The security threat landscape is an ever shifting morass of zero-day exploits, social engineering, and malicious intent. It’s often difficult to know where exactly to focus resources for threat mitigation, which is what makes reports like the Webroot 2015 Threat Brief so useful.
The Threat Brief uses an interesting methodology for determining the trend in online security and cybercrime. It employs a “next-generation” big data analytics engine to gather threat information from millions of sensors, and assesses tens of billions of URLs, billions of IP addresses, and hundreds of millions of domains, creating an aggregate picture of the threats that face businesses, web service providers, and web hosting companies.
The results are sobering. 85,000 malicious IPs are launched every day — IPs used for DDoS attacks, delivering malicious payloads, and spamming or phishing attacks. Somewhat surprisingly, the US is the largest single host of malicious IP addresses, with 31%, followed by China, Russia, and South Korea.
The vast majority of these IP addresses — around 90% — are used for spamming. Spam remains an enormous problem and a huge waste of resources, which is why InterWorx includes tools that allow users to be proactive about spam management with configurable spam filters, DKIM, and both blacklisting and whitelisting. The remaining 10 % of malicious IPs are split between proxies (41%) and scanners (51%), with a small fraction used for web attacks.
Possibly the most jarring finding in the report, and the one that businesses and web hosts should pay close attention to, is that 30% of Internet users have visited phishing sites. Each user has a 30% chance of falling for a phishing attack that leads to a fraudulent zero-day URL.
Again, the US is by far the largest host of phishing sites, which is understandable given that most phishing attacks attempt to target wealthier individuals to reap the highest ROI.
Traditionally, financial institutions have been the target of phishing attacks. The attackers represent themselves as the institution in the hope of influencing email recipients to click on the malware URL. Financial institutions remain a huge target, with over 44% of phishing sites being aimed at them, but, perhaps surprisingly, they are outnumbered by technology companies, with Google, Apple, Yahoo, Facebook, and Dropbox being the most prominent companies targeted with phishing sites.
While it’s true that 80% of the companies impersonated were financial institutions, technology companies are so well represented as victims of impersonation because of the sheer volume of phishing attempts that impersonate each company: 900 in the case of financial institutions and 9000 in the case of technology companies.
That’s an issue for companies who are training their staff to be particularly vigilant where emails from financial institutions are concerned — the average employee is more likely to receive a phishing attack impersonating a technology company like Google, about which employees may not be as concerned as they should be.
As we’ve repeatedly emphasized on this blog, knowledge is power in the fight against cybercrime, and knowing your enemy is the best way to be prepared.
Image: Flickr/Yuri Yu