Blue Coat Study Shows Malware Now Targets 'Trusted Sites'

An annual report on Web security from software provider Blue Coat that was released on Wednesday says that cyber criminals are launching more focused attacks and are targeting trusted sites to distribute malware, viruses and other threats. The author of the 2010 Blue Coat Annual Web Security Report also says that some Web-delivered applications that are used by businesses are at risk of malware if an attacker thinks there are valuable assets to be stolen by getting onto the corporate network.

The Blue Coat report focuses largely on threats that affect all Internet users, from malware delivered through fake ads for antivirus software, celebrity photos and pornography. Tom Clare of Blue Coat notes that when the popular movie "The Twilight Saga: Eclipse" came to theaters in June 2010, about two dozen sites popped up offering links to pirated copies of the film, most likely malware sites.

But the threats continue for businesses, too, Clare adds. As companies increasingly turn to delivering business applications to employees through a Web browser instead of a traditional client-server architecture, they need to guard against malware attacks through that browser, though not in all cases.

If the application requires a high level of authentication to log onto, or is focused on a narrow group of users in a narrow subject, it wouldn't be of much interest to cyber criminals, he says. But if the application is deemed of high interest, the risk is greater.

"If it's the [U.S.] Department of Energy and I'm interested in getting inside the Department of Energy and I found a Web app that's hosted by the Department of Energy, if that's my attack target and I'm financially motivated to get inside that network, then I'm very interested in it. And, yes, these Web apps are easy to break into," Clare says. A hacker could monitor people logging onto the site, see their credentials and use them for their own access to the network.The 2010 report shows that the use of spam and phishing as attack methods is down from previous years, but that attacking through "trusted sites" is up. A site like CNN.com or MSNBC.com (just as examples) is compiled from scores of different dynamic URLs delivering national news, local weather, videos, stock quotes and, of course, ads.
 
"There's a very high probability that the content could include malware, and they're hardly ever blocked," he explains. Blue Coat also reports that criminals are abandoning an older shotgun approach of sending many attacks out, which is easier to spot and thwart, in favor of a more precisely targeted rifle approach. A more limited rifle approach is of shorter duration and is focused on exploiting specific known vulnerabilities. "If they write less, they get longer use out of it and a higher success rate," Clare says.

The Blue Coat study follows another cyber threat report for 2010 from Verizon, which was more focused on threats to enterprise networks. The 2010 Data Breach Investigations Report from the telecommunications company, with assistance from the U.S. Secret Service, noted that 70 percent of data breaches reported in 2009 were traced to external agents, while 48 percent were traced to insiders.

The Verizon report also detailed the ways in which breaches occurred. It says 48 percent involved misuse of network privileges, 40 percent were the result of hacking, 38 percent utilized malware, 28 percent used social network tactics, and 15 percent were the result of physical attacks on IT systems.

See more on this topic by subscribing to Network Computing Pro Reports Research: 2010 Strategic Security Survey (subscription required).