Resourceful attackers continue to make the web insecure
Attackers are staying one step ahead of the game and enterprises are struggling to keep up, according to a report by Zscaler.
During the second quarter of 2010, attackers once again took advantage of opportunities just as quickly as they emerged. These opportunities included both the emergence of new vulnerabilities in popular technologies as well as current events that drew the attention of millions around the globe.
Q2 included the start of one of the largest global sporting events, the World Cup. It didn”t take long for attackers to seize on this opportunity to deliver a variety of World Cup related attacks including poisoning search results with Blackhat SEO techniques and phishing for financial credentials.
The release of the iPad in April also received no shortage of press and as such was another popular target for attackers.
A new attack trend emerged during the quarter thanks based on the deployment of a new Facebook feature – the Like button – on numerous external sites. Attackers are using likejacking by continually tricking users into clicking Like buttons to drive traffic to malicious sites. In certain instances likejacking has been combined with clickjacking to further automate the process.
Another social networking inspired attack that we saw increasing over the quarter are – Twitter follower scams – sites set up to trick users into providing their Twitter credentials in exchange for more followers.
There’s a continually growth in malicious web traffic with a constant change in major players. During the quarter, China moved up to the number two spot overall when comparing the number of unique IP addresses in various countries known to be hosting malicious sites.
The jump was a fairly dramatic one, with China moving from an average of only of 2.97% of unique IP addresses in Q1 2010 to 7.24% in Q2. Overall, China, the Netherlands, Russia and Korea all moved up three or more places in the top ten rankings for the quarter. There has also been significant movement among the top malicious IP addresses seen during the quarter, with statistics changing dramatically from month to month. This illustrates just how dynamically attacks are constantly being delivered from alternate locations to bypass static controls such as block lists.