Brian Pennington

A blog about Cyber Security & Compliance


April 2015

85,000 new malicious IPs are launched every day

The Webroot 2015 Threat Brief reveals that 85,000 new malicious IPs are launched every day, and the top phishing targets are technology companies and financial institutions.

Key findings from 2015 Threat Brief include:

  • The United States accounts for 31% of malicious IP addresses, followed by China with 23% and Russia with 10%. Overall, half of malicious IP addresses are based in Asia.
  • The average reputation score of all URLs is 65%. Surprisingly, some categories that might be assumed suspicious or unwanted due to their nature are relatively reputable. For example, URLs tied to Cheating (85%), Hate and Racism (82%), Violence (77%), Adult and Pornography (65%), and Nudity (65%) are relatively reputable when compared to the average scores.
  • There is a 30% chance of Internet users falling for a zero-day phishing attack in the course of a year, and there was an over 50% increase in phishing activity in December 2014. This is most likely due to the holiday season.
  • On average, there are nearly 900 phishing attempts detected per financial institution, but over 9,000 attempts detected per technology company. Top five technology companies impersonated by phishing sites are: Google, Apple, Yahoo, Facebook and Dropbox.
  • When evaluating phishing sites by country, the United States is by far the largest host of phishing sites, with over 75% of sites being within its borders.
  • On average, only 28% of apps on the Android platform were trustworthy or benign, which fell from 52% in 2013, nearly 50% were moderate or suspicious, and over 22% were unwanted or malicious. Trojans make up the vast majority of malicious threats, averaging 77% for 2014.

Webroot has seen a continued rise in the number of malicious URLs, IP addresses, malware, and mobile applications used to enable cybercriminals to steal data, disrupt services, or cause other harm,” said Hal Lonas, chief technology officer at Webroot. “With more breaches at major retailers, financial institutions and technology companies in the headlines and scores of other, smaller breaches in 2014, the trend shows no signs of slowing down. The Webroot 2015 Threat Brief highlights the need for highly accurate and timely threat intelligence to help organizations assess the risk of incoming data, reduce the volume of security incidents, and accelerate response to successful attacks

2014 also brought an increase in innovative techniques to infect PCs. Most notable was the discovery of Poweliks, a powerful Windows registry exploit, which was fully contained in the registry and did not require a file component to deliver a new infection such as crypto ransomware. Further, five unique PUA families were discovered and hundreds of variants, including widely prevalent CTB/Critroni and Cryptowall 3.0. Each family introduced new innovative social engineering techniques and complexity to the encryption process.

The full report can be found here.

Enterprises have more than 2,000 unsafe mobile apps installed on employee devices

Veracode has released analytics from its cloud-based platform showing that, based on the mobile applications it assessed, the average global enterprise has approximately 2,400 unsafe applications installed in its mobile environment.

Based on an analysis of hundreds of thousands of mobile applications installed in actual corporate environments across various industries including financial services, media, manufacturing and telecommunications Veracode found 14,000 unsafe applications of which:

  • 85% expose sensitive device data, including SIM card information such as phone location, call history, phone contacts, SMS message logs, device IDs and carrier information.
  • 37% perform suspicious security actions, such as checking to see if the device is rooted or jailbroken (which allows applications to perform superuser actions such as recording conversations, disabling anti-malware, replacing firmware or viewing cached credentials such as banking passwords); installing or uninstalling applications; recording phone calls; or running other programs.
  • 35% retrieve or share personal information about the user such as browser history and calendars, often sending sensitive information to suspicious overseas locations and allowing attackers to develop a complete profile of users and their social connections.

According to Gartner,

Through 2015, more than 75% of mobile applications will fail basic security tests.”  At the same time, cybercriminals and nation-states are constantly looking to exploit insecure applications in order to steal corporate intellectual property, track high-profile individuals or insert aggressive adware for monetary gain.

This creates a challenge for enterprises that want to increase productivity and employee satisfaction by providing BYOD programs or corporate-owned devices.  Modern MDM and enterprise mobility management (EMM) systems are designed to enforce corporate policies on managed devices, but need an automated and scalable mechanism for maintaining up-to-date information about thousands of unsafe apps that are constantly being added to public app stores around the world.

Existing approaches for addressing unsafe mobile apps, such as manually-curated blacklists, are difficult to scale because of the sheer size and constantly-changing nature of the problem.  As a result, they either fail to keep up with mobile threats or frustrate employees by prohibiting apps for no reason.

Many mobile apps are unsafe because they unknowingly access insecure third-party libraries and frameworks in the software supply chain – while other apps have been specifically designed to perform malicious actions,” said Chris Wysopal, Veracode co-founder, CISO and CTO. “Veracode’s automated cloud-based reputation service and MDM/EMM integrations were purpose-built to address the speed and scale required to effectively secure employee devices in global enterprise environments


5 Cloud Mobility Trends

Cloud usage is extending the perimeter of most organisations

CloudLock have produced an interesting report on how the use of the cloud and apps has extending the perimeter of most organisations.

CloudLock Executive Summary

The adoption of public cloud applications continues to accelerate for both organizations and individuals at an exponential rate, evidenced across the massive growth in the volume of accounts, files, collaboration, and connected third-party cloud applications.

The rapid surge of accounts, files, and applications presents increased risk in the form of an extended data perimeter. The adoption of cloud applications has significantly increased the threat surface for cyber attacks. Faced with this massive growth and the elevated risk, security professionals are looking to enable their organizations to embrace and leverage the benefits of cloud technologies while remaining secure and compliant.

Sensitive data is moving to the cloud, beyond the protection of your perimeter controls. As this occurs ,the amount of data, and, most importantly, the amount of sensitive or ‘toxic’ data the enterprise stores in these Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (laaS) platforms is increasing by the day – and regardless of its locations, S&R pros still need to protect it effectively.” Forrester Research (2015, March) Market Overview: Cloud Data Protection Solutions

Cloudlock key findingsOther findings

  • 100,000 files per organization that represent risk. Number of files per organization stored in public cloud applications that violate corporate data security policy, amplifying the danger of exposing sensitive information.
  • 4,000 files per organization contain passwords. Number of files per organization stored in public cloud applications containing credentials to corporate systems, inviting cybercriminals to hijack corporate SaaS environments.
  • 1 in 4 employees violating security policies. Number of employees that violate corporate data security policy in public cloud applications, opening organizations to risk of data breach and compliance concerns.
  • 45,000 third-party apps installs conducted by privileged users. Third-party cloud applications with access to privileged users accounts significantly elevates organizational risk.
  • 12% of an organizations files are sensitive/Violate a policy
  • 65% of Security Teams Care about what type of sensitive data is exposes
  • 35% care about how/where it is exposed
  • 70% of corporate cloud based external collaboration occurs with non-corporate entities
  • 77,000 Third Party cloud Apps that touch corporate systems
  • 4x increase in the number of third-party applications enabled per organization, from 130 to 475. The total number of unique third-party cloud apps ballooned to 77,000, amounting to 2.5 million installs
  • 2% growth in third-party SaaS application installations performed by privileged users (administrators and super admins)

Information that organizations worry about most includes:

  • 59% Intellectual Property and Confidential Information
  • 19% PCI DSS data
  • 13% PII data e.g. social security numbers
  • 5% Objectionable content for CIPA compliance- e.g. curse words, harassment
  • 4% PHI/healthcare related data such as medical conditions, prescription drug terminology, patient identification numbers or Compliance

CloudLock Methodology

Cloudlock bases findings on anonymized usage data over 2014 and 2015

  • 77,500+ Apps
  • 750Million Files
  • 6 Million Users

The full report can be found here.

What Is Your Business’ Greatest Cyber Threat?


Blog at

Up ↑

%d bloggers like this: