Recent attacks

Recent attacks

Nigel Hawthorn
Nigel Hawthorn, Blue Coat Systems EMEA marketing VP

It’s not hard to see why online crime has skyrocketed recently. In the past several weeks, we have seen two attacks using rogue Facebook applications that have hit the world’s most popular social network including the re-emergence of ‘Koobface’, which originally surfaced towards the end of last year.

It seems that hardly a day goes by at the moment without online crime making headlines. Only now, we are finding that it’s not just the vulnerabilities of the Web 2.0 applications that are being targeted. Most recently, Spotify, the up-and-coming online music service, was compromised by hackers, resulting in a breach of user data including email address, birth date, gender and other personal data such as postal code and billing receipt details.

The problem for IT directors is that the boundaries between home and work are blurring. There are now millions of people downloading music from the Web or visiting other recreational legal sites on their work desktops and with the potential for content and their personal information to spread virally, they’re potentially a scammer’s dream. Faced with the growing severity of these Web-based threats, as well as new threats that are appearing every few seconds, organisations should undertake a number of important defensive measures to protect their users, networks and data.

 

However, they must also protect themselves from unmonitored and unmanaged employee use of applications such as unauthorised peer-to-peer file-sharing systems, consumer-oriented instant-messaging clients, consumer voice-over-IP tools and the like that can be the conduit for loss of sensitive corporate information.

 

What can organisations do?

Companies should deploy a variety of tools in a multi-layered architecture to monitor, manage and control the use of a growing variety of applications that are used in the workplace. The defences should include an integrated community database to ensure that every user is gaining by the experience of every other user. As threats are constantly changing, the system must also be able to provide instant reviews of new web pages so that a new threat is identified even for the first potential victim. A layered defence should be deployed that gathers together reputation, web text inspection, malware scanning and the sharing of threats from organisations that understand spam and those that understand web content. Of course, the ultimate goal is to keep users safe and advise them on threats to the organisation of data leakage while ensuring compliance with corporate, legal and other policies, tying defences into a cohesive defense strategy to protect against the growing variety of threats.

 

Employ a community-based Web infrastructure

Deploying a neighbourhood watch-based approach has distinct advantages over conventional centralised web-spider approaches. As we know; web pages can be infected at a moment’s notice, so daily crawls from a single place leaves web sites unprotected except at the instant that the crawler inspects the page. A large group of users can access tens or hundreds of millions of Web pages daily, providing a constant stream of fresh information about Web sites and Web pages and can therefore more readily detect new infections. For example, a conventional system may verify that a specific Web page is secure every day at 10:00am, but that system will not detect a malware attack that occurs on the page any other time of the day. However, a system in which members of a large community are visiting that page regularly is far more likely to detect the attack.

 

Employ granular management

It is clear that organisations need to enable certain web 2.0 applications to realise the productivity gains they offer for their employees. For example, various Web 2.0 technologies can be an invaluable way of developing business contacts. However, they also need to protect their users from the myriad threats that can be delivered through these sites, as well as the new threats that are emerging through file downloads. Granular policies can allow text and graphics content while blocking applications, AV gateways can inspect traffic on the fly and neighbourhoodwatch services can deliver broader knowledge than singular systems working on their own. The key is to be able to monitor and control access to critical technologies while protecting users and networks from malware.