The following is a summary of the key findings that the report found:
• Organizations are seeing a massive increase in advanced malware that is bypassing their traditional security defenses.
• The patterns of attack volumes vary substantially among different industries, with organizations in healthcare and energy/utilities seeing particularly high growth rates.
• The dangers posed by email-based attacks are growing ever more severe, with both link- and attachment-based malware presenting significant risks.
• In their efforts to evade traditional security defenses, cybercriminals are increasingly employing limited-use domains in their spear phishing emails.
• The variety of malicious email attachments is growing more diverse, with an increasing range of files evading traditional security defenses.
The reality is that hackers are becoming more innovative than the intrusion software consumers and enterprises run to protect themselves. To make matters worse the anti-virus software has become almost as intrusive as the viruses. I have one Laptop that is less than two years old running Windows 8 (with no issues) and Norton Anti-Virus provided by Comcast. I had to shut off the E-mail Anti-Virus module because it was literally bringing the machine to a crawl.
If the protection software becomes too over bearing, it will kill productivity, so ideally the threat protection should occur prior to the mail infrastructure, but this will mean new appliances and new methods to detect an ever changing hacking model.
The report found that hackers have increased the number of "throwaway" domains used in phishing E-mails in order to evade technologies that rely on domain reputation analysis and URL blacklists. The number of domains used fewer than ten times rose 45 percent from the second half of 2011. "The domains are so infrequently used that they fly under the radar of URL blacklists and reputation analysis and remain largely ignored and unknown," the report says. For those readers looking for more information on phishing attacks, check out PCWorld’s article 4 Security Tips Spurred by Recent Phishing Attacks on Gmail, Hotmail, and Yahoo.
The bottom line is that phishing attacks have become part of the Internet culture, playing it safe is and questioning anything that seems too good to be true or does not make sense is a great way to stay ahead of the hackers.
• Organizations are seeing a massive increase in advanced malware that is bypassing their traditional security defenses.
• The patterns of attack volumes vary substantially among different industries, with organizations in healthcare and energy/utilities seeing particularly high growth rates.
• The dangers posed by email-based attacks are growing ever more severe, with both link- and attachment-based malware presenting significant risks.
• In their efforts to evade traditional security defenses, cybercriminals are increasingly employing limited-use domains in their spear phishing emails.
• The variety of malicious email attachments is growing more diverse, with an increasing range of files evading traditional security defenses.
The reality is that hackers are becoming more innovative than the intrusion software consumers and enterprises run to protect themselves. To make matters worse the anti-virus software has become almost as intrusive as the viruses. I have one Laptop that is less than two years old running Windows 8 (with no issues) and Norton Anti-Virus provided by Comcast. I had to shut off the E-mail Anti-Virus module because it was literally bringing the machine to a crawl.
If the protection software becomes too over bearing, it will kill productivity, so ideally the threat protection should occur prior to the mail infrastructure, but this will mean new appliances and new methods to detect an ever changing hacking model.
The report found that hackers have increased the number of "throwaway" domains used in phishing E-mails in order to evade technologies that rely on domain reputation analysis and URL blacklists. The number of domains used fewer than ten times rose 45 percent from the second half of 2011. "The domains are so infrequently used that they fly under the radar of URL blacklists and reputation analysis and remain largely ignored and unknown," the report says. For those readers looking for more information on phishing attacks, check out PCWorld’s article 4 Security Tips Spurred by Recent Phishing Attacks on Gmail, Hotmail, and Yahoo.
The bottom line is that phishing attacks have become part of the Internet culture, playing it safe is and questioning anything that seems too good to be true or does not make sense is a great way to stay ahead of the hackers.
No comments:
Post a Comment