Upload
yassine-bouayadi
View
249
Download
0
Embed Size (px)
Citation preview
7/29/2019 Websense security Labs
1/13
Websense security Labsstate o internet securityQ1 Q2, 2008
7/29/2019 Websense security Labs
2/13
W s L h p-pdg W thsk nwk dv, l-
d m gll i h d d. g h wld i HGd, h
m hdd hlg ldg hl, hp, p m, mh
lg d dvd gd mpg m p hgh m h ll p
dl, hg h. ev h, m h 40 mll W ml
d d l mll ml wd d ml d. ug m h 50mll l-m d llg m, h W thsk nwk m d l
W, mgg, d d pvdg W wh pllld vl h
h i d ml.
th p mmz h g dg W h g h thsk n-
wk dg h x-mh pd dg J, 2008.
1 Source: Alexa (www.alexa.com) data on Web trac or top 100 Web sites
1
W s L: s i s, Q1 Q2, 2008
Websense ThreatSeeker Network Research Highlights, Q1 Q2 2008
Web Security
75 p W wh ml d lgm h hv mp-
md. th p lm 50 p v h pv x-mh pd.
60 p h p 100 m ppl W hv h hd vlvd
ml v h hl 2008.
12 p W d wh ml d w d g W mlw x-
pl k, d 33 p Dm 2007. W h lv
h d m d k lhg m mzd k vd
g d m.
Messaging Security
87 p ml mg pm. th pg m h m h d hl
2007.
76.5 p ll ml l d lk pm d/ ml W
. th p 18 p v h pv x-mh pd.
85 p wd (pm ml) ml lk.
Pgph-ld pm dd m h 70 p d lg h m
ppl p pm. shppg (20 p), cm (19 p), d Mdl (11 p-
) p h mj d pm.
9 p pm mg phhg k, pg 47 p v
h l x mh.
Data Security
29 p ml W k ldd d-lg d.
46 p d-lg k dd v h W.
7/29/2019 Websense security Labs
3/13
2
Wh d-lg W d ml k h , W s L kg wh d
g .
O the 46.37 percent o malware that connects via the Web:
57.3 p mlw ud s am
6.19 p mlw ch
5.5 p mlw cd
4.27 p mlw r
4.11 p mlw bzl
22.63 p mlw h
Cybercriminals Increase Attacks on Web Sites with Good ReputationsDg h hl 2008, h vlm lgm W mpmd wh ml d -
d p h m d k pll ml pp. i h
hl 2008 more than 75 percent o the Web sites Websense classifed as malicious were actually
sites with seemingly good reputations that had been compromised by attackers. th p 50 p v h l x mh.
The Webscape Demonstrates Web 2.0 Sites Are a Fresh TargetW s L l h Wp gl . th p 100 m vd
W pp d ld sl nwkg sh h h g. th
x 10,000 m vd pml v d w d, dw h lg l h
i, W h m gl d g-d. th gwg l d h Wp
mpd pl lk lg, mll , d W pll p d
d . eh h Wp h w q hllg, h p 100 W
pp h mp h lg m v gwg g k. rh
hw h k h h W 2.0 lm h vlvg W-
p, mg h dpv l d dm g w qd
p d h m. blw gph h W vw h Wp:
W s L: s i s, Q1 Q2, 2008
7/29/2019 Websense security Labs
4/13
3
The top 100 most visited Web sites:
rp h mj ll W pg vw, d h m ppl g k. Wh
h lg , gd p d pp W 2.0 ppl, h pvd
ml d h wh d pp.
W s L dd h 90 p h p 100 gzd sl
nwkg sh.
M h 45 p h pp -gd .
60 p h h hd ml d mkd d l
pg vm m lgm ml . i m h d pp
h l W , wh h vd h pg g hd lwh.
Security Trends
Tarnished Reputationscg h d dd W 2007, k d k dvg w
dl m d p p-d m k v.
In April o 2008, Websense Security Labs discovered massive attacks that compromised hundreds o
thousands o legitimate Web sites with good reputations worldwide wh d-lg ml d.
th k ldd m Msnbc, ZDn, Wd, h ud n, lg uK gvm ,
d m. i h k, wh w pd h hd mpmd ,
ll d m HtML g dd ml wh xpl. a l, ml-
d, dgd l dl m, w lhd vll mh.
i dd W xpl, ml pmm l kg dvg h
p ppl ml v lk yh! d Gml p pm
m. During the frst hal o 2008, Websense Security Labs ound spammers
using sophisticated tools and bots to break the CAPTCHA - systems that were
developed to keep email and other services sae rom spammers and other ma-
licious activity. M Lv Ml, Ggl ppl Gml v d yh!
ml v w ll mpmd h khgh mhd. sql,
pmm hv l g p h ml m
d d pm m ml wh gd p. Wh g-
p p, wd pl v d dm h lkl
lkld gv h p, pmm hv l lh k
mll wldwd whl mg m.
Attackers Are Changing the Game with Web 2.0a m gz d h mpl dpg W 2.0 hlg lgm
, gv pvlg h dl dg W pldg lpll
g m m gz lk h dq hlg d p-
l W 2.0 . th W 2.0 ppl h llwd hk g
d g mh-p, dd d j, d h pvdg h lvl
mplx gz d h w pv d l d ml k.
Websense has ound that the content o a single Web page may be comprised rom multiple locationsincluding a variety o disparate sources. th dg h pll h h
vwg m h urL h dd , h l . th urL lg -
p h m h W pg. a h, gz h l h
mpl vw W 2.0 hlg lk Ggl W pl l wkg , wk, d
lg, d l-m W p p h mpl d h l m.
W s L: s i s, Q1 Q2, 2008
2 CAPTCHA Defnition: Completely Automated Public Turing test to tell Computers and Humans Apart
7/29/2019 Websense security Labs
5/13
4
Mlw mqdg W d pvd ppl m hk
d ml hgh-pl dg h hl h .
W s L dd vl wh ml
hgh-f, hgh-p h Msp, ex.m, yh! Ml
d Pl.m h xplg lg d. Msp -
kwgl h phd mlw pg .Wh ex.m, k d h v xpl h h
h pld wh h W . tg dd lz h h x-
l h w dwldg m m mddd, ml , d
m ex.m. av vd ld d m h k.
The Web Remains the Number One Attack Vectora i , h W k v gw. W v gl m-
pmd hgh p - pg (Xss) d sQL j wll Dns h pg
k. i J 2008, W s L vd p h h fl W icann
d iana Dm w hjkd tkh gp lld nDvlz g Dns h pg.
ov h l x mh, W s L h kd hk g lk h W
vll sQL j k. ak g h wh h hgh pl d g p-
, mxmz h m v h h mpmd. i dd, l-d
h hv d wh ppl W 2.0 mp h k s ch ppl-
, whh ll d-vg w, wll ml-md ppl h xpl h
Qkm d lh. blw h p W k v v h l x mh.
W s L: s i s, Q1 Q2, 2008
Top 10 Web Attack Vectors in 1st Hal o 2008:
bw vll1.
ad lh vll2.
avX vll3.
sQL j4.
ad a rd vll5.
c mgm m (cMs) vll6.
appl Qktm vll7.
Ml W 2.0 mp (.g. k ppl,8.
hd-p wdg/gdg, d )
rlPl vll9.
Dns h pg10.
7/29/2019 Websense security Labs
6/13
5
Metrics
W s L k h llwg m d dl W d ml-d -
k g d d .
Top Countries Hosting Phishing Sites (Jan 08 Jun 08)th p gph lw dm h p h , mh, wh h hgh m phhg k.
Phhg k hv dg dw v h l x mh; h h m x
mh g.
W s L: s i s, Q1 Q2, 2008
7/29/2019 Websense security Labs
7/13
6
Top Countries Hosting Crimeware (Jan 08 June 08)th p gph lw dm h p 3 mh hg mw, l mlw
dgd pll m l m. ov h l x mh, h mj mlw w
hd h ud s d ch.
W s L: s i s, Q1 Q2, 2008
7/29/2019 Websense security Labs
8/13
7
Blended Threatsth vg W d ml h ldd h . W
s L p h w m h 76.5 p ll ml l dg h pd -
d lk pm d/ ml W . th p l 18 p
Dm 2007.
exmpl ldd h h Storm attacks. th sm k h hv lhd m
h m pl k h l w . sm p xmpl ldd h h
mlpl k v ldg DDs, W, P--P (P2P), p, d mlw d-
. W s L h g h sm wm l 2007 wh h wv
h sm wm pd h wld. av vd hv ggld kp p wh h wdpd
k. sm l pd h, mpl ml, g h vm lk pd lk d
dwld ml l. L g m hld lk h h Jl, l d lk hhqk ch d m l, ppl v lk h olmp. th gd pm m-
pg p lg pl h i h. sm dvd
plmphm ( l hgg ) mk dfl dl hlg
d.
From Discovery to Patch: Window o VulnerabilityW pplm dd v d wll kg h m-
d d pvd p wh m dv ph d g
vll. th h lw hw h wdw xp w h d W
thsk nwk d h l h ph v w pvd. th d lw
p h m k h v vd plh g h ml h W- dd.
W s L: s i s, Q1 Q2, 2008
7/29/2019 Websense security Labs
9/13
8
ov h l x mh, h gll m mg g v lw mp h
m mg ld pm. Hwv, h v v dl g, pg
500 p Dm 2007. th pg ml mg ggd pm
m 87 p wh z-p hg v h l x mh.
W s L: s i s, Q1 Q2, 2008
Spam Typesi h p x mh W s L h pmm mv w m dg pm
hgh hm, pg d d urL pm-hg d d . ad-
dll, W d a reduction in image spam rom 32 percent in December o 2007 to 18
percent in June 2008.
7/29/2019 Websense security Labs
10/13
9
ov h l x-mh, h vlm pgph pm, dd m h 70 p whl
hppg d lm 80 p. th h wp m ld h h pm-
m gg m phd. th g l wkg l m h
vm d g gd mpg h k v . th h m ppl
p pm w hppg (20 p), m (19 p) d mdl (11 p.) a
hw h lw, W s L l pm h llwg 15 g:
W s L: s i s, Q1 Q2, 2008
Websense Security Labs Firsts
th llwg l hghlgh w h mj k ll dd W s L
dg h hl 2008.
Spammers streamline anti-CAPTCHA operations on Microsot Windows Live Mail and GmailAttack Date: 02/06/08
Attack Details:
W s L, wh thsk nwk, dvd h Wdw Lv Ml ,
W ml v m M, w g gd pmm g w phdhq hd Wdw Lv ml dd kg h caPtcHa p
dgd pv h dl . ug wk, pmm lhd
h g pg h M-wd ml v d w l p
h caPtcHa qm 35 p h m. ml v m M, yh! d
Ggl l lkd -pm l, mkg m h v hghl pl
d vld pmm. i dd, W s L dvd h Ggl ppl W
ml v, Gml, w g gd spmm h pl gg p d
g dm Gml pp. W h lv h h m
gp vlvd kg h M Wdw Lv Ml caPtcHa k wll h Gml
caPtcHa k.
Websense Security Labs researchers believe there are our main advantages to this approach:
sgg p wh Ggl M llw wd pl v.
Ggl M dm lkl lkld -pm l.
th v .
i dfl d llgm mll wldwd g v Ggl
v gl . th pvd pmm wh l m, mkg hd
d d k h .
7/29/2019 Websense security Labs
11/13
10
W s L: s i s, Q1 Q2, 2008
Economic Stimulus PhishAttack Date: 05/16/2008 Threat
Attack Details:
eg p h il rv sv m-ml hk w k m h
h gd wh phhg hm. W s L wh thsk nwk d-vd phhg k h md l x-p v m, dd h em
sml Phh. th k ml pl vm h pvdd qk xpl
h m-ml pkg d gd hm g p d dp lkg
lk M 17. i wd h h p dd pd m, h d wld dld.
u h pgl lkd h tx rd ol m w kd pl m
h h m, dd, d d, atM p m, k m, d l m.
Websense frst to discover and protect against Microsot Excel vulnerability
Published March, 2008 (Identifed in November 2007)
Vulnerability Details:
W s L wh thsk nwk dvd -phd, hgh-k vll
(c# Ms08-014) M exl nvm 2007. M gzd W h d
Mh 2008 wh ph w d. th vll llwd d x wh exl d-
m wh h kwldg h . W vgll wh xpl h vll p gz d h l m m h. W wll m-
ll lk ml d gz mp.
7/29/2019 Websense security Labs
12/13
11
W s L: s i s, Q1 Q2, 2008
A Look Forward & Summary
Dg h hl 2008 pdd, h m mpmd W d gw d
p h m d ml . W h xp h d
hk m m phd d lvg h gd p W
vd dl m.
W h lv gz hld pp g hllg dg h
d hl 2008 d g mg h h p mph m gd-
g g d k h lvl mdl d pm d d h
i mpl gdg l m g ldd h d
dl ml l, wh W 2.0 d h i plm.
Hk wll g v d lvg -d d W 2.0 ppl -
v gg gz. rh xp k pl
k gg p gp ppl d d pl. Wh
pm d lk k w , w v md, W mdl, pg d l -
wk, gz wll d h W, mgg d d pgm dq
plg h hl d h w v hk xpl pd ml d l g.
t k mg kp p wh h h lm, p m hk h pph
W, mgg, d d . id hkg hlg, gz m hk
d. Hw d? Wh g ? Wh d wh ? Wh v ? Whh
hl l d ?
a l-d pph -ml d W lg wll pvd h p g
ldd h. ogz hld mv wd mphv d h
ld l W d mgg , l d pv m l
ll hl.
th d- vw m h, h h vg p l wh lmd vg, -
p wll mh d hlg, mm hl, d ppl d
pg d. th g h d d h ql p. M
h j pv m, h g pvd ppp p, llw h
x dd lgm d dp p. b pg v d,h l m h , gz h m d dd h i
plm.
th m d pd d wh h p d l k
d, ml hq d h llg ghd h wh W th-
sk nwk, W Hd W s d W Hd eml s.
7/29/2019 Websense security Labs
13/13
12
W s L: s i s, Q1 Q2, 2008
About WebsenseW, i. (nasDaQ: Wbsn), gll ld gd W, mgg d d p
hlg, pvd el im P m h 42 mll mpl m
h 50,000 gz wldwd. Dd hgh gll wk hl p, W-
w d hd l hlp gz lk ml d pv h l dl m d i d pl.
Websense Security LabsW s L h h m W, i. h dv, vg d
p dvd i h. ulk h h l, W h pllld kwl-
dg mlw d wh d h W. th llw W d d lk w h
h dl h mhd m, lg gz p v m
h, mpm, ppp . rgzd wld ld h, W
s L plh dg hdd p, vd d h gz
d h wld d pvd m h a-Phhg Wkg Gp.
Websense Security Labs a Pioneer in Emerging Threat Protection
upllld vl d dv mv l
rl-m dpv l pd d d h W 2.0 wld
Pwd d wld-l h m
M dv, ldg h phd, hgh-k M exl vll
(Mh 2008)
mk wh phhg p
mk wh dv- d khl pw p
mk wh wk p
mk wh mw/klgg p
Security Alertsrg wh W s L v ree wg ml i
v, ldg pw, pm, phhg, phmg, d pd W .
hp://www.W.m/l/l/
Blog Highlightsth W s L blg dlv h m m d kg w -
h p d d dvd i h. W s L vg d
plh m k, w h, d h lv W p p
gz m gl dg i h. m m, hk lg:
hp://www.w.m/l/lg