Homepage Blue Coat Systems newsroom

2012 Web Security Report reveals the evolution of sophisticated cybercriminal infrastructure to deliver web attacks

Announcement posted by Blue Coat Systems 14 Feb 2012

Malicious sites increase 240% in 2011 with average business facing 5,000 threats per month

Blue Coat, the technology leader in web security and WAN optimisation solutions, today issued its Blue Coat 2012 Web Security Report that identifies and analyses trends in malicious attacks over the past year and makes recommendations on strategies to keep companies safe. In 2011, the most significant evolution in the threat landscape was the use of malware networks, or malnets, to launch highly dynamic web-based attacks.

These complex infrastructures, which outlast any one attack, drove a 240% increase in the number of malicious sites during the year. They are expected to launch as many as two-thirds of all new attacks in 2012. The Blue Coat Security Labs team first discovered the existence of these malicious networks early in 2011 and presently is the only company to specifically identify, track and block them.

Malnets are distributed network infrastructures within the internet that are built, managed and maintained by cybercriminals for the purpose of launching a variety of attacks against unsuspecting users over extended periods of time. The end game for malnets typically is either stealing personal information or transforming end-user systems into botnets. The Blue Coat 2012 Web Security Report details the strategies and tactics that malnet operators deploy to snare users and funnel them to dynamic malware payloads, or software which surreptitiously installs on users computers designed for malicious or criminal purposes.

"In 2011, the ease of buying, customising and deploying malicious software kits, coupled with a faster rotation through domain names, drove a 240% increase in malicious sites," said Greg Singh, Systems Engineering Manager, Blue Coat Australia and New Zealand. “With the average business now facing 5,000 threats per month, identifying and tracking malnets to block attacks at the source before they are launched is the most effective protection. Blue Coat uniquely provides protection from malnet-launched attacks even before they happen.”

According to the report, the most common entry point into these malicious infrastructures rely on the path of least resistance, utilising entry points that are easy to exploit, such as search engines/portals and email, or are utilised by large, diverse populations of users. Malnets have become so effective at launching attacks through search engines/portals that one in 142 searches leads to malicious links.

The 2012 Web Security Report examines the malnet ecosystem in depth, examining user behavior, malnet strategies and tactics, as well as highlighting the best defenses against these aggressive infrastructures. The report includes topics, such as:

- Most common content categories for intentionally or inadvertently hosting malware

- Malvertising attacks that funnel users into malnets via malicious web advertisements

- Internet within an Internet that exists on social networking sites

- Negative day defense as a protection against the dynamic nature of malnets

- BYOD and the growing threat to mobile devices

It also explores how the existence of these malnets is driving broader changes in the threat landscape, including:

- The growing use of social networking to conduct trust and reputation-based attacks

- A shift away from news-driven topics for search engine poisoning attacks

- A significant increase in email attacks

The report analyses data from the Blue Coat WebPulse™ service. WebPulse is a cloud-based, real-time analysis and ratings service that unites users in a common defense. Delivered via Blue Coat ProxySG appliances and the Blue Coat Cloud Service, WebPulse receives one billion Web requests each day from 75 million globally diverse users. With comprehensive visibility into the Web ecosystem, WebPulse can automatically identify abnormal traffic and correlate it to known malnets to block attacks before they are launched. Utilising these techniques and other advanced analysis tools, WebPulse blocks 3.3 million threats per day.

The report is available here.

About Blue Coat Systems

Blue Coat Systems is a leading provider of Web security and WAN optimization solutions. Blue Coat offers solutions that provide the visibility, acceleration and security required to optimise and secure the flow of information to any user, on any network, anywhere. This application intelligence enables enterprises to tightly align network investments with business requirements, speed decision making and secure business applications for long-term competitive advantage. Blue Coat also offers service provider solutions for managed security and WAN optimisation, as well as carrier-grade caching solutions to save on bandwidth and enhancethe end-user Web experience. For additional information, please visit www.bluecoat.com.

# # #

Blue Coat, ProxySG, WebPulse and the Blue Coat logo are registered trademarks or trademarks of Blue Coat Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document are the property of their respective owners.