Skip Links

2008 was not a good year

ScanSafe's Annual Global Threat Report

Security Strategies Alert By M. E. Kabay, Network World
April 02, 2009 12:00 AM ET
Sign up for this newsletter now!

The long view of security strategies for your network.

Network World - "I told you so" is not exactly the favorite comment for anyone to hear, but unfortunately sometimes it has to be said.

ScanSafe starts its 2008 Annual Global Threat Report, which as usual is available free through registration, with these depressing comments:

“In the ScanSafe 2007 Annual Global Threat Report, we predicted that Web surfers might be in for a wild ride in 2008. Unfortunately, we were correct. The year launched with wide-scale attacks on mom-and-pop style Web sites. These attacks persisted throughout 2008, but their volume was quickly overtaken by surges in SQL injection attacks, which were carried out via automated attack tools delivered via botnets. The success of the SQL injection attacks has been such that in July the rate of Web-delivered malware was higher than the entirety of 2007. And the rate in October 2008 was 21% greater than July.”

The report explains that the study “is an analysis of more than 200 billion Web requests processed in 2008 by the ScanSafe Threat Center on behalf of the company's corporate clients in over 80 countries across five continents.” The authors, including ScanSafe Senior Security Researcher Mary Landesman, comment:

“The ScanSafe Global Threat Report provides a view of the threats which businesses actually face, rather than those experienced in labs or other artificial environments. Our data is gathered from real-time analysis by our proprietary threat detection technology, Outbreak Intelligence (OI) of every single Web request processed by ScanSafe in 2008. This approach differs from traditional methods of gathering information on Web-based threats, such as those methods afforded by distributed 'honeypot' networks. The artificial and contrived nature of honeypots, Web crawling, or similar technologies can lead to a skewed vision of the Web threat landscape which does not reflect actual user experience.”

Key findings from this year’s report:

• There’s been roughly a threefold increase in malware being delivered via the Web from the start to the end of 2008.

• About a fifth of all the malware detected and blocked by ScanSafe was a zero-day malware threat.

SQL injection and other attacks on Web sites grew from about 10% of the Web malware blocks at the start of 2008 to around 50% of Web malware blocks. The authors explain that these are serious problems for users: “Today’s compromised Web site is typically outfitted with invisible iframes or external source references that pull malicious content (generally malicious javascript) from attacker-owned domains. Those scripts are rendered by the Web surfer’s browser when they visit the compromised site. Outwardly, the compromised site appears perfectly normal – so much so that without careful and continual checking, the Web site owner may be oblivious to the threat their site is now delivering to visitors.”

• “Indeed, as a result of the continuing mass compromise of legitimate Web sites observed throughout 2008, the standard 'safe surfing' advice of avoiding unknown or non-trusted Web sites no longer applies. Today, it is the known trusted site that should be viewed as posing the greatest risk to Web surfers.”

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Professor of Information Assurance & Statistics in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News