Businesses Increasingly Under Attack From Cyber-Security Threats

SonicWALL, Inc., provider of intelligent network security and data protection solutions, recently issued its mid-year cyber-threat intelligence bulletin. The bulletin reveals that businesses are increasingly under attack by cyber-criminals who seek to exploit employees connecting to corporate networks via mobile devices and their rising use of social media. Growth in Android-based malware and social media scams such as click-jacking on Facebook and malicious links sent over Twitter are creating new and heightened levels of business vulnerability from data intrusion, theft and loss. Productivity and profitability are also compromised due to network and application downtime. Data for the bulletin was sourced from the SonicWALL Global Response Intelligent Defense (GRID) Network, which gathers, analyzes and correlates billions of dynamic, real-time global cyber-threats. 

“Cyber-criminals are focusing their attention on penetrating corporate networks and data through mobile workflow and applications. Employees innocently surfing dating sites via a mobile device or PC, that are in fact fake sites, or clicking on offers on Facebook such as a free McDonald’s meal that are click-jacking scams, can have a catastrophic impact on data security, business continuity and profitability," said Boris Yanovsky, SonicWALL vice president of software engineering. Yanovsky added, “New levels of network and firewall security are needed to protect against these increasingly sophisticated and prolific threats. Advanced networking security technologies such as application intelligence and control, real-time data visualization, intrusion prevention and malware protection, all of which are available in SonicWALL’s Next-Generation Firewalls, deliver this protection.”

Key findings of the mid-year cyber-threat intelligence bulletin include:

• Mobile-based threats have risen significantly over the last six months. While these threats are not as widespread as computer-based threats, cybercriminals have found workarounds to attack mobile phones on any platform. Threats that infiltrate mobile devices via popular applications like Apple Safari and Adobe Reader can attack multiple operating systems. Also, the small screens of mobile devices typically truncate the view of long URLs, giving hackers an opportunity to lure unsuspecting users to a fake site masquerading as the site of a trusted institution.

• Android Market malware is a growing issue. With the growth of the Android Market, there has been an increase in rogue applications affecting thousands of users. Google is actively removing malicious applications that appear in the market and has also removed multiple malicious apps remotely from users’ mobile devices. However, some threats remain.

• Security threats resulting from the use of social media continue to rise. As social media has become part of the fabric of social and work-life, constant access to sites by employees from the corporate network is creating new levels of vulnerability. Click-jacking scams lead to surveys that generate income for the hackers and rogue apps compromise confidential information. Twitter messages can contain shortened malicious links that can even activate just by hovering over them. Email attacks on popular sites emulate the “look and feel” of these sites to produce very credible-looking scams.

• The U.S., Canada and Taiwan are the most heavily hit countries for worldwide threat-related traffic. In addition, the U.S., China, India and Korea lead in intrusion-related and multimedia threats. A snapshot of the top 10 most heavily hit countries may be viewed here.

• New and familiar viruses continue to infect computers and networks worldwide. Top malware threats in the first half of 2011 were fake anti-virus malware, including a new variant consisting of fake desktop utilities, SpyEye and Zeus trojan spams. “Poisoned” search results continue to deliver active malware, and every new variant is repackaged to evade anti-virus detection. Malicious code and spam often masquerade as Facebook status updates, or email and security updates from Microsoft, while BredoLab and Oficla trojan spams masquerade as tracking and invoice sites from shipping companies such as FedEx, UPS, DHL and USPS. For a list of the top intrusions, malware as well as important gateway and anti-virus signatures that protected against these threats for the first half of 2011, click here.

• Phishing fraud is more sophisticated and difficult to detect. Phishers have reduced errors and improved the quality and content of their emails, and they are now able to produce web sites that look entirely legitimate, with multiple redirections masking the deception. Blended threats that combine techniques such as data theft and malware installation are also more prevalent. SonicWALL continuously updates its list of institutions likely to be targets of spoofing attacks intended to harvest usernames, passwords and other sensitive customer information. An updated list of organizations that have been spoofed over the last six months is available here.

• Most dangerous threats over the last six months include advanced persistent threats that come in through clicked links, lie hidden for an indefinite period of time and become active at a predefined time. Also highly dangerous are institutional database breaches, which expose a wealth of data for criminal use by correlating data from more than one source, providing the basis for sophisticated attacks such as spear phishing (targeted phishing) and threats to SCADA-based systems.

• Most widespread threats. The most active category continues to be FakeAV, which uses the latest trends and news stories to target a large user base, serving OS-specific and location-specific malware. Spam continues to be widespread, with large flows of emails carrying virus-laden attachments; pitches for weight loss products, wristwatches, and pornographic services and products; “nuisance” spam that has no content other than three or four random characters; and image-only spam.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.