Analysis provided in the Websense 2014 Threat Report, which was released this week, indicates that attackers are increasingly using more sophisticated techniques to circumvent system defenses, compromise critical systems, and remain persistent in infected networks while gleaning reams of sensitive data.
“It’s crucial to understand that attacks are using sophisticated techniques to bypass defenses at any or all of the seven stages, and that the further an attack progresses along the threat lifecycle the greater the risk of data theft,” the report states. “Further, rapidly evolving attacks make it more difficult for point security solutions that provide protection across only one or two stages”
Key findings from the Websense Security Labs 2014 Threat Report  include:
- 85% of malicious links used in web or email attacks were located on compromised legitimate websites
- 3.3% of all spam contained malicious links and other malicious content
- The average number of website redirects used per attack in 2013 was four
- The maximum number of redirects used in a fully documented attack was 20
- Websites classified as Business and Economy, Information Technology, Shopping and Travel made the top 10 list of compromised redirect destination categories
- The Magnitude and Neutrino Exploit Kits experienced the largest surge in adoption following the arrest of Blackhole’s creator
- 30 percent of malicious executable files sampled included custom encryption of command and control communication or data exfiltration
“Cybercriminals continue to evolve their attack planning and execution to stay ahead of most existing security measures,” said Charles Renert, vice president of security research for Websense.
“While the determined, persistent attackers continue to have success in advanced, strategic attacks using zero-day exploits and advanced malware, there has also been a boom in cybercriminal activity on a massive scale. Even these more ‘common’ forms of attack are easily slipping past organizations without real-time defenses.”
Read More Here (requires form)…