Chester eloquently discussed past and current malware, web exploits and spam faced by IT professionals worldwide, and demonstrated the deployment tactics of these web threats. He also provided recommendations on how to counter these attacks within enterprise networks.
For instance, the notorious 2008 computer worm, Conficker, which exploited flaws in Windows software,2 was showcased to exemplify how tricky malware can be to detect and counter. Koobface was also presented to highlight how it exploited social networking websites, across multiple languages, to attain vital FTP log-in credentials.3 The mobile security scene faired no exclusion, where malware exists in a high number of variants and is increasing in frequency and complexity. SophosLabs revealed the following data:
- SOPHOS has seen 150,000 samples of malware per day in 2011 (60% more than in 2010)
- Of a sample of 19,000 malicious websites, 80% were compromised legitimate sites
Mac Defender, the first major malware threat to the Macintosh platform,4 and other rogue/fake anti-virus software were shown to remind attendees that web threats are not only a Windows problem. He commented how Mac users are willing to pay 2 to 3 times more for fake software, yet they are a “hard sell” for the real deal, even if significantly cheaper, because many Mac users share a misconception that security software is “not needed.”
Chester also revealed the findings from an exclusive survey of numerous IT professionals that served to garner their sentiment towards social networking portals as security and productivity risks. Social networks have long been used to spread malicious links, typically via standard wall posts, mail messages, fake app pages or event notifications, and are commonly tied to headline news or celebrity gossip. Such social engineering trickery is intended to tap unsuspecting users at their peak curiosity points.
Microsoft’s “Patch Tuesdays” were also discussed. Chester gave recommendations to help IT professionals assess and prioritize the various patches seen each week in order to streamline the “update” process, while still ensuring critical network security.
The motives of the individuals and entities behind popular web attacks were also assessed. This included insights into the devious tactics of affiliate marketers and online spammers, as well as background information into the rise and fall of malware- or spam-hosting companies like EstDomains, McColo and Triple Fiber Networks (3FN.net). He also poked remarks at hacktivist organizations like LulzSec, Anonymous and WikiLeaks and their pursuit of fame and notoriety.
In summary, Chester provided a comprehensive overview of the web threat landscape within the seminar. This zveloBLOG post only touches on some of the lessons one can expect to walk-away with, which can be directly applied by enterprise security decision-makers that may be amidst researching UTM/gateway appliance or web content filtering solutions or vendors to protect their organization’s people and intellectual property.
Coincidentally, a day before the publishing of this article, SOPHOS had just wrapped up the same seminar in Arlington, Virginia. Future tour locations and dates are likely to follow, and the details can be found on the SOPHOS website at this link: Anatomy of an Attack. Don’t see an event near you? No problem, you can express you interest on the same web page. zvelo highly recommends this SOPHOS seminar to enterprise network security professionals, including people in sales and marketing roles. In the meantime, and for a sample of Chester’s charisma, he demonstrates how a simple Google image search tied to Mother’s Day can lead to the download of rogue anti-virus software in this YouTube video.
- SOPHOS. (September, 2011). “Anatomy of an Attack – How Hackers Threaten Your Security” presentation.
- Unknown Author. (n.d.). Conficker. Wikipedia.org. Retrieved November 9, 2011 from http://en.wikipedia.org/wiki/Conficker.
- Unknown Author. (n.d.). Koobface. Wikipedia.org. Retrieved November 9, 2011 from http://en.wikipedia.org/wiki/Koobface.
- Unknown Author. (n.d.). Mac Defender. Wikipedia.org. Retrieved November 9, 2011 from http://en.wikipedia.org/wiki/Mac_Defender.