Attackers Utilize Emerging Technologies

Tuesday, March 01, 2011



A new report by security company Zscaler based on Q4 2010 analysis reveals changes in browser use, an increase in application-based network  traffic, the swift adoption of emerging technologies by attackers, and the continued use of social engineering techniques to penetrate enterprise legacy security systems.

"Attackers know the limits of traditional security solutions, but they are also very good at taking advantage of emerging technologies and new vectors for attack. Standalone user applications, social engineering attacks, and the move to HTTPS all have the potential to introduce new threats," says Michael Sutton, VP of Security Research at Zscaler.

"Now more than ever, enterprise security solutions must inspect traffic in real time, all the time, regardless of source, to provide true protection"

The report also shows that United States continues to be the leading source of C&C servers, followed the Ukraine, Germany and China:


In addition, the report reveals that malicious faux antivirus websites continue to dominate the search engine landscape:


Other key findings released in the study include:

  • Local apps are generating more direct HTTP and HTTPS traffic: Not all web traffic comes from browsers, and as this traffic shifts, web threats have a new attack vector.
  • Internet Explorer 6 is on the decline in the enterprise. While this mitigates the security risks of the old browser platform, it could lead to a shift in attacks.
  • Google is actively attempting to thwart search engine optimization (SEO) spam and fake AV attacks, the topmost Internet threats today. However, most users remain exposed to these threats.
  • More sites, like Facebook and Gmail, are moving to HTTPS delivery. This is good for preventing sidejacking, but it allows savvy attackers a way to bypass traditional network-based security controls like IDS/IPS, which cannot decrypt traffic for inspection.


Possibly Related Articles:
malware Social Engineering Attacks Headlines Network Security applications IDS/IPS Emerging Technologies
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked