An interesting study released this week shows that about 1.3 million malicious ads are being viewed online everyday. Most of these malvertisements are pushing drive-by downloads and fake security software. Some of the key findings in the report include:
Users are twice as likely to get infected by a malware ad on a weekend
The average lifetime of a malvertisement is 7.3 days
97% of Fortune 500 websites are at a high risk due to their external partners (JavaScript widget providers, packaged software providers etc.)
69% of Fortune 500 companies use external JavaScript to render portions of their sites
64% of Fortune 500 companies are running outdated web applications
This study drives home the point that everybody is exposed. Whether it’s a consumer hitting an ad on a website that’s got malware or an attack targeting the person running the grid, the fact is as long as there’s a human being in the loop malware is going to get deposited.
What I find interesting is that malvertisments targeting consumers take the same payload-type approaches as APTs that are specifically designed to go after the top government or corporate information, but just not in the same highly targeted, sniper-type fashion. But whatever approach is taken, the cornerstone to every one of these types of attacks that deposit some type of targeted malware is the payload.
This brings me to a poll question I’d like to ask you: What’s the most important step to stopping malware payloads? Said differently, if you could only do ONE thing to stop these attacks, which approach would you take? I’d love to get your feedback on it.
http://www.networkworld.com/newsletters/sec/2010/052410sec2.html?source=NWWNLE_nlt_security_2010-05-28
Daniel Kennedy, Master of Science in Information Assurance (MSIA) from the School of Graduate Studies of Norwich University and co-created ...
Because of the strong demand for application whitelisting, I couldn’t be happier with the significant growth CoreTrace continues to experience well into 2010. Nearly halfway into the New Year, I’m also very pleased to announce the addition of three software veterans who have joined our senior management team and will lead both our sales and product efforts. ( Read More… )
Earlier this week, I wrote how modern day targeted attacks don’t lend themselves to today’s security solutions. I’d like to follow up those thoughts by exploring strategies for combating these types of highly calculated threats.
While organizations focus on their business growth, they are also forced to contend with cyber criminals targeting their corporate networks to steal valuable information that can make them lots of money. As a result, evolving fraud professionals are truly changing how businesses protect their private data and fight cyber crime. ( Read More… )
[...] 2. Strategies for combating targeted attacks Because modern day targeted attacks don’t lend themselves to today’s security solutions, evolving ...
Cyber crime has evolved from mass attacks intended to wreck havoc and steal as much data as possible to highly targeted attacks looking for specific information from an organization. Custom malware, designed to bypass legacy endpoint security, forms the foundation of these attacks. As a result, these calculated attacks are becoming more dangerous for the businesses and government entities hackers are targeting. ( Read More… )
April showers may bring May flowers, but the Internet also saw something else in full bloom — cyber crime. Computer systems around the globe experienced a variety of problems in April ranging from more fake antivirus software to malicious code that avoids detection from search engine Web crawlers. But none were as big as a well-publicized faulty security update that crashed thousands of computers and became a public relations nightmare for one of the world’s top security software makers. Here were some of the top security stories from April 2010: ( Read More… )
Questions? Leads on topics? Ideas for improvement? Or just want to open up a dialog and chat with us about — whatever? We want to hear what you have to say!