Sign up for our Newsletters |   Email the Editor    Email a Friend    Print this Page 

The good news is that traditional techniques used by cyber criminals to cover their tracks are becoming less effective.

The bad news – security researchers have recently discovered the emergence of combined attacks that punch through company firewalls and anti-virus tools.

Attackers are now using both JavaScript and Adobe's ActionScript languages to slip pass traditional defenses, according to M86 Security, an Orange, Calif-based real-time threat protection firm. M86 Security Labs analyzes spam, phishing and malware activities by studying millions of distinct e-mail messages and malware reports each day. The report covers January to June of this year.

Related stories
Cyber Security as a Service for Canadian Small Business
'Canadian Pharmacy' spam - a nightmare for legit firms

Familiar hacker methods such as spam bots and dynamic code obfuscation have waned in effectiveness, according to Bradley Anstis, vice-president of technology strategy at M86. “However, during the first half of 2010 we've seen the emergence of combined attacks that outsmart even the latest Internet security mechanisms,” he said.

Attackers, Anstis said, have begun splitting malicious code between ActionScript which is built into Adobe Flash and JavaScript components on Web pages. By doing this, cyber criminals are able to prevent current security tools from detecting attacks.

Of the 15 most exploited vulnerabilities observed by M86, four involved Adobe Reader and five involved Internet Explorer.

Wake up Call

“This is a wake up call especially for small and medium sized businesses (SMBs) to get their defenses up to snuff,” said Anstis.

He said a lot of smaller organizations are still relying on anti-virus and URL filtering tools, which he characterized as “reactive controls”.

These tools are not effective against the new onslaught of malware which latch themselves onto legitimate Web sites that are not blocked by signature-based security systems. “While old mass-mailers such as Netsky still exist, their numbers have dwindled. Today the biggest concerns arise from malicious attachments and blended threats where spam contains a link to a malicious Web page,” said Anstis.

He said the report indicates that most exploits reported more than a year ago have already been addressed by software vendors. “This highlights the need for SMBs to keep up-to-date with patches and the latest software versions in order to gain better protection... [Next Page]

Related Articles
Made in Canada security solution 25 years of Symantec Message in a bottleneck: How to beat the e-mail...

Share