- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
The long view of security strategies for your network.
Network World - "I told you so" is not exactly the favorite comment for anyone to hear, but unfortunately sometimes it has to be said.
“In the ScanSafe 2007 Annual Global Threat Report, we predicted that Web surfers might be in for a wild ride in 2008. Unfortunately, we were correct. The year launched with wide-scale attacks on mom-and-pop style Web sites. These attacks persisted throughout 2008, but their volume was quickly overtaken by surges in SQL injection attacks, which were carried out via automated attack tools delivered via botnets. The success of the SQL injection attacks has been such that in July the rate of Web-delivered malware was higher than the entirety of 2007. And the rate in October 2008 was 21% greater than July.”
The report explains that the study “is an analysis of more than 200 billion Web requests processed in 2008 by the ScanSafe Threat Center on behalf of the company's corporate clients in over 80 countries across five continents.” The authors, including ScanSafe Senior Security Researcher Mary Landesman, comment:
“The ScanSafe Global Threat Report provides a view of the threats which businesses actually face, rather than those experienced in labs or other artificial environments. Our data is gathered from real-time analysis by our proprietary threat detection technology, Outbreak Intelligence (OI) of every single Web request processed by ScanSafe in 2008. This approach differs from traditional methods of gathering information on Web-based threats, such as those methods afforded by distributed 'honeypot' networks. The artificial and contrived nature of honeypots, Web crawling, or similar technologies can lead to a skewed vision of the Web threat landscape which does not reflect actual user experience.”
Key findings from this year’s report:
• There’s been roughly a threefold increase in malware being delivered via the Web from the start to the end of 2008.
• About a fifth of all the malware detected and blocked by ScanSafe was a zero-day malware threat.
• “Indeed, as a result of the continuing mass compromise of legitimate Web sites observed throughout 2008, the standard 'safe surfing' advice of avoiding unknown or non-trusted Web sites no longer applies. Today, it is the known trusted site that should be viewed as posing the greatest risk to Web surfers.”
M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Professor of Information Assurance & Statistics in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.