85% of Links Spotted in Cyberattacks in 2013 Led to Compromised Legitimate Sites

Websense Security Labs 2014 Threat

Websense has published the Websense Security Labs 2014 Threat Report. The report details the threats and trends that marked last year.

The figures in the report show that 85% of the malicious links spotted in email or Web attacks last year pointed to legitimate websites that were hijacked by cybercriminals. Hackers mostly targeted business and economy, IT, shopping and travel websites.

Malicious links and other malicious content was spotted in 3.3 % of all spam messages.

As far as malicious redirects are concerned, Websense stopped 1.8 billion of them in 2013. The average number of redirects per attack recorded by the company was four, but the maximum number of redirects in a single attack was 20.

When it comes to exploit kits, Websense says that it has protected its customers against around 67 million events involving exploit kits. After the arrest of Paunch, the author of the BlackHole exploit kit, cybercriminals started turning to other crimeware packs. Most of them adopted Magnitude and Neutrino.

A total of 64 million events related to dropper files were detected and blocked by Websense’s solutions last year.

Based on the analysis of malicious executable files, experts have determined that 30% of them included custom encryption for C&C communication and data theft.

The report also highlights the fact that ZeuS, which was initially developed to target financial organizations, has been repurposed. The malware has been used to target organizations in the services, manufacturing, finance, government, communications, education, retail, healthcare, transportation and utilities markets.

“Cybercriminals continue to evolve their attack planning and execution to stay ahead of most existing security measures,” explained Charles Renert, vice president of security research for Websense.

“While the determined, persistent attackers continue to have success in advanced, strategic attacks using zero-day exploits and advanced malware, there has also been a boom in cybercriminal activity on a massive scale. Even these more ‘common’ forms of attack are easily slipping past organizations without real-time defenses,” Renert added.

The 2014 threat report also contains a review of an entire attack ecosystem, including the attackers’ motivation, the execution of the attack and countermeasures for each phase of the operation.

“Almost all of today’s cyber attacks have raised the cybersecurity bar through a complex set of infrastructure and tools cybercriminals use to rapidly launch new attacks and thereby evade traditional controls. The best defense is to understand malicious techniques and likewise raise the bar on your defenses,” the report concludes.

The complete Websense Security Labs 2014 Threat Report is available on the company’s website (registration is required to download the report).


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s