From monitoring the competition to downloading music, the Web has become a integral part of our work and personal lives. While it has helped make us more productive and informed, it has also exposed us and the organizations we work for to mounting security threats.
In fact, according to the Symantec Internet Security Threat Report, the Web and Web applications have become the primary source of malware infections with the number of Web-based attacks nearly doubling in 2010.
One (not so) fun way this is happening is via so-called SEO poisoning, where hackers set up malware sites to show up in Google searches of trending news topics, like the Olympic Games or the death of a celebrity, tricking unsuspecting surfers into clicking their links and spreading infections.
Five major recent threats are leaving us vulnerable to cybercrime and confirming that most organizations’ URL filtering isn’t providing adequate enough protection.
Threat #1: Targeted attacks.
A recent example is the Stuxnet worm, which initially targeted and wreaked havoc on Siemens industrial software and equipment as well as on organizations in Iran suspected of involvement in the country’s uranium enrichment program. Targeted attacks like Stuxnet showed that organizations couldn’t simply rely on physical isolation to protect themselves – one weak link, like a USB stick, was often enough to initiate an attack.
Threat #2: Social networking.
Social media has dramatically changed the way we interact with one another. A by-product of this has been much more personal information finding itself easily accessible online, including our email addresses. Now all it takes to target an individual with an attack is to find his email address and send an innocuous message inviting him to click a link or an attachment. If the attachment is infected, it may introduce malware on to the person’s PC or into his company’s network.
Threat #3: Hide and seek.
These targeted attacks take advantage of security vulnerabilities, particularly through web browsers, to sneak inside an organization and hide in plain site until a zero day attack.
Threat #4: Attack kits.
Downloadable do-it-yourself attack kits have been around for a while but recent cyber-innovations have given them a boost. Most involve simply injecting a single line of code into a hidden frame on a legitimate site – like your local sushi restaurant or doctor’s office. In fact, Symantec has observed that up to 90% of malicious websites are now actually compromised legitimate sites.
Threat #5: Mobile devices.
While volume of malware infections is still relatively low on mobile devices – likely because of the low return on investment for hackers – there has been a recent increase. Bet on further increases in mobile attacks as smartphones and tablets become more connected to enterprise networks.
While URL filtering does help keep users from going to known bad sites, your company is at risk without a more secure Web gateway. Symantec Web Gateway protects organizations against multiple types of Web-borne malware, prevents data loss over the Web and gives organizations the flexibility of deploying it as either a virtual appliance or on physical hardware.
Powered by Symantec’s innovative Web content filtering technology called Insight, Web Gateway relies on a global network of greater than 175 million users to identify new threats before they cause disruption in organizations. Symantec processes over 8 billion email messages daily, gathers malicious code data from hundreds of millions of systems, and uses 240,000 sensors that attract infections and neutralize them. That means if there’s a malicious attack about to hit you, Symantec Web Gateway and its network likely know about it first and do everything to block it – or show you what you need to do to take action against the threat.
To learn more about better protection and control with Symantec Web Gateway, visit Softchoice’s Symantec brand store.