SlideShare a Scribd company logo
1 of 57
Download to read offline
Internet Threats
Trend Report


January 2012
January 2012 Threat Report


           The following is a condensed version
             of the January 2012 Commtouch
              Internet Threats Trend Report

    You can download the complete report at
  http://www.commtouch.com/threat-report-january-2012




Copyright© 2011 Commtouch Software Ltd. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and
Commtouch, Authentium, Command Antivirus and Command Anti-malware are registered trademarks, of Commtouch. U.S. Patent
No. 6,330,590 is owned by Commtouch.
January 2012 Threat Report


1 Key Highlights

               Facebook Attacks
 2 Feature     – The year in review

                Malware, Spam, Web Security,
  3   Trends    Compromised Websites and
                Zombies
Key Highlights for Q4 2011
Key Security Highlights


Average daily spam/phishing
        emails sent
      101 Billion


Spam levels increased marginally in
 November and December 2011
Key Security Highlights


            Spam Zombie daily turnover

                   209,000 Zombies


       A very large decrease compared to the
                    336,000 in Q3

(Zombie turnover is the number of zombies turned off and on daily)
Key Security Highlights


         Most popular blog topic on
         user generated content sites
                 Streaming media/
                 downloads (22%)

Streaming media & downloads remains in top
       spot but dropped 2% from Q3

Includes sites with MP3 files or music related sites such as fan
  pages (these might also be categorized as entertainment)
Key Security Highlights



Most popular spam topic
    Pharmacy Ads
        (31%)

      Up 2% over Q3
Key Security Highlights


         Country with the
          most Zombies
           India (23.5%)


India increased its share in Q4 to nearly one
       quarter of the world’s zombies
Key Security Highlights


      Website category most likely to
      be compromised with malware

           Parked Domains


“Parked domains” and “Portals” remained in
the top 2 positions with “pornographic sites”
                in 3rd position
Feature…




     Facebook Attacks
       – The year in review
Facebook Attacks – 2011

              Facebook Attacks in 2011

• Continues to be an attractive target for attacks from
  malware distributors, scammers and plain old jokers
• Most Facebook attacks ultimately lead victims to
  affiliate marketing/survey sites
• Q4 2011 saw increases in free-merchandise scams
Lifecycle of Facebook Attacks
           The 3 Stages of Facebook Attacks

           Stage 1 – The Catch
 The
Catch          Enticing offer or information inspiring
               action by a Facebook user


   Spreading       Stage 2 – Spreading the Attack
      the             Ensure the attacks continues/spreads
     Attack


                         Stage 3 – The Goal
        The Goal            What the cybercriminals wants
                            to gain or achieve
The Catch - 4 Tactics
 The 4 ways Facebook users are tricked into “liking”,
        following a link or adding add an app

1. Free goods
   – Items ranging from
     headphones to gift cards
     to unreleased Facebook
     phones

2. Sensational headlines on current news issues
   Examples:
   – Death of Osama Bin videos
   – Death of Steve Jobs “free
     iPad/iPhone” scams
The Catch - 4 Tactics
3. Must see tragic/amazing events with call to action
   – Users follow a link, or click
     on Like to see a shocking
     video/photo, or forward a
     chain message
                     The Spanish in the example above translates to “Look what happens”.



4. Must-have Facebook app download
   Example of popular attack:
   – Mythical app allowing users
     to see who has been viewing
     their profile and get a
     breakdown of boy and girl
     views of their profile
The Catch – Summary
                  Summary of Catch Tactics
• Social engineering is the key to the tactics used to “catch”
  Facebook victims
• The tactics are spread nearly evenly between the four tactics
  described above
   – Most used tactic – “must see this” (36%)
   – Most common tactic in second half of 2011 – 26 “free stuff” (26%)
Spreading Attacks
        How Facebook Attacks are Propagated
• Cybercriminals abuse the inherent trust of Facebook
  friends
• 4 main methods for spreading attacks:
   1.   Tricking users into sharing
   2.   Likejacking
   3.   Rogue applications
   4.   Malware and “self-XSS”
Spreading Attacks
Tricking users into sharing
• Users aware that they are liking/sharing a page, but
  do so under false pretenses
• Example attacks:
   – Scams promising free gift cards
     in exchange for like/share
   – Users post a hoax they believe
     to be true warning other users
     about a (nonexistent) virus or
     telling them the sad tale of a
     (nonexistent) abused child
Spreading Attacks
Likejacking
• A common tactic is to entice users to see a video
• The video player may be functional but the page includes
  scripts that use any mouse click to generate a “like”




• Users unaware that they have liked a page, but the “like” is
  used to lead more friends to the video
Spreading Attacks
Rogue applications
• Apps users believe provide worthwhile functionality
   – Example: An app promising to reveal who has been
     viewing your profile
• Users grant these apps permission to access parts of
  their user profile as well as post on their wall
   – Wall posts are then used
     by the rogue app to
     spread out further within
     Facebook
Spreading Attacks
Malware and “self-XSS”
• Malware unwittingly installed a user's PC hijacks
  their Facebook session for posts and other activity
• How it works
   – Traditional cross site scripting (XSS) attacks rely on a
     hidden script within a webpage to hijacks a Facebook
     session
   – Self-XSS means that malicious script was activated by a
     user (the “self”) giving another site access to the Facebook
     session
Spreading Attacks
– Users are tricked into activating a script by copying it
  directly into their browser
– In most cases scripts will direct to an external site (the
  “cross-site” of “cross-site scripting”) and then post a wall
  post or an event invite, which others view and in turn
  help to further
  propagate the
  attack
Goal of Attacks
              Goal of the Facebook Attack
The goal of Cybercriminals with Facebook attacks can
be divided into the following categories:
• Marketing affiliate/survey sites
• Chain posts and hoaxes
• Other
Goal of Attacks
Marketing affiliate/survey sites
• Benefit to Cybercriminals:
   – Affiliate payments for driving users to specific sites
   – Collection of personal data to be used in identity theft
• Users are led to believe that
  completion of a form will
  result in a free gift (iPhone,
  gift card, cap, etc.)
• They may also be tricked
  into signing up for
  unwanted products
Goal of Attacks
Chain Posts and Hoaxes
• The Benefit to Cybercriminals:
   – Pranksters having a laugh at the expense of unaware
     Internet users
• Users like or share stories of abused children or
  devastating computer viruses
• Many of the fake stories were email chain emails
  many years ago and have been reused
Goal of Attacks
Other types of attack
• Defacement
   – Benefit to Cybercriminal: Embarrass Facebook
• Spreading malware
   – Benefit to Cybercriminal: Spread malware that steal
     passwords or sends spam
• Collecting Likes
   – Benefit to Cybercriminal: Generate an enormous number
     of likes of a page (several hundred thousand in some
     cases) but with no clear further malicious purpose
Facebook Attacks Summary
          Summary of 2011 Facebook Attacks

Some progress made during 2011 to stop attacks
• Various attacks more quickly detected and removed by
  Facebook
• Almost no recent reports of rogue applications compared to
  the numerous examples from the first half of the year
• Some attack methods, such as the self-XSS, almost completely
  eliminated (due to security updates by major browser
  vendors)
• “Free merchandise” scams are still common
Q4 Malware Trends




  For a complete analysis of Facebook attacks
        in 2011, download the complete
  January 2012 Internet Threats Trend Report
http://www.commtouch.com/threat-report-january-2012
Trends in Q4 2011…




  Malware Trends
Q4 Malware Trends

• The large amounts of email-malware in 2011 were a
  surprise to many analysts
    • Analysts had predicted the continued demise of
      the spam threat vector following a quiet 2010
• The mass Malware-attachment outbreaks of late Q3
  subsided in Q4, as can be seen in the chart below
• Multiple “blended threat” email outbreaks were
  tracked by Commtouch in Q4
    • Involved emails and malware hosted on
      compromised websites
Q4 Malware Trends


Malware email levels – Jan to Dec 2011




                                                 Source: Commtouch
Q4 Malware Trends

              Top 10 Malware of Q4 2011

Rank Malware name                 Rank Malware name

 1   W32/Swizzor-based!Maximus     6   W32/MyWeb.D

 2   W32/Brontok.A.gen!Eldorado    7   W32/Tibs.K.gen!Eldorado

 3   JS/IFrame.HC.gen              8   W32/Mabezat.A-2

 4   W32/Virut.9264                9   W32/Virtumonde.T.gen!Eldorado

 5   W32/Heuristic-210!Eldorado   10   W32/Mywebsearch.B.gen!Eldorado

                                                    Source: Commtouch
Q4 Malware Trends




 For a complete analysis of Malware in Q4 and the
specific attacks employed, download the complete
    January 2012 Internet Threats Trend Report
 http://www.commtouch.com/threat-report-january-2012
Trends in Q4 2011…




  Spam Trends
Q4 Spam Trends
 •    Spam levels increased marginally in Nov & Dec but
      remained at their lowest in years following the Rustock
      botnet takedown in March
 •    Q3 average spam levels approached 101 billion email
      messages
                        Spam levels – Jan to Dec 2011




Jan   Feb   Mar Apr   May   Jun     Jul    Aug     Sep   Oct   Nov Dec
                                                                 Source: Commtouch
Q4 Spam Trends

•         Spam averaged 77% of all emails in Q4 (excluding emails
          with malware attachments)


                        Spam % of all emails - Jan to Dec 2011




    Jan     Feb   Mar Apr   May     Jun     Jul    Aug     Sep   Oct      Nov    Dec
                                                                       Source: Commtouch
Q4 Spam Trends
November Spam Tactics
– Sending spam containing URLs not yet registered
• Several hundred million emails sent out with many thousands of
  unregistered URLs
How it Works
• Spam filters with URL reputation systems check if URLs are registered and
  when they were registered
    – Bad sites usually have registrations that are only several hours old
• If a site is not registered when checked, many URL reputation systems will
  not blacklist the site and not pursue further checks
• This loophole allows spammers to send out emails linking to unregistered
  URLs and then register them an hour
  or so after the outbreak in order to
  prevent the URLs from being blocked
Q4 Spam Trends
Top Faked (Spoofed) Spam Sending Domains*
                                 • Gmail.com once again the
                                   most spoofed domain
                                 • Facebook related addresses
                                   (unsubscribe.facebook.com)
                                   and facebookmail.com both
                                   feature in the top 15 (often
                                   part of phishing or malware
                                   attacks)




                                 * The domains that are used by spammers
             Source: Commtouch     in the “from” field of the spam emails.
Q4 Spam Trends
                        Spam Topics
• “Pharmacy spam” increases for second straight quarter (about 2% over
  Q3) reaching 31% of all spam
• Dating related spam increased from 2.3% to nearly 12% in the last
  quarter of the year




                                                       Source: Commtouch
Q4 Spam Trends




Find out more about Spam Trends in Q4 by
    downloading the complete January
      Internet Threats Trend Report
http://www.commtouch.com/threat-report-january-2012
Trends in Q4 2011…




  Web Security
Q4 Compromised Websites
Trend: Compromised Websites Store Malware

• Most of the emails carrying malware links in Q4 used
  compromised websites
• Example:
  The “speeding fine”
  link directs to
  JavaScript malware on
  a legitimate site called
  “jemgaming.net”.




                                                     Source: Commtouch
Q4 Compromised Websites
Trend: Compromised sites used as redirect points to
       pharmacy and enhancer websites

• Majority of the exploited sites were using the WordPress
  content management system
• Spammers exploited a vulnerability in WordPress or in a
  plugin in order to hide the redirect pages
• Before being redirected users are shown an initial page
  hidden within one of the WordPress subdirectories (see image
  below)
Q4 Compromised Websites

Compromised
site shows
message before
redirecting


Destination
enhancer site


Homepage of the
compromised
WordPress site
with no change
in functionality
Q4 Compromised Websites
           Website categories infected with malware
    • Parked domains and Portals remained in the top 2 positions
      with pornographic sites in 3rd position
      (As noted in previous reports, the hosting of malware may well be the
      intention of the owners of the parked domains and pornography sites)
    Rank                Category                Rank              Category
1           Parked Domains                  6          Entertainment
2           Portals                         7          Shopping
3           Pornography/Sexually Explicit   8          Health & Medicine
4           Education                       9          Travel
5           Business                        10         Computers & Technology
                                                                       Source: Commtouch
       Portals category includes sites offering free homepages, which are
       often abused to host phishing and malware content or redirects to
       other sites with this content
Q4 Compromised Websites
    Website categories infected with phishing
• This is an analysis of which categories of legitimate Web sites
  were most likely to be hiding phishing pages (usually without
  the knowledge of the site owner)
• Sites related to games ranked highest in Q4, similar to Q3
    Rank           Category                  Rank            Category
   1       Games                         6          Sports
   2       Portals                       7          Business
   3       Shopping                      8          Leisure & Recreation
   4       Education                     9          Entertainment
   5       Fashion & Beauty              10         Real Estate
                                                             Source: Commtouch

   Portals category includes sites offering free homepages, which are
   abused to host phishing and malware content.
Q4 Compromised Websites




 Download the complete January 2012 Internet
    Threats Trend Report for more details
http://www.commtouch.com/threat-report-january-2012
Trends in Q4 2011…




  Zombie Trends
Q4 Zombie Trends
             Daily Turnover of Zombies in Q4
• Q4 saw an average turnover of 209,000 zombies each day
  that were newly activated for sending spam
• A very large decrease compared to the 336,000 of Q3 2011
• Average turnover for all of 2011 – 297,500 zombies per day
          Daily newly activated spam zombies: Jan to Dec 2011




                                                            Source: Commtouch
Q4 Zombie Trends
        Worldwide Zombie Distribution in Q4




                                                        Source: Commtouch

• India again claimed the top zombie producer title, increasing its
  share to nearly a quarter of the world’s zombies
• Brazil, once a fixture in first position, continued to drop
   – this quarter to 6th position (a further drop of around 3%)
• Peru and Kazakhstan joined the top 15, displacing Saudi Arabia
  and Columbia
Q4 Zombie Trends




 Download the complete January 2012 Internet
    Threats Trend Report for more details
http://www.commtouch.com/threat-report-january-2012
Trends in Q4 2011…




  Web 2.0 Trends
Q4 Web 2.0 Trends
                                   Web 2.0 Trends
   • “Streaming media and downloads” was again the most
     popular blog or page topic, but dropped 2% in Q4

Rank             Category            Percentage   Rank         Category         Percentage
 1     Streaming Media & Downloads      22%        8     Arts                       5%
 2     Computers & Technology            8%        9     Sports                     4%
 3     Entertainment                     7%        10    Education                  4%
 4     Pornography/Sexually Explicit     6%        11    Leisure & Recreation       3%
 5     Fashion & Beauty                  5%        12    Health & Medicine          3%
 6     Restaurants & Dining              5%        13    Games                      3%
 7     Religion                          5%        14    Sex Education              2%
                                                                          Source: Commtouch




   The streaming media & downloads category includes sites with MP3 files or
   music related sites such as fan.
Review of Q4 2011
Review of Q4 2011

                            October                November                     December

 Lowest                                                                            Most
spam per      Speeding     Spam ratio               Phony airline                spam per     Better
            ticket email- reaches low    Facebook itineraries lead    Facebook day: 138      business
 day: 60
               malware       of 73%     defacement to malware          free gift   billion    bureau
  billion
                                           attack                    card scams              malware




                                                                               Pizza
 Free iPhone     Compromised                        ACH                       malware
                               Unregistered                   “look what
     scams        WordPress                     transaction                                    James
                              domains used                     happens”
   following       sites host                    cancelled                                    Cameron
                                 in spam                       Facebook
    death of       malware                       malware                                     new movie
                                  emails                       bikini girl
  Steve Jobs                                       emails                                     malware
                                                              likejacking

                                                                                                Source: Commtouch
Download the complete January 2012
     Internet Threats Trend Report
                   at
http://www.commtouch.com/threat-report-january-2012
For more information contact:
      info@commtouch.com
    650 864 2000 (Americas)
 +972 9 863 6895 (International)

   Web: www.commtouch.com
Blog: http://blog.commtouch.com

More Related Content

What's hot

When web 2.0 sneezes, everyone gets sick
When web 2.0 sneezes, everyone gets sickWhen web 2.0 sneezes, everyone gets sick
When web 2.0 sneezes, everyone gets sickStefan Tanase
 
ELECTRONIC QUIZ IN EMPOWERMENT TECHNOLOGY
ELECTRONIC QUIZ IN EMPOWERMENT TECHNOLOGYELECTRONIC QUIZ IN EMPOWERMENT TECHNOLOGY
ELECTRONIC QUIZ IN EMPOWERMENT TECHNOLOGYkillersmile1
 
LIFARS - Financial Cybercrime
LIFARS - Financial CybercrimeLIFARS - Financial Cybercrime
LIFARS - Financial CybercrimeLIFARS
 
Melanie g done 6565
Melanie g done 6565Melanie g done 6565
Melanie g done 6565pizonaim
 
Social media privacy and safety
Social media privacy and safetySocial media privacy and safety
Social media privacy and safetySarah K Miller
 
1 empowerment technology_by_rey_anthon_&_elma_mea[1]
1 empowerment technology_by_rey_anthon_&_elma_mea[1]1 empowerment technology_by_rey_anthon_&_elma_mea[1]
1 empowerment technology_by_rey_anthon_&_elma_mea[1]niniogolo
 
Empowerment technology Grecille Mae Gesulga and Catalino
Empowerment technology Grecille Mae Gesulga and CatalinoEmpowerment technology Grecille Mae Gesulga and Catalino
Empowerment technology Grecille Mae Gesulga and CatalinoPadsromel
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risksParakum Pathirana
 
Empowerment technology Romel Padon & Airine Gelos
Empowerment technology Romel Padon & Airine GelosEmpowerment technology Romel Padon & Airine Gelos
Empowerment technology Romel Padon & Airine GelosPadsromel
 
Empowerment technology Josua De Guzman and Chariza
Empowerment technology Josua De Guzman and CharizaEmpowerment technology Josua De Guzman and Chariza
Empowerment technology Josua De Guzman and CharizaPadsromel
 
Social network privacy & security
Social network privacy & securitySocial network privacy & security
Social network privacy & securitynadikari123
 
Empowerment Technology By: Zyrhell Rafer and Bretny Roces
Empowerment Technology By: Zyrhell Rafer and Bretny RocesEmpowerment Technology By: Zyrhell Rafer and Bretny Roces
Empowerment Technology By: Zyrhell Rafer and Bretny RocesPadsromel
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networksTannistho Ghosh
 
Ashpiaaaaa
AshpiaaaaaAshpiaaaaa
Ashpiaaaaapizonaim
 
Security Dangers of Social Networking
Security Dangers of Social NetworkingSecurity Dangers of Social Networking
Security Dangers of Social NetworkingBillBrenner70
 
Analysis of Cyberbullying Tweets in Trending World Events
Analysis of Cyberbullying Tweets in Trending World EventsAnalysis of Cyberbullying Tweets in Trending World Events
Analysis of Cyberbullying Tweets in Trending World Eventskcortis
 

What's hot (20)

When web 2.0 sneezes, everyone gets sick
When web 2.0 sneezes, everyone gets sickWhen web 2.0 sneezes, everyone gets sick
When web 2.0 sneezes, everyone gets sick
 
Social Media Safety Tips
Social Media Safety TipsSocial Media Safety Tips
Social Media Safety Tips
 
ELECTRONIC QUIZ IN EMPOWERMENT TECHNOLOGY
ELECTRONIC QUIZ IN EMPOWERMENT TECHNOLOGYELECTRONIC QUIZ IN EMPOWERMENT TECHNOLOGY
ELECTRONIC QUIZ IN EMPOWERMENT TECHNOLOGY
 
LIFARS - Financial Cybercrime
LIFARS - Financial CybercrimeLIFARS - Financial Cybercrime
LIFARS - Financial Cybercrime
 
Melanie g done 6565
Melanie g done 6565Melanie g done 6565
Melanie g done 6565
 
Social media privacy and safety
Social media privacy and safetySocial media privacy and safety
Social media privacy and safety
 
1 empowerment technology_by_rey_anthon_&_elma_mea[1]
1 empowerment technology_by_rey_anthon_&_elma_mea[1]1 empowerment technology_by_rey_anthon_&_elma_mea[1]
1 empowerment technology_by_rey_anthon_&_elma_mea[1]
 
SOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITYSOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITY
 
Empowerment technology Grecille Mae Gesulga and Catalino
Empowerment technology Grecille Mae Gesulga and CatalinoEmpowerment technology Grecille Mae Gesulga and Catalino
Empowerment technology Grecille Mae Gesulga and Catalino
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risks
 
Empowerment technology Romel Padon & Airine Gelos
Empowerment technology Romel Padon & Airine GelosEmpowerment technology Romel Padon & Airine Gelos
Empowerment technology Romel Padon & Airine Gelos
 
Empowerment technology Josua De Guzman and Chariza
Empowerment technology Josua De Guzman and CharizaEmpowerment technology Josua De Guzman and Chariza
Empowerment technology Josua De Guzman and Chariza
 
Social network privacy & security
Social network privacy & securitySocial network privacy & security
Social network privacy & security
 
ICT
ICTICT
ICT
 
Empowerment Technology By: Zyrhell Rafer and Bretny Roces
Empowerment Technology By: Zyrhell Rafer and Bretny RocesEmpowerment Technology By: Zyrhell Rafer and Bretny Roces
Empowerment Technology By: Zyrhell Rafer and Bretny Roces
 
Security threats in social networks
Security threats in social networksSecurity threats in social networks
Security threats in social networks
 
Ashpiaaaaa
AshpiaaaaaAshpiaaaaa
Ashpiaaaaa
 
C3
C3C3
C3
 
Security Dangers of Social Networking
Security Dangers of Social NetworkingSecurity Dangers of Social Networking
Security Dangers of Social Networking
 
Analysis of Cyberbullying Tweets in Trending World Events
Analysis of Cyberbullying Tweets in Trending World EventsAnalysis of Cyberbullying Tweets in Trending World Events
Analysis of Cyberbullying Tweets in Trending World Events
 

Similar to Jan 2012 Threats Trend Report

osn-threats-solutions-2
osn-threats-solutions-2osn-threats-solutions-2
osn-threats-solutions-2SMITA V MORE
 
Infocom Security
Infocom SecurityInfocom Security
Infocom Securitymmavis
 
The Corporate Web Security Landscape
The Corporate Web Security LandscapeThe Corporate Web Security Landscape
The Corporate Web Security LandscapePeter Wood
 
Epowerment Technology by: Geraldine Salve Pepe and Lailanie Pepe
Epowerment Technology  by: Geraldine Salve Pepe and Lailanie PepeEpowerment Technology  by: Geraldine Salve Pepe and Lailanie Pepe
Epowerment Technology by: Geraldine Salve Pepe and Lailanie Pepesalvepepe
 
REVIEWER-FOR-ETECH.docx
REVIEWER-FOR-ETECH.docxREVIEWER-FOR-ETECH.docx
REVIEWER-FOR-ETECH.docxRheamaeLiwan
 
REVIEWER-FOR-ETECH (1).docx
REVIEWER-FOR-ETECH (1).docxREVIEWER-FOR-ETECH (1).docx
REVIEWER-FOR-ETECH (1).docxJakeTorio1
 
REVIEWER-FOR-ETECH (1).docx
REVIEWER-FOR-ETECH (1).docxREVIEWER-FOR-ETECH (1).docx
REVIEWER-FOR-ETECH (1).docxEhraicaSaquing
 
REVIEWER-FOR-ETECH.docx
REVIEWER-FOR-ETECH.docxREVIEWER-FOR-ETECH.docx
REVIEWER-FOR-ETECH.docxDineLiwan
 
REVIEWER-FOR-ETECH.docx
REVIEWER-FOR-ETECH.docxREVIEWER-FOR-ETECH.docx
REVIEWER-FOR-ETECH.docxLiberty Aquino
 
Empowerment Technology by: Maria Elisa Pal and Rodel Reyes
Empowerment Technology  by: Maria Elisa Pal and Rodel ReyesEmpowerment Technology  by: Maria Elisa Pal and Rodel Reyes
Empowerment Technology by: Maria Elisa Pal and Rodel Reyesandregoron
 
L1b Trends in ICT - Online Safety and Security.pdf
L1b Trends in ICT - Online Safety and Security.pdfL1b Trends in ICT - Online Safety and Security.pdf
L1b Trends in ICT - Online Safety and Security.pdfJeth Cuenco
 
PALO ALTO -NETWORKS Application Usage & Threat Report 2014
PALO ALTO -NETWORKS  Application Usage & Threat Report 2014PALO ALTO -NETWORKS  Application Usage & Threat Report 2014
PALO ALTO -NETWORKS Application Usage & Threat Report 2014Marcello Marchesini
 
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sitesPuneeth Puni
 
The Anatomy of an Anonymous Attack
The Anatomy of an Anonymous AttackThe Anatomy of an Anonymous Attack
The Anatomy of an Anonymous AttackImperva
 

Similar to Jan 2012 Threats Trend Report (20)

osn-threats-solutions-2
osn-threats-solutions-2osn-threats-solutions-2
osn-threats-solutions-2
 
Infocom Security
Infocom SecurityInfocom Security
Infocom Security
 
The Corporate Web Security Landscape
The Corporate Web Security LandscapeThe Corporate Web Security Landscape
The Corporate Web Security Landscape
 
Fb Another Breach In The Wall
Fb Another Breach In The WallFb Another Breach In The Wall
Fb Another Breach In The Wall
 
Epowerment Technology by: Geraldine Salve Pepe and Lailanie Pepe
Epowerment Technology  by: Geraldine Salve Pepe and Lailanie PepeEpowerment Technology  by: Geraldine Salve Pepe and Lailanie Pepe
Epowerment Technology by: Geraldine Salve Pepe and Lailanie Pepe
 
unit 2.pptx
unit 2.pptxunit 2.pptx
unit 2.pptx
 
REVIEWER-FOR-ETECH.docx
REVIEWER-FOR-ETECH.docxREVIEWER-FOR-ETECH.docx
REVIEWER-FOR-ETECH.docx
 
REVIEWER-FOR-ETECH (1).docx
REVIEWER-FOR-ETECH (1).docxREVIEWER-FOR-ETECH (1).docx
REVIEWER-FOR-ETECH (1).docx
 
REVIEWER-FOR-ETECH.docx
REVIEWER-FOR-ETECH.docxREVIEWER-FOR-ETECH.docx
REVIEWER-FOR-ETECH.docx
 
REVIEWER ETECH
REVIEWER ETECHREVIEWER ETECH
REVIEWER ETECH
 
REVIEWER-FOR-ETECH (1).docx
REVIEWER-FOR-ETECH (1).docxREVIEWER-FOR-ETECH (1).docx
REVIEWER-FOR-ETECH (1).docx
 
Empowerment Technology
Empowerment Technology Empowerment Technology
Empowerment Technology
 
REVIEWER-FOR-ETECH.docx
REVIEWER-FOR-ETECH.docxREVIEWER-FOR-ETECH.docx
REVIEWER-FOR-ETECH.docx
 
REVIEWER-FOR-ETECH.docx
REVIEWER-FOR-ETECH.docxREVIEWER-FOR-ETECH.docx
REVIEWER-FOR-ETECH.docx
 
Empowerment Technology by: Maria Elisa Pal and Rodel Reyes
Empowerment Technology  by: Maria Elisa Pal and Rodel ReyesEmpowerment Technology  by: Maria Elisa Pal and Rodel Reyes
Empowerment Technology by: Maria Elisa Pal and Rodel Reyes
 
L1b Trends in ICT - Online Safety and Security.pdf
L1b Trends in ICT - Online Safety and Security.pdfL1b Trends in ICT - Online Safety and Security.pdf
L1b Trends in ICT - Online Safety and Security.pdf
 
blackhole.pdf
blackhole.pdfblackhole.pdf
blackhole.pdf
 
PALO ALTO -NETWORKS Application Usage & Threat Report 2014
PALO ALTO -NETWORKS  Application Usage & Threat Report 2014PALO ALTO -NETWORKS  Application Usage & Threat Report 2014
PALO ALTO -NETWORKS Application Usage & Threat Report 2014
 
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
10 IJAERS-JUN-2015-42-Social Engineering on Social Networking sites
 
The Anatomy of an Anonymous Attack
The Anatomy of an Anonymous AttackThe Anatomy of an Anonymous Attack
The Anatomy of an Anonymous Attack
 

More from Cyren, Inc

Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowCyren, Inc
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportCyren, Inc
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareCyren, Inc
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksCyren, Inc
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingCyren, Inc
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyCyren, Inc
 
Webinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatWebinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatCyren, Inc
 
Webinar: Botnets - The clone army of cybercrime
Webinar: Botnets - The clone army of cybercrimeWebinar: Botnets - The clone army of cybercrime
Webinar: Botnets - The clone army of cybercrimeCyren, Inc
 
Webinar: How hackers are making your security obsolete
Webinar: How hackers are making your security obsoleteWebinar: How hackers are making your security obsolete
Webinar: How hackers are making your security obsoleteCyren, Inc
 
Webinar: 10 steps you can take to protect your business from phishing attacks
Webinar: 10 steps you can take to protect your business from phishing attacksWebinar: 10 steps you can take to protect your business from phishing attacks
Webinar: 10 steps you can take to protect your business from phishing attacksCyren, Inc
 
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseWebinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseCyren, Inc
 
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportWebinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportCyren, Inc
 
Webinar: Dispelling the Myths about Cloud Security
Webinar: Dispelling the Myths about Cloud SecurityWebinar: Dispelling the Myths about Cloud Security
Webinar: Dispelling the Myths about Cloud SecurityCyren, Inc
 
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats ReportWebinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats ReportCyren, Inc
 
Webinar: CYREN WebSecurity for Healthcare
Webinar: CYREN WebSecurity for HealthcareWebinar: CYREN WebSecurity for Healthcare
Webinar: CYREN WebSecurity for HealthcareCyren, Inc
 
Webinar: CYREN WebSecurity for Enterprise
Webinar: CYREN WebSecurity for EnterpriseWebinar: CYREN WebSecurity for Enterprise
Webinar: CYREN WebSecurity for EnterpriseCyren, Inc
 
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportWebinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportCyren, Inc
 
CeBIT 2015 Presentation
CeBIT 2015 PresentationCeBIT 2015 Presentation
CeBIT 2015 PresentationCyren, Inc
 
Webinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats YearbookWebinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats YearbookCyren, Inc
 
Webinar: That's the Way the Network Perimeter Crumbles - Cybersecurity for th...
Webinar: That's the Way the Network Perimeter Crumbles - Cybersecurity for th...Webinar: That's the Way the Network Perimeter Crumbles - Cybersecurity for th...
Webinar: That's the Way the Network Perimeter Crumbles - Cybersecurity for th...Cyren, Inc
 

More from Cyren, Inc (20)

Webinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to knowWebinar: Is your web security broken? - 10 things you need to know
Webinar: Is your web security broken? - 10 things you need to know
 
Webinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat reportWebinar: Insights from Cyren's 2016 cyberthreat report
Webinar: Insights from Cyren's 2016 cyberthreat report
 
Webinar: A deep dive on ransomware
Webinar: A deep dive on ransomwareWebinar: A deep dive on ransomware
Webinar: A deep dive on ransomware
 
Webinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array worksWebinar: Stopping evasive malware - how a cloud sandbox array works
Webinar: Stopping evasive malware - how a cloud sandbox array works
 
Webinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxingWebinar: Why evasive zero day attacks are killing traditional sandboxing
Webinar: Why evasive zero day attacks are killing traditional sandboxing
 
Webinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking surveyWebinar: IT security at SMBs: 2016 benchmarking survey
Webinar: IT security at SMBs: 2016 benchmarking survey
 
Webinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threatWebinar: A deep dive on phishing, today's #1 business threat
Webinar: A deep dive on phishing, today's #1 business threat
 
Webinar: Botnets - The clone army of cybercrime
Webinar: Botnets - The clone army of cybercrimeWebinar: Botnets - The clone army of cybercrime
Webinar: Botnets - The clone army of cybercrime
 
Webinar: How hackers are making your security obsolete
Webinar: How hackers are making your security obsoleteWebinar: How hackers are making your security obsolete
Webinar: How hackers are making your security obsolete
 
Webinar: 10 steps you can take to protect your business from phishing attacks
Webinar: 10 steps you can take to protect your business from phishing attacksWebinar: 10 steps you can take to protect your business from phishing attacks
Webinar: 10 steps you can take to protect your business from phishing attacks
 
Webinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of DefenseWebinar: Cloud-Based Web Security as First/Last Line of Defense
Webinar: Cloud-Based Web Security as First/Last Line of Defense
 
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat ReportWebinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
Webinar: Insights from CYREN's 2015-Q3 Cyber Threat Report
 
Webinar: Dispelling the Myths about Cloud Security
Webinar: Dispelling the Myths about Cloud SecurityWebinar: Dispelling the Myths about Cloud Security
Webinar: Dispelling the Myths about Cloud Security
 
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats ReportWebinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
Webinar: Insights from CYREN's 2015 Q2 Cyber Threats Report
 
Webinar: CYREN WebSecurity for Healthcare
Webinar: CYREN WebSecurity for HealthcareWebinar: CYREN WebSecurity for Healthcare
Webinar: CYREN WebSecurity for Healthcare
 
Webinar: CYREN WebSecurity for Enterprise
Webinar: CYREN WebSecurity for EnterpriseWebinar: CYREN WebSecurity for Enterprise
Webinar: CYREN WebSecurity for Enterprise
 
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend ReportWebinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
Webinar: Insights from CYREN's Q1 2015 Cyber Threats Trend Report
 
CeBIT 2015 Presentation
CeBIT 2015 PresentationCeBIT 2015 Presentation
CeBIT 2015 Presentation
 
Webinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats YearbookWebinar: Insights from CYREN's 2015 Cyber Threats Yearbook
Webinar: Insights from CYREN's 2015 Cyber Threats Yearbook
 
Webinar: That's the Way the Network Perimeter Crumbles - Cybersecurity for th...
Webinar: That's the Way the Network Perimeter Crumbles - Cybersecurity for th...Webinar: That's the Way the Network Perimeter Crumbles - Cybersecurity for th...
Webinar: That's the Way the Network Perimeter Crumbles - Cybersecurity for th...
 

Recently uploaded

AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 

Recently uploaded (20)

AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 

Jan 2012 Threats Trend Report

  • 2. January 2012 Threat Report The following is a condensed version of the January 2012 Commtouch Internet Threats Trend Report You can download the complete report at http://www.commtouch.com/threat-report-january-2012 Copyright© 2011 Commtouch Software Ltd. Recurrent Pattern Detection, RPD, Zero-Hour and GlobalView are trademarks, and Commtouch, Authentium, Command Antivirus and Command Anti-malware are registered trademarks, of Commtouch. U.S. Patent No. 6,330,590 is owned by Commtouch.
  • 3. January 2012 Threat Report 1 Key Highlights Facebook Attacks 2 Feature – The year in review Malware, Spam, Web Security, 3 Trends Compromised Websites and Zombies
  • 5. Key Security Highlights Average daily spam/phishing emails sent 101 Billion Spam levels increased marginally in November and December 2011
  • 6. Key Security Highlights Spam Zombie daily turnover 209,000 Zombies A very large decrease compared to the 336,000 in Q3 (Zombie turnover is the number of zombies turned off and on daily)
  • 7. Key Security Highlights Most popular blog topic on user generated content sites Streaming media/ downloads (22%) Streaming media & downloads remains in top spot but dropped 2% from Q3 Includes sites with MP3 files or music related sites such as fan pages (these might also be categorized as entertainment)
  • 8. Key Security Highlights Most popular spam topic Pharmacy Ads (31%) Up 2% over Q3
  • 9. Key Security Highlights Country with the most Zombies India (23.5%) India increased its share in Q4 to nearly one quarter of the world’s zombies
  • 10. Key Security Highlights Website category most likely to be compromised with malware Parked Domains “Parked domains” and “Portals” remained in the top 2 positions with “pornographic sites” in 3rd position
  • 11. Feature… Facebook Attacks – The year in review
  • 12. Facebook Attacks – 2011 Facebook Attacks in 2011 • Continues to be an attractive target for attacks from malware distributors, scammers and plain old jokers • Most Facebook attacks ultimately lead victims to affiliate marketing/survey sites • Q4 2011 saw increases in free-merchandise scams
  • 13. Lifecycle of Facebook Attacks The 3 Stages of Facebook Attacks Stage 1 – The Catch The Catch Enticing offer or information inspiring action by a Facebook user Spreading Stage 2 – Spreading the Attack the Ensure the attacks continues/spreads Attack Stage 3 – The Goal The Goal What the cybercriminals wants to gain or achieve
  • 14. The Catch - 4 Tactics The 4 ways Facebook users are tricked into “liking”, following a link or adding add an app 1. Free goods – Items ranging from headphones to gift cards to unreleased Facebook phones 2. Sensational headlines on current news issues Examples: – Death of Osama Bin videos – Death of Steve Jobs “free iPad/iPhone” scams
  • 15. The Catch - 4 Tactics 3. Must see tragic/amazing events with call to action – Users follow a link, or click on Like to see a shocking video/photo, or forward a chain message The Spanish in the example above translates to “Look what happens”. 4. Must-have Facebook app download Example of popular attack: – Mythical app allowing users to see who has been viewing their profile and get a breakdown of boy and girl views of their profile
  • 16. The Catch – Summary Summary of Catch Tactics • Social engineering is the key to the tactics used to “catch” Facebook victims • The tactics are spread nearly evenly between the four tactics described above – Most used tactic – “must see this” (36%) – Most common tactic in second half of 2011 – 26 “free stuff” (26%)
  • 17. Spreading Attacks How Facebook Attacks are Propagated • Cybercriminals abuse the inherent trust of Facebook friends • 4 main methods for spreading attacks: 1. Tricking users into sharing 2. Likejacking 3. Rogue applications 4. Malware and “self-XSS”
  • 18. Spreading Attacks Tricking users into sharing • Users aware that they are liking/sharing a page, but do so under false pretenses • Example attacks: – Scams promising free gift cards in exchange for like/share – Users post a hoax they believe to be true warning other users about a (nonexistent) virus or telling them the sad tale of a (nonexistent) abused child
  • 19. Spreading Attacks Likejacking • A common tactic is to entice users to see a video • The video player may be functional but the page includes scripts that use any mouse click to generate a “like” • Users unaware that they have liked a page, but the “like” is used to lead more friends to the video
  • 20. Spreading Attacks Rogue applications • Apps users believe provide worthwhile functionality – Example: An app promising to reveal who has been viewing your profile • Users grant these apps permission to access parts of their user profile as well as post on their wall – Wall posts are then used by the rogue app to spread out further within Facebook
  • 21. Spreading Attacks Malware and “self-XSS” • Malware unwittingly installed a user's PC hijacks their Facebook session for posts and other activity • How it works – Traditional cross site scripting (XSS) attacks rely on a hidden script within a webpage to hijacks a Facebook session – Self-XSS means that malicious script was activated by a user (the “self”) giving another site access to the Facebook session
  • 22. Spreading Attacks – Users are tricked into activating a script by copying it directly into their browser – In most cases scripts will direct to an external site (the “cross-site” of “cross-site scripting”) and then post a wall post or an event invite, which others view and in turn help to further propagate the attack
  • 23. Goal of Attacks Goal of the Facebook Attack The goal of Cybercriminals with Facebook attacks can be divided into the following categories: • Marketing affiliate/survey sites • Chain posts and hoaxes • Other
  • 24. Goal of Attacks Marketing affiliate/survey sites • Benefit to Cybercriminals: – Affiliate payments for driving users to specific sites – Collection of personal data to be used in identity theft • Users are led to believe that completion of a form will result in a free gift (iPhone, gift card, cap, etc.) • They may also be tricked into signing up for unwanted products
  • 25. Goal of Attacks Chain Posts and Hoaxes • The Benefit to Cybercriminals: – Pranksters having a laugh at the expense of unaware Internet users • Users like or share stories of abused children or devastating computer viruses • Many of the fake stories were email chain emails many years ago and have been reused
  • 26. Goal of Attacks Other types of attack • Defacement – Benefit to Cybercriminal: Embarrass Facebook • Spreading malware – Benefit to Cybercriminal: Spread malware that steal passwords or sends spam • Collecting Likes – Benefit to Cybercriminal: Generate an enormous number of likes of a page (several hundred thousand in some cases) but with no clear further malicious purpose
  • 27. Facebook Attacks Summary Summary of 2011 Facebook Attacks Some progress made during 2011 to stop attacks • Various attacks more quickly detected and removed by Facebook • Almost no recent reports of rogue applications compared to the numerous examples from the first half of the year • Some attack methods, such as the self-XSS, almost completely eliminated (due to security updates by major browser vendors) • “Free merchandise” scams are still common
  • 28. Q4 Malware Trends For a complete analysis of Facebook attacks in 2011, download the complete January 2012 Internet Threats Trend Report http://www.commtouch.com/threat-report-january-2012
  • 29. Trends in Q4 2011… Malware Trends
  • 30. Q4 Malware Trends • The large amounts of email-malware in 2011 were a surprise to many analysts • Analysts had predicted the continued demise of the spam threat vector following a quiet 2010 • The mass Malware-attachment outbreaks of late Q3 subsided in Q4, as can be seen in the chart below • Multiple “blended threat” email outbreaks were tracked by Commtouch in Q4 • Involved emails and malware hosted on compromised websites
  • 31. Q4 Malware Trends Malware email levels – Jan to Dec 2011 Source: Commtouch
  • 32. Q4 Malware Trends Top 10 Malware of Q4 2011 Rank Malware name Rank Malware name 1 W32/Swizzor-based!Maximus 6 W32/MyWeb.D 2 W32/Brontok.A.gen!Eldorado 7 W32/Tibs.K.gen!Eldorado 3 JS/IFrame.HC.gen 8 W32/Mabezat.A-2 4 W32/Virut.9264 9 W32/Virtumonde.T.gen!Eldorado 5 W32/Heuristic-210!Eldorado 10 W32/Mywebsearch.B.gen!Eldorado Source: Commtouch
  • 33. Q4 Malware Trends For a complete analysis of Malware in Q4 and the specific attacks employed, download the complete January 2012 Internet Threats Trend Report http://www.commtouch.com/threat-report-january-2012
  • 34. Trends in Q4 2011… Spam Trends
  • 35. Q4 Spam Trends • Spam levels increased marginally in Nov & Dec but remained at their lowest in years following the Rustock botnet takedown in March • Q3 average spam levels approached 101 billion email messages Spam levels – Jan to Dec 2011 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Source: Commtouch
  • 36. Q4 Spam Trends • Spam averaged 77% of all emails in Q4 (excluding emails with malware attachments) Spam % of all emails - Jan to Dec 2011 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Source: Commtouch
  • 37. Q4 Spam Trends November Spam Tactics – Sending spam containing URLs not yet registered • Several hundred million emails sent out with many thousands of unregistered URLs How it Works • Spam filters with URL reputation systems check if URLs are registered and when they were registered – Bad sites usually have registrations that are only several hours old • If a site is not registered when checked, many URL reputation systems will not blacklist the site and not pursue further checks • This loophole allows spammers to send out emails linking to unregistered URLs and then register them an hour or so after the outbreak in order to prevent the URLs from being blocked
  • 38. Q4 Spam Trends Top Faked (Spoofed) Spam Sending Domains* • Gmail.com once again the most spoofed domain • Facebook related addresses (unsubscribe.facebook.com) and facebookmail.com both feature in the top 15 (often part of phishing or malware attacks) * The domains that are used by spammers Source: Commtouch in the “from” field of the spam emails.
  • 39. Q4 Spam Trends Spam Topics • “Pharmacy spam” increases for second straight quarter (about 2% over Q3) reaching 31% of all spam • Dating related spam increased from 2.3% to nearly 12% in the last quarter of the year Source: Commtouch
  • 40. Q4 Spam Trends Find out more about Spam Trends in Q4 by downloading the complete January Internet Threats Trend Report http://www.commtouch.com/threat-report-january-2012
  • 41. Trends in Q4 2011… Web Security
  • 42. Q4 Compromised Websites Trend: Compromised Websites Store Malware • Most of the emails carrying malware links in Q4 used compromised websites • Example: The “speeding fine” link directs to JavaScript malware on a legitimate site called “jemgaming.net”. Source: Commtouch
  • 43. Q4 Compromised Websites Trend: Compromised sites used as redirect points to pharmacy and enhancer websites • Majority of the exploited sites were using the WordPress content management system • Spammers exploited a vulnerability in WordPress or in a plugin in order to hide the redirect pages • Before being redirected users are shown an initial page hidden within one of the WordPress subdirectories (see image below)
  • 44. Q4 Compromised Websites Compromised site shows message before redirecting Destination enhancer site Homepage of the compromised WordPress site with no change in functionality
  • 45. Q4 Compromised Websites Website categories infected with malware • Parked domains and Portals remained in the top 2 positions with pornographic sites in 3rd position (As noted in previous reports, the hosting of malware may well be the intention of the owners of the parked domains and pornography sites) Rank Category Rank Category 1 Parked Domains 6 Entertainment 2 Portals 7 Shopping 3 Pornography/Sexually Explicit 8 Health & Medicine 4 Education 9 Travel 5 Business 10 Computers & Technology Source: Commtouch Portals category includes sites offering free homepages, which are often abused to host phishing and malware content or redirects to other sites with this content
  • 46. Q4 Compromised Websites Website categories infected with phishing • This is an analysis of which categories of legitimate Web sites were most likely to be hiding phishing pages (usually without the knowledge of the site owner) • Sites related to games ranked highest in Q4, similar to Q3 Rank Category Rank Category 1 Games 6 Sports 2 Portals 7 Business 3 Shopping 8 Leisure & Recreation 4 Education 9 Entertainment 5 Fashion & Beauty 10 Real Estate Source: Commtouch Portals category includes sites offering free homepages, which are abused to host phishing and malware content.
  • 47. Q4 Compromised Websites Download the complete January 2012 Internet Threats Trend Report for more details http://www.commtouch.com/threat-report-january-2012
  • 48. Trends in Q4 2011… Zombie Trends
  • 49. Q4 Zombie Trends Daily Turnover of Zombies in Q4 • Q4 saw an average turnover of 209,000 zombies each day that were newly activated for sending spam • A very large decrease compared to the 336,000 of Q3 2011 • Average turnover for all of 2011 – 297,500 zombies per day Daily newly activated spam zombies: Jan to Dec 2011 Source: Commtouch
  • 50. Q4 Zombie Trends Worldwide Zombie Distribution in Q4 Source: Commtouch • India again claimed the top zombie producer title, increasing its share to nearly a quarter of the world’s zombies • Brazil, once a fixture in first position, continued to drop – this quarter to 6th position (a further drop of around 3%) • Peru and Kazakhstan joined the top 15, displacing Saudi Arabia and Columbia
  • 51. Q4 Zombie Trends Download the complete January 2012 Internet Threats Trend Report for more details http://www.commtouch.com/threat-report-january-2012
  • 52. Trends in Q4 2011… Web 2.0 Trends
  • 53. Q4 Web 2.0 Trends Web 2.0 Trends • “Streaming media and downloads” was again the most popular blog or page topic, but dropped 2% in Q4 Rank Category Percentage Rank Category Percentage 1 Streaming Media & Downloads 22% 8 Arts 5% 2 Computers & Technology 8% 9 Sports 4% 3 Entertainment 7% 10 Education 4% 4 Pornography/Sexually Explicit 6% 11 Leisure & Recreation 3% 5 Fashion & Beauty 5% 12 Health & Medicine 3% 6 Restaurants & Dining 5% 13 Games 3% 7 Religion 5% 14 Sex Education 2% Source: Commtouch The streaming media & downloads category includes sites with MP3 files or music related sites such as fan.
  • 54. Review of Q4 2011
  • 55. Review of Q4 2011 October November December Lowest Most spam per Speeding Spam ratio Phony airline spam per Better ticket email- reaches low Facebook itineraries lead Facebook day: 138 business day: 60 malware of 73% defacement to malware free gift billion bureau billion attack card scams malware Pizza Free iPhone Compromised ACH malware Unregistered “look what scams WordPress transaction James domains used happens” following sites host cancelled Cameron in spam Facebook death of malware malware new movie emails bikini girl Steve Jobs emails malware likejacking Source: Commtouch
  • 56. Download the complete January 2012 Internet Threats Trend Report at http://www.commtouch.com/threat-report-january-2012
  • 57. For more information contact: info@commtouch.com 650 864 2000 (Americas) +972 9 863 6895 (International) Web: www.commtouch.com Blog: http://blog.commtouch.com