isheriff CLOUD SECURITY

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Overview An Evolution. Improving Trust, Confidence & Safety working together to fight the beast. Microsoft's online safety strategy

Trend Micro Hosted Security. Best Practice Guide

When Reputation is Not Enough. Barracuda Security Gateway s Predictive Sender Profiling. White Paper

Data Sheet: Messaging Security Symantec Brightmail Gateway Award-winning messaging security for inbound protection and outbound control

Symantec AntiVirus Enterprise Edition

Five Tips to Reduce Risk From Modern Web Threats

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Transcription:

Attack Intelligence Research Center Monthly Threat Report MalWeb Evolution and Predictions A l a d d i n. c o m / e S a f e

Overview Web security has been struggling for a long time with its own definition. Traditionally, Web security referred to the securing of websites, as attackers would try to break into a site by exploiting the logic of the application running on the site, or its infrastructure (the Web server).these days, with the decline in the amount of Web application vulnerabilities and the rise in client targeted attacks carried over the Internet, the definition of Web security has changed. Gartner has been the first to define an official market segment that focuses on the protection of enterprise networks from such Web-born threats as the Secure Web Gateway. This market segment has been the proving grounds for what is today the most prolific attack vector in computer security attacking computer systems through Web content. Threat Evolution The current Web threat can be traced back and compared to the evolution of Web 2.0. The following section exemplifies the correlation between the evolutions of the Internet to the evolution of malicious code. Initially, the Web consisted mainly of static content hosted on websites that delivered only that content and nothing more. The Web was static, with simple text, graphics and links between elements and content. A comparable situation at the threat scenario has been viruses. Traditional viruses were designed to attack the operating system and infect it with a piece of code that would reproduce itself, causing some kind of damage. The attack vector consisted on either physical delivery (using floppy disks and CD-ROMs infected with the viral file), or via email, where a message would contain an attachment that infected the PC when run. At the time, malware solutions were anti-virus software of sorts that focused on providing the end-user with updated signatures for the viruses and blocked their execution when the AV software saw the viral files. When Web applications began to appear, it was a clear indication of the Web s maturing process. Content was no longer static it was dynamically generated at the server side, and could adapt to the users and provide them with more sophisticated content tailored for their request. The threat vector evolved as well. Now, instead of simple viruses, malicious code was delivered in forms that were tailored to mimic the Web experience. Spyware and Adware were the most popular threats, tracking users actions and taking control over their Web experience by manipulating them into viewing advertisements, then collecting information on their activities, and sending that data back for spam and advertisement purposes. Antivirus programs were still one of the most efficient ways to cope with these threats, and the solutions began to put more focus on browser-related technologies such as BHOs (Browser Helper Objects), ActiveX, and Cookies, as part of the solutions they offered protecting against Spyware and Adware as well as viruses. When Web 2.0 technologies started to appear, the Web took a turn into user-generated content. Websites were no longer the sole responsibility of their creator, but more of a platform for users to adapt content to their individual preferences. The Internet shifted from its linear form into an a-linear way of working as the concept of an HTTP transaction was turned into an a-synchronous entity with AJAX. At this phase, user interaction no longer required content to be requested or sent back to the browser, and viewed content could be manipulated in the background without disrupting the flow of events that the user was experiencing with the Web site. esafe In parallel, as Web content gained more potent processing power, the traditional malware found a new weak spot to attack. Browsers (even modern ones) were usually based on technologies that started with the first iteration of the Internet, and needed to support the many add-ons that modern Web 2.0 sites required in order to provide a satisfactory user experience (no modern Web 2.0 site would look remotely usable without JavaScript and most of the times Flash). This situation, along with the many opportunities given by third party software existing on this very same platform from Apple s QuickTime to Adobe s Flash caused a new brand of malicious code to evolve:

MalWeb. MalWeb is not constrained by the necessity to compile and package attacks into easy signature files, and, as it is scripted in plain text, it allows the same exploit code for a vulnerability to be expressed in any number of ways. Even after the traditional antivirus programs started signing keywords prone to be used by malware, as well as whole snippets of code, MalWeb found a new home in code obfuscation that scrambled any piece of malicious code into an infinite string of incomprehensible text that would turn back into code at the client and exploit the end user. Modern Developments of MalWeb When attackers found MalWeb to be the most efficient way of delivering malicious code to their victims, it shifted the scales of corporate security. Email communications required traditional security means to remain in place (in which the security requirements are almost solely focused on SPAM), while more scrutiny has been put on gateway AV, and URL filtering technologies that tried to stop attacks either at the initial communication (preventing users from going to questionable sites), or at the point where the MalWeb that already exploited the PC would try to bring in additional, more traditional malware (the AV scanning files going through the network). At that stage, attackers had the upper hand, and started commoditizing attack tools as exploits packaged in an easy-to-deploy, easy-to-manage software suite, that enabled not only click and deliver MalWeb infections, but also advanced reporting and tracking in order to maximize the return on investment for these tools. It has come to a point where business-to-business (or more appropriately criminal-to-criminal) transactions occur with currency in infected PCs or harvested data, and are usually priced according to its status as a business or an end-user system that was victimized. Security measures at this point in time have to shy away from the traditional measures of signing code, or even running heuristics on known exploits. Possessing a security system that understands MalWeb and Web 2.0 is a key factor in implementing a Secure Web Gateway solution that can not only block and clean up MalWeb ridden content, but also understands how legitimate Web 2.0 applications work, and deliver users with as fast and complete an experience as they demand. In addition, the ability to inspect all the traffic going to and from the Internet not just on the more traditional HTTP and HTTPS communication paths, but also on other ports has turned out to be a significant requirement from an SWG solution as P2P (Peer to Peer) traffic and back-channels for infected systems are not limited to using Web traffic exclusively. Traffic going in and out of the organization needs as thorough inspection as regular Web traffic does, as it is key for controlling Web applications, P2P and IM (Instant Messenger) communications. Looking Forward MalWeb is the natural evolution of malware that has been adapted to the ever-expanding Web 2.0 world. Different from malware, which is created in one place and the distributed in its final form, MalWeb is only born when it reaches its victim. Current signature and filtering techniques are not helpful in eradicating it, because it is created only when it is triggered - when served up by the browser, which runs it and presents it to user. The unique ingredients of MalWeb come from different sources, so it presents in different form each time, making it one of the most critical security threats organizations face today when it comes to securing perimeters and Internet communications. The complexity of Web 2.0 has lent MalWeb it s most important capabilities: carrying over the same media and form as legitimate code is at modern websites and granting it enough power to take advantage of system-level vulnerabilities simply by running on Web browsers and their add-ons that are required for modern Web 2.0 functionality. MalWeb is as adaptive and dynamic as the Web applications it resides in, and like a biological enemy, its goal is to find ways to bypass your immune system your browser protection mechanisms. The key to protection against MalWeb is to develop an equally intelligent defense ensure that all traffic on all ports is being inspected, that content in transit is being analyzed, correlated and cleaned, and that this inspection is covering both inbound and outbound traffic, such as P2P and IM (Instant Messenger) communications. A l a d d i n. c o m / e S a f e

About the Attack Intelligence Research Center The Aladdin Attack Intelligence Research Center (AIRC) is a premier facility for Internet threat detection and cybercrime investigation. The mission of the AIRC is to deliver security research and intelligence that educates, supports and strengthens the security community, and drives innovation in Aladdin s content security solutions. Based in Tel Aviv, the AIRC is comprised of global security researchers and law enforcement and cybercrime specialists dedicated to finding and eradicating Internet threats that compromise legitimate business safety. AIRC goes beyond traditional threat detection to provide business intelligence around evolving threats, predict future trends in Internet security, and uncover the inner workings and affects of the business of ecrime. For more information, visit www.aladdin.com/airc. About Aladdin Aladdin Knowledge Systems (NASDAQ: ALDN) is an information security leader with offices in 12 countries, a worldwide network of channel partners, and numerous awards for innovation. Aladdin etoken is the world s #1 USB-based authentication solution, offering identity and access management tools that protect sensitive data. Aladdin HASP SRM boosts growth for software developers and publishers through strong anti-piracy protection, IP protection, and secure licensing and product activation. Aladdin esafe delivers real-time intelligent Web gateway security that helps protect data and networks, improve productivity, and enable compliance. Visit www.aladdin.com. esafe

9/2008 Aladdin Knowledge Systems, Ltd. All rights reserved. Aladdin and esafe are registered trademarks of Aladdin Knowledge Systems, Ltd. All other names are trademarks or registered trademarks of their respective owners. For more contact information, visit: www.aladdin.com/contact North America: +1-800-562-2543, +1-847-818-3800 UK: +44-1753-622-266 Germany: +49-89-89-4221-0 France: +33-1-41-37-70-30 Benelux: +31-30-688-0800 Spain: +34-91-375-99-00 Italy: +39-022-4126712 Portugal: +351-21-412-36-60 Israel: +972-3-978-1111 China: +86-21-63847800 India: +91-22-67255943 Japan: +81-426-607-191 Mexico: +52-1-55-4159-9733 All other inquiries: +972-3-978-1111

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information