Malnets to Become Source for Majority of Attacks

Monday, February 13, 2012

Infosec Island Admin

7fef78c47060974e0b8392e305f0daf0

Researchers at security provider Blue Coat are predicting that the cast majority of online attacks in 2012 are expected to come from sophisticated networks designed to be adaptable and reused in multiple campaigns.

According to the company's State of the Threat Landscape report, malicious networks dubbed "Malnets" will be responsible for as much as two-thirds of Internet-based attacks - specifically the Shnakule, Glomyn, Cavka, Naargo, and Cinbric networks.

The report indicates that companies faced an average of 5000 threats per month in 2011 from malicious websites - a 240% increase over 2010 levels - with the majority of exposure emanating from the use of search engines, social networks and email.

"These infrastructures last beyond any one attack, allowing cybercriminals to quickly adapt to new vulnerabilities and repeatedly launch malware attacks. By exploiting popular places on the Internet, such as search engines, social networking and email, malnets have become very adept at infecting many users with little added investment," the report states.

The researchers believe the increased use of malnets will allow attackers greater opportunity to conduct operations that largely escape current methods of detection offered by commercial antivirus products.

"Malnet infrastructures enable cybercriminals to launch dynamic attacks that are often not detected by traditional anti-virus vendors for days or months. In one case in early February 2011, a malware payload changed locations more than 1,500 times in a single day. These types of attacks are far too dynamic even for defenses that inspect content in real time to keep pace," the researchers stated.

The researchers attribute the dramatic increase in attacks by way of malicious websites not only to the development of malnets, but also to the proliferation of malicious software kits in the black market.

These kits have also become more affordable as demand has risen, allowing for an increase in the number of criminal syndicates who employ the tools for nefarious purposes.

Attackers are also using a greater number of domains to conduct the operations, and with the forthcoming implementation of the IPv6 protocol, the number of domains used for attacks will likely increase significantly as well.

The report also warns that the the targeting of mobile devices will continue to see an upsurge as smartphones and tablets are more frequently utilized both commercially and for private use.

"The vast majority of attacks target users on their desktops and laptops. However, the explosion of mobile devices gives cybercriminals a new platform. While attacks on mobile devices are limited today, the growing usage will make them a high-value target moving forward. And cybercriminals are ready. Today’s existing malnet infrastructures will be the same ones used to deliver tomorrow’s attacks on mobile devices" the report warns.

The proliferation of malnets will necessitate the development of new defense products to better protect enterprise networks from the increase in dynamic attacks, the report notes.

"The rise of malnets demands a new type of security to protect against corporate data loss, financial or identity theft, and other costly consequences. Businesses need a proactive defense that can stop attacks before they launch by identifying and blocking the source," the report recommends.

Source:  http://www.bluecoat.com/sites/default/files/documents/files/BC_2012_Security_Report-v1i-optimized.pdf

Possibly Related Articles:
16145
Viruses & Malware
malware Botnets Cyber Crime internet Attacks report Shnakule Blue Coat Malnets Glomyn Cavka Naargo Cinbric
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.