A new report by security company Zscaler based on Q4 2010 analysis reveals changes in browser use, an increase in application-based network traffic, the swift adoption of emerging technologies by attackers, and the continued use of social engineering techniques to penetrate enterprise legacy security systems.
"Attackers know the limits of traditional security solutions, but they are also very good at taking advantage of emerging technologies and new vectors for attack. Standalone user applications, social engineering attacks, and the move to HTTPS all have the potential to introduce new threats," says Michael Sutton, VP of Security Research at Zscaler.
"Now more than ever, enterprise security solutions must inspect traffic in real time, all the time, regardless of source, to provide true protection"
The report also shows that United States continues to be the leading source of C&C servers, followed the Ukraine, Germany and China:
In addition, the report reveals that malicious faux antivirus websites continue to dominate the search engine landscape:
Other key findings released in the study include:
- Local apps are generating more direct HTTP and HTTPS traffic: Not all web traffic comes from browsers, and as this traffic shifts, web threats have a new attack vector.
- Internet Explorer 6 is on the decline in the enterprise. While this mitigates the security risks of the old browser platform, it could lead to a shift in attacks.
- Google is actively attempting to thwart search engine optimization (SEO) spam and fake AV attacks, the topmost Internet threats today. However, most users remain exposed to these threats.
- More sites, like Facebook and Gmail, are moving to HTTPS delivery. This is good for preventing sidejacking, but it allows savvy attackers a way to bypass traditional network-based security controls like IDS/IPS, which cannot decrypt traffic for inspection.