Cyber crooks step up attacks against SMB data

Hackers are on an “all out blitz” to seize data from businesses of all sizes, according to an Internet security report that states malicious Web sites have increased by over 100 per cent since last year.

Attackers are targeting blueprints, budget reports, plans and intellectual property data help by large enterprise organization but are also zeroing in on online banking passwords and financial transaction data of small and medium sized businesses, according to the 2010 Threat Report released recently by Websense Inc.

Related story – “Here You Have” malware takes online world by storm

The situation does not bode well for SMBs that are heavily into online banking and financial transactions but remain are not diligent in updating security tools, said Patrik Runald, senior manager for security research at Websense.

“With the uptake in online banking in the SMB space, a large number of businesses could be exposed to serious threats,” he told ITBusiness.ca.

Websense has seen a marked increase in so-called blended threats such as Aurora, Stuxnet, and Zeus that infiltrate organizations through a variety of coordinated tactics, usually a combination of two or more, he says.  

“It’s also important to note that much of the attacks are no longer coming from spoofed sites but rather from legitimate Web sites of popular companies that have been infected with these Trojans,” Runald added.

Phishing, compromised Web sites, and social networking are carefully coordinated to steal confidential data because in the world of cybercrime, content equals cash, he said.

Once users enter these compromised sites, Trojans embedded themselves on the user’s machine and begin collecting data such as passwords or keystrokes when the computer is used for certain operations such as online banking, said Runald.

Significant findings from the Websense 2010 Threat Report show that while broad threats continue, focused, targeted attacks are on the rise:

  • 111.4 per cent increase in the number of malicious Web sites from 2009 to 2010
  • 79.9 percent of Web sites with malicious code were legitimate sites that have been compromised
  • 52 per cent of data-stealing attacks were conducted over the Web
  • 34 percent of malicious Web/HTTP attacks included data-stealing code
  • 89.9 per cent of all unwanted emails in circulation during this period contained links to spam sites and/or malicious websites

Runald said it is important for SMB operators to stress the importance of Web security among their employees and to specify which online activities are allowable at work. The Websense report shows risk associated with these common online activities that now also take place at work:

  • Searching for breaking news represented a higher risk (22.4 per cent) than searching for objectionable content (21.8 percent)
  • 23 per cent of real-time search results on entertainment lead to a malicious link
  • 40 per cent of all Facebook status updates have links and 10 percent of those links are either spam or malicious

The Websense security expert also said that mobile devices such as smartphones and tablet devices will become the number one attack vectors in the future. “Increasingly personal and vital data such as e-mail messages, access codes, contacts and business transaction records are being carried around in mobile devices.”

Smartphones and tablet devices are fast becoming powerful computing tools but not all are secured, said Runald. “For instance, there is not security software for the iPhone.” He said Apple’s platform strategy simply does not support the third-party or independent development of security tools for the popular smartphone.

Another indication of growing concern for mobile security is the recent Android app scare this year. “The kill switch was turned on for a large number of Android apps because they were found to be malware,” said Runald.

He said Websense has seen some cases of so-called drive-by downloads of malware on some Android and iPhone devices. Drive-by downloads are unauthorized download of content that occur when someone is visiting a Website. In many instances, malware is unknowingly loaded into a computer or phone when users surf an infected site.

“These drive-by mobile downloads that we’ve seen are mere baby steps but there are indications that these could be a growing trend,” said Runald.

Nestor Arellano is a Senior Writer at ITBusiness.ca. Follow him on Twitter, read his blog, and join the IT Business Facebook Page.

Share on LinkedIn Share with Google+