The report has some excellent screen shots of malicious attacks, particularly phishing and spam attacks.
The screenshots should be shown to all school pupils and college students so they do not make the mistakes. Equally all organisations should distribute the images as part of their internet usage training because a lot of social media activity takes place during the working day.
M86 said of their report:
“We already know that cybercriminals have become adept at circumventing mainstream security solutions, and as we find more fraud perpetrated through social networking sites and mobile devices, it is imperative for organizations to educate their users and complement their reactive protection with proactive, real-time technologies to enhance their security posture,” said Bradley Anstis, Vice President of Technical Strategy, M86 Security. “Many of the trends we forecast in our 2011 predictions report, such as the increased use of stolen digital certificates in targeted attacks, have occurred. Our goal is to help organizations preempt these complex attacks before malware has a chance to infiltrate networks and cause very real damage.”
Key Findings of the Report:
- Targeted attacks became sophisticated and pursued a wider range of organizations, including commercial, national critical infrastructure and military targets.
- Use of stolen or fraudulent digital certificates has become more common, especially as part of targeted attacks.
- In several targeted attacks, malware was hidden by embedding itself in various file formats—with a few cases of multiple embedding layers. This method can evade security software that fails to scan deep enough.
- Blackhole has become the most prevalent exploit kit in the second half of 2011 with a huge margin over other exploit kits. Some of the exploit kits which were active in the past are rarely used now or were practically abandoned.
- Newer versions of Blackhole are being deployed first in Eastern Europe. Its authors increased its update frequency and added new exploits and tricks to evade detection, such as checking the software version on the client machine before attempting to exploit it.
- Fake social media notifications are now a mainstream way for spammers to dupe users into clicking links.
- Facebook continues to be a conduit for spam and malware, as many campaigns are spreading virally by enticing users to share posts that promise gift cards or other rewards.
- Hacked, but otherwise legitimate, websites played a major role in distributing spam and malware by redirecting browsers to the ultimate destination.
- Malicious Web content currently exploits more than 50 vulnerabilities in various software products. The most commonly exploited products are Microsoft Internet Explorer, Oracle Java, Adobe Acrobat Reader, Adobe Flash and Microsoft Office products.
- The overall volume of spam continued to decline in 2011, reaching a four-year low in December 2011.
- Eight spamming botnets were responsible for 90% of the spam monitored by M86 Security Labs. All of these botnets are familiar and have been established for some time.
- The proportion of malicious spam rose in the second half of the year from less than 1% to 5%, including a massive spike in malicious attachments in August and September. Later in the year, the focus shifted from malicious attachments to malicious links that led to exploit kits, in particular, the Blackhole exploit kit.
- Some noticeable wins by law enforcement authorities and researchers against cybercriminals, botnets and affiliate programs like fake AV and rogue online pharmacies, took place this year.
- Malicious Web content hosted in China targets mostly older versions of Internet Explorer, which is popular in that country.
- Almost half of the global malicious Web content is hosted in the U.S. The states hosting most malware are Florida, California, Texas and Washington.
Expanded details on some of the key findings
Critical national infrastructure is targeted
As targeted attacks become more sophisticated, cybercriminals are pursuing a wider range of organizations, including commercial, national critical infrastructure and military targets. Confirmed attacks in 2011 include RSA, Lockheed Martin and the Asia-Pacific Economic Cooperation (APEC). Dutch company DigiNotar, for example, detected an intrusion that resulted in the fraudulent issuance of hundreds of digital certificates for a number of domains, including Google, Yahoo, Facebook, the CIA, the British MI6 and the Israeli Mossad.
Stolen digital certificates are increasingly used in successful targeted attacks
Stealing or faking digital certificates has become an important component of a targeted attack. Digital certificates are used to confirm and assure a user that the downloaded application truly is from the trusted vendor. With the stolen certificates cybercriminals can distribute malware and sign it with a legitimate company certification, thus tricking users to confidently download the application.
The Blackhole exploit kit dominates the exploit kits market
In late 2011, Blackhole established itself as the most successful exploit kit. Its authors increased its update frequency and added new ways to evade detection, such as checking the software version on the client machine before attempting to exploit it.
The volume of malicious spam escalated in 2011
Though overall spam volume decreased as of December 2011, the proportion of malicious spam rose in the second half of the year from less than 1% to 5%, with a spike in malicious attachments occurring in August and September. As noted previously, there was a shift from malicious attachments to the use of embedded links to infected content later in the year.
Social media is a haven for fraudulent posts and scams
It is now mainstream practice for spammers to use bogus social media notifications to dupe users into clicking on infected links. Perhaps even more troubling is the success with which cybercriminals capitalize on user trust and familiarity to make Facebook, for example, a conduit for spam and malware propagation. Many of these campaigns are spread virally by enticing users to share posts for “rewards” or “gift cards” with their friends.
The full report and those screen shots can be found here.