Cisco security researchers: Threats originating from legitimate domains grow 90%

Described as one of the notable trends in the Cisco 2008 Annual Security Report that was released this week, Cisco security researchers said threats originating from legitimate domains grew 90%, nearly double the rate in 2007. The following provides a "quick snapshot" of the security findings contained in Cisco's report: Diagram below visually details the online threat arena, where the entire Web ecosystem comes into play.

Source: Cisco Systems Online criminals continue to create malicious websites-carefully designing them to look alluring and legitimate—to obtain sensitive personal information or distribute malware to site visitors. They hack legitimate websites from trusted organizations, such as news media or large retailers, to cause those sites to invisibly distribute malware to visitors; they also create or subvert existing Web applications and plug-ins for the same purpose. In addition, in the core underlying infrastructure of the Internet, weaknesses have been exposed that could let online criminals divert thousands of unsuspecting Internet users at once to malicious websites. Many spammers still blast out "mass-mailing" spam to millions of untargeted recipients per campaign. Source: Cisco Systems Spammers continue to improve the design and effective-ness of their messages. They’re using highly topical subject lines, far more legitimate-looking and professional-sounding content, and other techniques that make certain types of spam hard to resist for normally wary recipients—and easier to slip by anti-spam solutions. Average Daily Spam Volume: Daily spam volumes have nearly doubled in 2008 relative to 2007 Source: Cisco Systems As the possibilities and popularity of the Web have grown, so has its use as a threat vector. Source: Cisco Systems The volume of malware successfully propagated via email attachments has declined in recent years. This decline could be related to Web-based malware distribution methods proving so effective, and to the ability of antimalware products to rapidly detect and block much of the email that contains malware. These factors may have led malware creators to spend more time on malware spread via the Web rather than via email. Source: Cisco Systems Another type of spam that has become noticeably more common this year involves targeted phishing, also known as "spear phishing." For these attacks, sophisticated online criminals have been using smaller phishing campaigns aimed at more targeted groups of recipients—to great effect. Source: Cisco Systems Spear-phishing emails often succeed because they mimic messages from an authoritative source, such as a financial institution, a communications company, or some other easily recognizable entity with a reputable brand. Source: Cisco Systems In many cases, online criminals rent or steal lists of valid email addresses, and can therefore personalize outgoing messages. Consequently, even savvy Internet users—conditioned to ignoring the less-sophisticated phishing messages sprayed to millions of people at the same time—can be lured into handing over login names, passwords, and other sensitive information. The average spam rate from each webmail provider rose significantly for a period of time after tools to take advantage of their systems became commercially available. Source: Cisco Systems Criminals successfully hijacked reputations by overcoming security measures designed to avoid the mass creation of webmail accounts from top webmail providers with trusted reputations. Once criminals gained the ability to create large quantities of webmail accounts, they used them to send out massive amounts of spam, which was more likely to get through anti-spam filtering systems due to the legitimate webmail sender address. Cisco found that the number of reported vulnerabilities in 2008 increased compared to 2007, growing by 11.5 percent. This continues the trend of previous years, and shows that vendors are more actively reviewing, identifying, and correcting vulnerabilities in their products. They’re also more often collaborating with security researchers to do so. Source: Cisco Systems The growing crop of new Web 2.0 technologies such as widgets and add-ons for blogs and social networking sites have proven to be vulnerable to attack. Social engineering continues to be widely used by online criminals, many of whom have become aware of the value of social networks. Therefore, it seems logical that some of these developers would turn their attention to creating custom, highly appealing "mal-widgets" for social networking sites. Source: Cisco Systems Below Cisco shows that both the urgency of vulnerabilities and threats (which is the equivalent of activity) and the severity (equal to the impact) are continuing to increase. Source: Cisco Systems In the video below, Cisco Fellow and Security Researcher - Patrick Peterson (one of only 13 Cisco Fellows), describes Cisco's annual security report and the key threat trends that characterized the year 2008.

In the video below, Pat Peterson - Director of Technology for the Cisco IronPort Business Unit, expounds on the "botnet" security problem in today's connected world.
In the video below, Peterson describes the reputation hijacking trend.
View the entire Cisco 2008 Annual Security Report. Related story: Cisco: Cyberattacks growing, looking more legit

What do you think about the growth in threats originating from legitimate domains? BradReese.Com Cisco Refurbished Quotes on New Cisco Equipment One year warranty on refurbished: Cisco Aironet Cisco Power Supplies Cisco VoIP Gateways One year warranty Refurbished Cisco

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)