Attackers going after end users rather than servers

The Web traffic study also finds issues with botnets, corporate policies, and outdated browsers

Rather than targeting Web and email servers, attackers these days are prone to going after enterprises from the inside out, compromising end user systems and then using them to access confidential data, according to a Web traffic analysis report by security-as-a-service provider Zscaler.

Based on a recent study of traffic passing through its global network,  Zscaler's "State of the Web -- Q4 2009" report also notes trends including issues with botnets, corporate Internet access policies, and the use of the Internet Explorer 6 browser. Officially being released on Tuesday, the study analyzes Web traffic volumes covering several thousand Web transactions per second and hundreds of billions of Web transactions.

[ InfoWorld's Roger Grimes explains how to stop data leaks in an enlightening 30-minute Webcast, Data Loss Prevention, which covers the tools and techniques used by experienced security pros. ]

Zscaler found attackers were prone to embedding JavaScript or malicious iframes to pull content from an attacker's server, whereupon the content is rendered in a user's browser, said Mike Geide, senior security researcher at Zscaler, in an interview on Monday.

"The malicious content will then compromise the end user either through a vulnerable browser or through vulnerable client applications such as Adobe Acrobat Reader,"  Geide said. Malware then can steal victims' credentials.

"It's recommended that users take extra precaution when doing financial transactions online and if at all possible to utilize Web-based protection," Geide said. He acknowledged Zscaler offered services to remedy the issue but noted the company is not the only vendor to do so.

Zscaler also found significant use of the Internet Explorer 6 browser, even though it has been succeeded by two more secure generations of Microsoft's browser.  Version 6, for instance, does not maintain malicious URL and phishing block lists, the report said.

Botnets present issues, according to Zscaler. "We're seeing a lot of botnets,"  Geide said. Zscaler blocks botnets, which can take over systems, said Geide.  Zscaler also found some users attempting to deploy anonymizers, which hide a client IP address to enabie access to undesirable content such as gambling or pornography sites, he said.

Another issue, darknets, involves unallocated IP space and infected hosts on the network. This can lead to disclosures of internal information, said Geide.  Also, attackers have launched phishing attacks from sites such as the recently removed fake social networking site, coolxd.com, according to Zscaler.

In other findings, Zscaler found that content such as JPEG and GIF was more prominent than JavaScript and HTML. "The Web is very media-rich at this point in time," Geide said.

Additionally, ZScaler found that the Firefox browser is slowly gaining wider adoption, although the company needs more time to determine precise browser usage trends. "Internet Explorer is still leaps and bounds ahead of Firefox as far as the enterprise user goes," said Geide. Firefox gained more than 6 percent in market share in December, Zscaler found.  Still, Internet Explorer's share was at about 70 percent by the end of 2009.

Zscaler found Facebook predominant as a social networking site.  Three-quarters of social networking traffic traversing the Zscaler network went to Facebook.

This story, "Attackers going after end users rather than servers," was originally published at InfoWorld.com. Follow the latest developments in security at InfoWorld.com.

Tags security

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Krill

InfoWorld

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?