M86 Security Labs report provides insight to plan security for 2012

The CIO-level business angle on the latest tech

M86 Security Labs just released its latest Security Labs Report detailing key trends and developments in Internet security. M86 is a group of security researchers who specialize in Web and email threats. They follow Internet security trends and monitor and analyze malware activity, spam and phishing, including newly discovered vulnerabilities and the exploits using them in the wild. Data and analysis from M86 Security Labs is continuously updated and always accessible online at http://www.m86security.com/labs.

This recent report covering the last half of 2011 highlights some interesting emerging trends:

• Targeted attacks have grown more sophisticated, with evidence that cybercriminals are pursuing not only commercial organizations, but also government and infrastructure targets. Moreover, with the growing use of fraudulent and/or stolen digital certificates, these attacks have become more successful and evasive.

TECH DEBATE: Are we winning the cybersecurity war?

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

M86 Security Labs just released its latest Security Labs Report detailing key trends and developments in Internet security. M86 is a group of security researchers who specialize in Web and email threats. They follow Internet security trends and monitor and analyze malware activity, spam and phishing, including newly discovered vulnerabilities and the exploits using them in the wild. Data and analysis from M86 Security Labs is continuously updated and always accessible online at http://www.m86security.com/labs.

This recent report covering the last half of 2011 highlights some interesting emerging trends:

• Targeted attacks have grown more sophisticated, with evidence that cybercriminals are pursuing not only commercial organizations, but also government and infrastructure targets. Moreover, with the growing use of fraudulent and/or stolen digital certificates, these attacks have become more successful and evasive.

TECH DEBATE: Are we winning the cybersecurity war?

• The exploit kit market has shifted dramatically toward the Blackhole exploit kit, which has the capability to update frequently and rapidly to take advantage of application vulnerabilities.

• Even though there has been a precipitous drop in spam volumes, more spam messages are likely to contain malicious links or attachments.

• There has been a significant increase in fraud and malware proliferation using social networks as a conduit.

Targeted attacks are growing more sophisticated

While targeted attacks are not new, the serious growth in incidents during the second half of 2011 is real cause for concern, not just for companies but for entire countries. According to the report, targeted attacks became sophisticated and pursued a wider range of organizations, including commercial, national critical infrastructure and military targets.

One of the new attack vectors researchers identified is the use of fraudulent digital certificates. The report indicates the DigiNotar intrusion resulted in the "fraudulent issuance of hundreds of digital certificates for a number of domains, including Google, Yahoo!, Facebook, and even for some intelligence agencies, such as the CIA, the British MI6 and the Israeli Mossad."

M86 Security stresses that organizations must plan and deploy a multi-layered security policy to minimize risks of a successful targeted attack. Recommendations are provided in the report.

Exploits: Don't fall into a Blackhole

The exploits monitored during the second half of the year targeted a variety of products, including Microsoft Internet Explorer, Oracle Java, Microsoft Office products and, quite commonly, Adobe Reader and Adobe Flash. What's really astonishing is that some of the top vulnerabilities that criminals continue to exploit have not only been known for years, but fixes have also been available for years.

For example, M86 found that the most exploited Web-based vulnerability is Microsoft Internet Explorer RDS ActiveX, which was both discovered and patched in 2006. Here we are, six years later, and this vulnerability still affects 17.7% of the pages that contain Web exploits as observed by M86 Secure Web Gateway. The M86 report states the obvious: "Many users and organizations do not patch all their installed software in a timely manner, and attackers leverage this weakness to their advantage."

Linda Musthaler is a principal analyst with Essential Solutions Corporation.