SlideShare a Scribd company logo

W verb68

James1280
James1280
1 of 13
Download to read offline
THE POWER TO DESTROY: HOW MALWARE WORKS
p. 2 The Power to Destroy: How Malware Works At a glance 3 Web attacks on the rise 4 Prevention is better than a cure 5 Staying hidden pays off 6 Website visitors are ripe for the picking 7 What malware can do 8 What’s bad for clients is worse for you 9 Take responsibility 10 References 11 CONTENTS
p. 3 The Power to Destroy: How Malware Works Nearly a quarter of IT managers simply don’t know how secure their website is.1 However, with the number of web-attacks blocked per day rising from 190,370 to 247,350 between 2011 and 2012, it’s vital for businesses to understand the part their website plays in the distribution of malware to clients, customers and the wider online community.2 Malware takes many different forms. It can log keystrokes, lead to data breaches, lock down hardware and use infected systems to spread malware to other victims. As a website owner it’s your responsibility to not only protect your business and customers, but the safety of the Internet too. Consider the impact to your business and brand if you were the source of infection. At a glance 190,370 247,350 2011 2012 WEB-ATTACKS BLOCKED PER DAY BETWEEN 2011 AND 2012
p. 4 The Power to Destroy: How Malware Works ‘Driven by attack toolkits, in 2012 the number of web-based attacks increased by one third and many of these attacks originated from the compromised website of small businesses.’ This was the finding of Symantec’s latest Website Security Threat Security Report (WSTR), which makes for sobering reading. WEB ATTACKS ON THE RISE 93%87% SMALL BUSINESS LARGE ORGANISATION % OF UK BUSINESSES TO SUFFER A DATA BREACH LAST YEAR Malware works to compromise the data and functionality of your website server, and to exploit and extract information and money from your clients and customers, all of which damages your reputation and costs your business money. In the worst cases it can even put your very livelihood on the line. The cost is critical In 2012 cybercrime cost businesses six percent more than in 2011. The cost of security breaches alone has roughly tripled in the last year and reaches into the billions.3 The average recovery time from a cyber attack in 2012 was 24 days, which equates to a cost of $591,780.4 And these are just the direct costs of labour, hardware and software repair and compensation. Take into account lost business and damaged reputation and the figure climbs even higher. Malware’s damaging ripple effect is huge and criminals see websites as a way to infect your servers, steal your information, infect visitors with their malware and often times create havoc. A common and costly crime Understanding how malware works, and why criminals use it, can help considerably in the prevention and detection of threats. The most obvious point of danger when it comes to malware is your website server and the data it holds. In other words: data breaches. Taking the UK as an example last year, 93 percent of large organisations and 87 percent of small businesses suffered a data breach.5 If a criminal can find a way to get malicious code onto your server that can access files or log information exchanges, they can get at customer data, credit card information, passwords and more. So far in 2013, 8.9 million identities have been exposed, and 62 percent of those breaches included people’s real names.6 Exposing client or customer data means you are at risk from compensation costs, lost business and a severely damaged reputation.
p. 5 The Power to Destroy: How Malware Works When it comes to data breaches there is a combination of things you can do to minimise your risk. Firstly, keeping your staff fully up to date on the risks of falling victim to social engineering and phishing attacks is key. It’s been found that companies with a poorly understood security policy are twice as likely to have a staff-related breach as those with a very well understood policy.7 It’s also important to regularly scan your website for vulnerabilities and malware. Automatic scanning comes as standard with many of Symantec’s SSL Certificates, and not only helps you spot weaknesses before they are exploited but also gives you an actionable threat report so you know how to shore up your defences. Scanning combats stealth Although prevention is best when it comes to malware, regular scanning is vitally important in order to spot stealthy malware that has been designed to stay hidden. While some malware causes lots of disruption, and takes down servers, often criminals want to keep their malware running on your website server undetected so they can continue to harvest information and maximise their opportunity. In July 2012, for example, a Trojan was discovered that was being used to steal information from the Japanese government. It turned out to have been in operation for two years totally undetected.8 This is also why SSL Certificates are so important. A lot of information is sent back and forth between visitors to your website and your server, sometimes highly confidential information like credit card details, addresses and other personal identification points. By configuring SSL to be ‘always on’ you can ensure that all communication is encrypted from the moment a visitor arrives on your site, reducing the risk of malware being able to eavesdrop and undermine your customer’s confidentiality. Using SSL like this can help to build trust and keep confidential data safe. This is why sites such as Twitter, Facebook, Google and LinkedIn do it. Prevention is better than a cure
p. 6 The Power to Destroy: How Malware Works Stealth also works in the criminals’ favour when the malware they have installed doesn’t attack your server, but instead sits on your website and attacks your customers and clients. In this case, you might not be the target, but your business is still the victim. STAYINg HIDDEN PAYS OFF OTHER 41% 37% 22% The Blackhole Toolkit, was responsible for 41 percent of web attacks in 2012 The Sakura toolkit, which wasn’t even in the top ten in 2011, last year accounted for 22 percent of attacks WEB ATTACKS IN 2012 Web attacks are on the rise, and the latest ISTR highlights that 61 percent of malicious web sites are actually legitimate sites that have been hacked or compromised and had malicious code inserted without the owner’s knowledge. You can find out more about the different weaknesses inherent in your website that criminals can use to deploy malware, such as unpatched servers and cross- site scripting, in our whitepaper, ‘Reducing the Cost and Complexity of Web Vulnerability Management’ http://www.symantec.com/content/en/uk/enterprise/ white_papers/b-reducing-cost-complexity-of-web- vulnerability-mgmt_WP.pdf Toolkits: the master key for website vulnerabilities The most common way for criminals to exploit your website vulnerabilities is with toolkits. These are software bundles that criminals can buy off-the-shelf, like you would legitimate programs, which already have the right code to exploit certain vulnerabilities and deploy the type of malware the buyer wants to use. Cybercriminals create and trade malware much like legitimate companies buy and sell software. There are even popular hit products and up-and-coming new arrivals. In fact, a single toolkit, called Blackhole, was responsible for 41 percent of web attacks in 2012. The Sakura toolkit, which wasn’t even in the top ten in 2011, last year accounted for 22 percent of attacks. This is clearly a slick, organised and profitable venture. The risk that your site will be infected by malware is significantly increased thanks to the existence of these toolkits. They allow cybercriminals, who are not necessarily skilled enough to develop complex code themselves, to still attack your site and its visitors.
p. 7 The Power to Destroy: How Malware Works One of the likely reasons toolkits are so popular is because of how often they are effective. Once on your site, malware searches for vulnerabilities in your visitor’s browser and if it finds one it will download a ‘dropper’, or malicious code that then searches their entire computer for vulnerabilities and takes advantage of what it finds. Website visitors are ripe for the picking Attacker profiles victims and the kind of websites they go to. 1. Profile Attacker then tests these websites for vulnerabilities. 2. Test2. Test When attackers finds a website that can be compromised, they inject JavaScript or HTML, redirecting the victim to a separate site that hosts the exploit code for the chosen vulnerability. 3. Compromise The compromised website is now “waiting” to infect the profiled victim with a zero- day exploit, just like a lion waiting at a watering hole. 4. Wait Reported vulnerabilities in browsers and plug-ins last year fluctuated between 300 and 500 per month. ‘Criminals ability to quickly find and exploit new vulnerabilities is not matched by software vendors’ ability to fix and release patches,’ states the WSTR. Major software vendors regularly release urgent patches for recently-discovered vulnerabilities. Add to this many people’s lack of vigilance when it comes to keeping their software up to date, and many companies’ inability to upgrade without disruption to business critical applications, and you can see why criminals will take advantage of any path that leads to such ripe pickings. Watering hole attacks As well as inserting malicious code into your website that will download malware to visitors’ vulnerable devices, criminals also inject malware onto your site in order to redirect visitors to another site. That site will contain malware, which will infect the victim with a zero- day exploit. As explained in our ‘Website Vulnerabilities Guide’, this is an exploit that takes advantage of a vulnerability that no one yet knows about, which is why the criminals keep the code on their own malicious site, to keep it secret. This technique is known as a watering hole attack, and is becoming increasingly popular with cybercriminals.
p. 8 The Power to Destroy: How Malware Works What malware can do What it does How it earns criminals money Ransomware locks a users’ computer and displays a single warning screen. Support cannot even remote into the device to try and remove the malware. Often the screen will impersonate a local law enforcement agency and the software can sometimes even use the victim’s own camera to include a photo of them in the warning. As the name indicates, criminals demand a ransom to unlock the device. Usually they pretend it’s a fine for illegal or illicit behaviour on the victim’s part, imposed by the local law enforcement agency. Even when you pay, often they don’t unlock your device. Last year it is thought three percent of victims paid up. Botnets are networks of dispersed computers and servers that criminals use to distribute spam emails or generate bogus clicks on pay-per-click advertising. The right malware will silently incorporate a victim’s device into one of these botnets. Although the returns on this sort of malware are not immediately high, it is hard to detect and difficult to remove meaning it offers a long-term steady stream of income for criminals. Keystroke logging does exactly what it says on the tin. This malware is able to record every key that is pressed meaning it can look for 16-digit combinations that are likely to be credit card details, 6-digit date-of-birth sequences or unusual strings of characters that are likely to be passwords. This type of malware is used to gather information for identity theft, credit card fraud and account hacking. Information is a highly valuable commodity on the black market, and malware that can gather this type of intelligence can reap big rewards, especially if it’s one of your big clients that happen to fall victim and criminals bypass their more sophisticated and strongly protected systems. Further malware distribution. If the victim of this malware is connected to a network, everyone in that network, and all the servers connected to it, are at risk as the malware distributes to every device placing data, devices and operations at risk. The rewards all depend on how far the malware is distributed and what additional malware is triggered on different machines as per their vulnerabilities. This type of malware can paralyse an organisation, cause major data breaches and cost hundreds of thousands to rectify. There are a many different sorts of malware that look to turn a profit for criminals, or sometimes simply cause disruption and disturbance. The type of malware that criminals are most likely to try and distribute using your website, however, are those that make them money. If your site has been infected, the following types of malware can be downloaded to a client or customer’s device simply by them arriving on your site. All they will see is your brand, followed by either a warning from their anti-virus software, or worse, the effects of an infection. The Symantec ISTR also reported on the Shamoon attacks. In 2012, this malware, which targeted energy companies, was able to wipe entire hard drives. This type of action is extremely sophisticated, and so far it has been limited to high-value targets, but it indicates a trend: ‘if it is possible, someone will try it; if it is profitable, many people will do it’.
p. 9 The Power to Destroy: How Malware Works WHAT’S BAD FOR ClIENTS IS WORSE FOR YOU If your website is responsible for the infection of a client’s computer, or worse their entire network, it’s going to cost you more than just their lost business. In particular if you are a small business you need to prove to big clients that they are safe in their online interactions with your website. Targeted attacks have increased considerably against small businesses in the last year and at least part of that is thought to be down to criminals thinking they can take advantage of small companies’ often weak defences to leapfrog the stronger defences of the bigger businesses they interact with. As a result, big clients are demanding more stringent security from their third party providers and partners. The Norton Secured Seal is one way of proving up front that you take yours and their safety seriously. It is displayed over 750 million times each day, and is the most recognised trust mark on the Internet.9 The cost of customer trust Putting individual customers at risk could cost you dearly as well. The estimated loss of business cost for the average security breach is £300-600 for small businesses and £10,000-15,000 for large organisations.10 In addition, if a search engine crawls your site and finds malicious code, you will be immediately blacklisted, wiping out all your search engine rankings and credibility. Warnings from a search engine or a customer’s own anti- virus software about the safety of your site can destroy your reputation in seconds. Not only is that thought to cost £1,500-8000 for small businesses and £25,000- 115,000 to large organisations, but once trust is lost it is also incredibly hard to regain.11 When a customer searches for your business you want to start building trust from the very first click, not losing it. The Norton Secured Seal, which is included with all Symantec SSL Certificates, is displayed in search engine results next to your site and proves that you monitor and protect your website, you are who you say you are and you take online security seriously. Symantec Seal-in-Search is certainly a way that you can build trust from the very first moment someone searches online. £300 - £600FOR SMALL BUSINESS £10,000 - £15,000 FOR LARGE ORGANISATION ESTIMATED lOSS OF BUSINESS COST FOR AvERAgE SECURITY BREACH $500-1000 $1,800-10,000 for small businesses and $40,000- 190,000 $15,000-25,000
p. 10 The Power to Destroy: How Malware Works Despite the scale of the threat from cybercriminals, over half of business owners have never carried out a website vulnerability assessment.12 You need to know your weak points before you can even begin to implement technology and processes to protect against them. A Symantec vulnerability assessment provides you with an actionable threat report to help you prevent the malicious spread of malware through your website. Ultimately when you fail to properly secure your website you are putting your business, your customers and clients at risk. With the increase in drive-by web attacks, any number of people could fall victim to the malware lurking on your site. It’s in the interests of everyone in the wider online community for you to stay secure. Partner with professionals As you’ve read, cybercriminals see malware as part of a serious, multi-million dollar industry. They invest time and money in exploiting vulnerabilities and maximising the impact of their malicious software. You, on the other hand, need to focus on the growth and success of your own business, therefore you need a security partner that is as committed to keeping websites secure as the criminals are to exploiting them. Symantec has a full range of Website Security Solutions to help you search for vulnerabilities, encrypt data, spot malware and inspire confidence on your website. We are the leading source of trust online and we protect all the companies in the Fortune 500. We can help to protect you too. Take responsibility
p. 11 The Power to Destroy: How Malware Works 1. Symantec’s Vulnerability Assessment – Feeling Vulnerable? You Should Be, https://www.symantec-wss.com/campaigns/14601/uk/assets/VA-WhitePaper-UK.pdf 2. Symantec’s Website Security Threat Report 2013, https://www.symantec.com/content/en/us/enterprise/images/mktg/SOP/EMEA/14385_ symantec_wstr_whitepaper_uk.pdf All subsequent Internet security statistics are sourced from the ISTR unless otherwise footnoted. 3. Department for Business Skills and Innovation, 2013 Information Security Breaches Survey, https://www.gov.uk/government/uploads/system/ uploads/attachment_data/file/200455/bis-13-p184-2013-information-security-breaches-survey-technical-report.pdf 4. http://www.symantec.com/connect/blogs/cost-cybercrime-2012 5. 2013 Information Security Breaches Survey. 6. Symantec Intelligence Report: July 2013, http://www.symantec.com/security_response/publications/monthlythreatreport.jsp 7. 2013 Information Security Breaches Survey. 8. http://www.theregister.co.uk/2012/07/25/japan_finance_ministry_trojan_attack/ 9. International Online Consumer Research: US, Germany, UK, July 2012 10. 2013 Information Security Breaches Survey. 11. 2013 Information Security Breaches Survey. 12. Symantec’s Vulnerability Assessment – Feeling Vulnerable? You Should Be, https://www.symantec-wss.com/campaigns/14601/uk/assets/VA-WhitePaper-UK.pdf References
Symantec Website Security Solutions Website Security Threat Report 2013 ABOUT SYMANTEC Symantec Website Security Solutions include industry leading SSL, certificate management, vulnerability assessment and malware scanning. The Norton™ Secured Seal and Symantec Seal-in-Search assure your customers that they are safe from search, to browse, to buy. More information is available from ��l�k�h�b�j�v�f� The Power to Destroy: How Malware Works www.symnatec.com/en/aa/ssl-certificates Email us on: ssl_sales_au@symantec.com ssl_sales_asia@symantec.com
W verb68

Recommended

Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...MZERMA Amine
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportSymantec
 
Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015RapidSSLOnline.com
 
The Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersThe Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersUnited Security Providers AG
 
CSRF_RSA_2008_Jeremiah_Grossman
CSRF_RSA_2008_Jeremiah_GrossmanCSRF_RSA_2008_Jeremiah_Grossman
CSRF_RSA_2008_Jeremiah_Grossmanguestdb261a
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportChris Taylor
 
Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Qrator Labs
 

Recommended

Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...Symantec & WSJ PRESENTS "MALWARE on Main Street" ...
Symantec & WSJ PRESENTS "MALWARE on Main Street" ...MZERMA Amine
 
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportTECHNICAL WHITE PAPER▶ Symantec Website Security Threat Report
TECHNICAL WHITE PAPER▶ Symantec Website Security Threat ReportSymantec
 
Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015Symantec Website Threat Report Part-1 2015
Symantec Website Threat Report Part-1 2015RapidSSLOnline.com
 
The Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersThe Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersUnited Security Providers AG
 
CSRF_RSA_2008_Jeremiah_Grossman
CSRF_RSA_2008_Jeremiah_GrossmanCSRF_RSA_2008_Jeremiah_Grossman
CSRF_RSA_2008_Jeremiah_Grossmanguestdb261a
 
Grift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideGrift horse money stealing trojan takes 10m android users for a ride
Grift horse money stealing trojan takes 10m android users for a rideRoen Branham
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportChris Taylor
 
Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Qrator Labs
 
B istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-usB istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-usКомсс Файквэе
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersJaime Manteiga
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
NYCDS-DQ-Winter-2016-Cyber-Security
NYCDS-DQ-Winter-2016-Cyber-SecurityNYCDS-DQ-Winter-2016-Cyber-Security
NYCDS-DQ-Winter-2016-Cyber-SecurityOndrej Krehel
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSPaul Walsh
 
Topsec email security 2016
Topsec email security 2016Topsec email security 2016
Topsec email security 2016Nathan CAVRIL
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteRapidSSLOnline.com
 
Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016Dan L. Dodson
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET Journal
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?Samvel Gevorgyan
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_readingseadeloitte
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeEMC
 
How To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingHow To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingLondon School of Cyber Security
 
Proofpoint Q3 - 2017 Email Fraud Threat Report
Proofpoint Q3 - 2017 Email Fraud Threat ReportProofpoint Q3 - 2017 Email Fraud Threat Report
Proofpoint Q3 - 2017 Email Fraud Threat ReportProofpoint
 
Security risks awareness
Security risks awarenessSecurity risks awareness
Security risks awarenessJanagi Kannan
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat ReportKim Jensen
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
Ransomware Gang Masquerades as Real Company to Recruit Tech Talent
Ransomware Gang Masquerades as Real Company to Recruit Tech TalentRansomware Gang Masquerades as Real Company to Recruit Tech Talent
Ransomware Gang Masquerades as Real Company to Recruit Tech TalentLUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaEMC
 
Ob m
Ob mOb m
Ob mObitseng Moncho
 
EMPATHIZE AND DEFINE MAP ASSIGNMENT
EMPATHIZE AND DEFINE MAP ASSIGNMENTEMPATHIZE AND DEFINE MAP ASSIGNMENT
EMPATHIZE AND DEFINE MAP ASSIGNMENTROCÍO ROA CALVO
 

More Related Content

What's hot

What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersJaime Manteiga
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10seadeloitte
 
NYCDS-DQ-Winter-2016-Cyber-Security
NYCDS-DQ-Winter-2016-Cyber-SecurityNYCDS-DQ-Winter-2016-Cyber-Security
NYCDS-DQ-Winter-2016-Cyber-SecurityOndrej Krehel
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSPaul Walsh
 
Topsec email security 2016
Topsec email security 2016Topsec email security 2016
Topsec email security 2016Nathan CAVRIL
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteRapidSSLOnline.com
 
Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016Dan L. Dodson
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET Journal
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?Samvel Gevorgyan
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_readingseadeloitte
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeEMC
 
Proofpoint Q3 - 2017 Email Fraud Threat Report
Proofpoint Q3 - 2017 Email Fraud Threat ReportProofpoint Q3 - 2017 Email Fraud Threat Report
Proofpoint Q3 - 2017 Email Fraud Threat ReportProofpoint
 
Security risks awareness
Security risks awarenessSecurity risks awareness
Security risks awarenessJanagi Kannan
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat ReportKim Jensen
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enoughEMC
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaEMC
 

What's hot (20)

B istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-usB istr main-report_v18_2012_21291018.en-us
B istr main-report_v18_2012_21291018.en-us
 
What Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For HackersWhat Makes Web Applications Desirable For Hackers
What Makes Web Applications Desirable For Hackers
 
December 2019 Part 10
December 2019 Part 10December 2019 Part 10
December 2019 Part 10
 
NYCDS-DQ-Winter-2016-Cyber-Security
NYCDS-DQ-Winter-2016-Cyber-SecurityNYCDS-DQ-Winter-2016-Cyber-Security
NYCDS-DQ-Winter-2016-Cyber-Security
 
Enabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMSEnabling a Zero Trust strategy for SMS
Enabling a Zero Trust strategy for SMS
 
Topsec email security 2016
Topsec email security 2016Topsec email security 2016
Topsec email security 2016
 
Cybercrime - An essential guide from Thawte
Cybercrime - An essential guide from ThawteCybercrime - An essential guide from Thawte
Cybercrime - An essential guide from Thawte
 
Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET- Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing Techniques
 
What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?What is the Cybersecurity plan for tomorrow?
What is the Cybersecurity plan for tomorrow?
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_reading
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
 
Taking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication ChallengeTaking Control of the Digital and Mobile User Authentication Challenge
Taking Control of the Digital and Mobile User Authentication Challenge
 
How To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and TrainingHow To Catch a Phish: User Awareness and Training
How To Catch a Phish: User Awareness and Training
 
Proofpoint Q3 - 2017 Email Fraud Threat Report
Proofpoint Q3 - 2017 Email Fraud Threat ReportProofpoint Q3 - 2017 Email Fraud Threat Report
Proofpoint Q3 - 2017 Email Fraud Threat Report
 
Security risks awareness
Security risks awarenessSecurity risks awareness
Security risks awareness
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat Report
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
Ransomware Gang Masquerades as Real Company to Recruit Tech Talent
Ransomware Gang Masquerades as Real Company to Recruit Tech TalentRansomware Gang Masquerades as Real Company to Recruit Tech Talent
Ransomware Gang Masquerades as Real Company to Recruit Tech Talent
 
Analyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - ChinaAnalyst Report: The Digital Universe in 2020 - China
Analyst Report: The Digital Universe in 2020 - China
 

Viewers also liked

EMPATHIZE AND DEFINE MAP ASSIGNMENT
EMPATHIZE AND DEFINE MAP ASSIGNMENTEMPATHIZE AND DEFINE MAP ASSIGNMENT
EMPATHIZE AND DEFINE MAP ASSIGNMENTROCÍO ROA CALVO
 
Metshal fe 2albak (2)
Metshal fe 2albak (2)Metshal fe 2albak (2)
Metshal fe 2albak (2)At Minacenter
 
Railway infrastructure construction and upgrading in india and the middle eas...
Railway infrastructure construction and upgrading in india and the middle eas...Railway infrastructure construction and upgrading in india and the middle eas...
Railway infrastructure construction and upgrading in india and the middle eas...Business Finland
 
New microsoft office word document
New microsoft office word documentNew microsoft office word document
New microsoft office word documentaaafh
 
wireless sensor networks phd thesis
wireless sensor networks phd thesiswireless sensor networks phd thesis
wireless sensor networks phd thesisE2MATRIX
 
Road side residential signages branding
Road side residential signages brandingRoad side residential signages branding
Road side residential signages brandingAnurag Tiwari
 
Nhs scotland promoting physical activity presentation
Nhs scotland promoting physical activity presentationNhs scotland promoting physical activity presentation
Nhs scotland promoting physical activity presentationJo Ogilvie
 
EDU Libs | An educational Library for everyday use
EDU Libs | An educational Library for everyday useEDU Libs | An educational Library for everyday use
EDU Libs | An educational Library for everyday useAlejandro M. McGuire
 
How To Create An Integrated Annual Campaign (With A 'No-To-Low' Budget)
How To Create An Integrated Annual Campaign (With A 'No-To-Low' Budget)How To Create An Integrated Annual Campaign (With A 'No-To-Low' Budget)
How To Create An Integrated Annual Campaign (With A 'No-To-Low' Budget)DonorPath
 
Sagar Gawande New Resume
Sagar Gawande New ResumeSagar Gawande New Resume
Sagar Gawande New Resumesagar gawande
 
HealthWorks Theatre
HealthWorks TheatreHealthWorks Theatre
HealthWorks TheatreTom Tresser
 

Viewers also liked (14)

Ob m
Ob mOb m
Ob m
 
EMPATHIZE AND DEFINE MAP ASSIGNMENT
EMPATHIZE AND DEFINE MAP ASSIGNMENTEMPATHIZE AND DEFINE MAP ASSIGNMENT
EMPATHIZE AND DEFINE MAP ASSIGNMENT
 
Metshal fe 2albak (2)
Metshal fe 2albak (2)Metshal fe 2albak (2)
Metshal fe 2albak (2)
 
Railway infrastructure construction and upgrading in india and the middle eas...
Railway infrastructure construction and upgrading in india and the middle eas...Railway infrastructure construction and upgrading in india and the middle eas...
Railway infrastructure construction and upgrading in india and the middle eas...
 
New microsoft office word document
New microsoft office word documentNew microsoft office word document
New microsoft office word document
 
wireless sensor networks phd thesis
wireless sensor networks phd thesiswireless sensor networks phd thesis
wireless sensor networks phd thesis
 
Road side residential signages branding
Road side residential signages brandingRoad side residential signages branding
Road side residential signages branding
 
OPT Runner
OPT Runner OPT Runner
OPT Runner
 
Nhs scotland promoting physical activity presentation
Nhs scotland promoting physical activity presentationNhs scotland promoting physical activity presentation
Nhs scotland promoting physical activity presentation
 
Logse paper
Logse paperLogse paper
Logse paper
 
EDU Libs | An educational Library for everyday use
EDU Libs | An educational Library for everyday useEDU Libs | An educational Library for everyday use
EDU Libs | An educational Library for everyday use
 
How To Create An Integrated Annual Campaign (With A 'No-To-Low' Budget)
How To Create An Integrated Annual Campaign (With A 'No-To-Low' Budget)How To Create An Integrated Annual Campaign (With A 'No-To-Low' Budget)
How To Create An Integrated Annual Campaign (With A 'No-To-Low' Budget)
 
Sagar Gawande New Resume
Sagar Gawande New ResumeSagar Gawande New Resume
Sagar Gawande New Resume
 
HealthWorks Theatre
HealthWorks TheatreHealthWorks Theatre
HealthWorks Theatre
 

Similar to W verb68

The Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBsThe Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBsProtected Harbor
 
2016 CYBERSECURITY PLAYBOOK
2016 CYBERSECURITY PLAYBOOK2016 CYBERSECURITY PLAYBOOK
2016 CYBERSECURITY PLAYBOOKBoris Loukanov
 
Computer Security for Lawyers
Computer Security for LawyersComputer Security for Lawyers
Computer Security for LawyersMark Lanterman
 
Internet security threat report 2013
Internet security threat report 2013Internet security threat report 2013
Internet security threat report 2013Karim Shaikh
 
cybercrime survival guide
cybercrime survival guidecybercrime survival guide
cybercrime survival guideGary Gray, MCSE
 
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdfThe 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdfGroovy Web
 
need help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfneed help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfanjandavid
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrimethinkwithniche
 
11 Reasons Why Your Company Could Be In Danger
11 Reasons Why Your Company Could Be In Danger11 Reasons Why Your Company Could Be In Danger
11 Reasons Why Your Company Could Be In DangerCopper Mobile, Inc.
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comBusiness.com
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threatsReadWrite
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firmsJake Weaver
 
Network Insights of Dyre and Dridex Trojan Bankers
Network Insights of Dyre and Dridex Trojan BankersNetwork Insights of Dyre and Dridex Trojan Bankers
Network Insights of Dyre and Dridex Trojan BankersBlueliv
 
Countering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorCountering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorEMC
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionEMC
 
True Cost of Ransomware to Your Business
True Cost of Ransomware to Your BusinessTrue Cost of Ransomware to Your Business
True Cost of Ransomware to Your BusinessIndusfacePvtLtd
 

Similar to W verb68 (20)

The Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBsThe Complete Guide to Ransomware Protection for SMBs
The Complete Guide to Ransomware Protection for SMBs
 
2016 CYBERSECURITY PLAYBOOK
2016 CYBERSECURITY PLAYBOOK2016 CYBERSECURITY PLAYBOOK
2016 CYBERSECURITY PLAYBOOK
 
Computer Security for Lawyers
Computer Security for LawyersComputer Security for Lawyers
Computer Security for Lawyers
 
Internet security threat report 2013
Internet security threat report 2013Internet security threat report 2013
Internet security threat report 2013
 
cybercrime survival guide
cybercrime survival guidecybercrime survival guide
cybercrime survival guide
 
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdfThe 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
The 14 Most Common Security Risks For SaaS Applications And How To Fix Them.pdf
 
need help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdfneed help with a term paper 8 pages Write a term paper that discusse.pdf
need help with a term paper 8 pages Write a term paper that discusse.pdf
 
Ways To Protect Your Company From Cybercrime
Ways To Protect Your Company From CybercrimeWays To Protect Your Company From Cybercrime
Ways To Protect Your Company From Cybercrime
 
11 Reasons Why Your Company Could Be In Danger
11 Reasons Why Your Company Could Be In Danger11 Reasons Why Your Company Could Be In Danger
11 Reasons Why Your Company Could Be In Danger
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.com
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 
5 network-security-threats
5 network-security-threats5 network-security-threats
5 network-security-threats
 
Managed security services for financial services firms
Managed security services for financial services firmsManaged security services for financial services firms
Managed security services for financial services firms
 
Network Insights of Dyre and Dridex Trojan Bankers
Network Insights of Dyre and Dridex Trojan BankersNetwork Insights of Dyre and Dridex Trojan Bankers
Network Insights of Dyre and Dridex Trojan Bankers
 
Countering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorCountering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website Behavior
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud Prevention
 
True Cost of Ransomware to Your Business
True Cost of Ransomware to Your BusinessTrue Cost of Ransomware to Your Business
True Cost of Ransomware to Your Business
 
WeDo Technologies Blog 2014
WeDo Technologies Blog 2014WeDo Technologies Blog 2014
WeDo Technologies Blog 2014
 

More from James1280

Network urls
Network urlsNetwork urls
Network urlsJames1280
 
Security that works
Security that worksSecurity that works
Security that worksJames1280
 
Database information
Database informationDatabase information
Database informationJames1280
 
Network topology hardware
Network topology hardwareNetwork topology hardware
Network topology hardwareJames1280
 
Petition for name change
Petition for name changePetition for name change
Petition for name changeJames1280
 
Petition for name_change
Petition for name_changePetition for name_change
Petition for name_changeJames1280
 
Court order for name change
Court order for name changeCourt order for name change
Court order for name changeJames1280
 
Petition for name change
Petition for name changePetition for name change
Petition for name changeJames1280
 
Pre post mastect instr
Pre post mastect instrPre post mastect instr
Pre post mastect instrJames1280
 
Preparing forsurgery
Preparing forsurgeryPreparing forsurgery
Preparing forsurgeryJames1280
 
Pre post mastect instr
Pre post mastect instrPre post mastect instr
Pre post mastect instrJames1280
 

More from James1280 (14)

Network urls
Network urlsNetwork urls
Network urls
 
Security that works
Security that worksSecurity that works
Security that works
 
Firewalls
FirewallsFirewalls
Firewalls
 
Crypto
CryptoCrypto
Crypto
 
Ipadd mngt
Ipadd mngtIpadd mngt
Ipadd mngt
 
Database information
Database informationDatabase information
Database information
 
Network topology hardware
Network topology hardwareNetwork topology hardware
Network topology hardware
 
Petition for name change
Petition for name changePetition for name change
Petition for name change
 
Petition for name_change
Petition for name_changePetition for name_change
Petition for name_change
 
Court order for name change
Court order for name changeCourt order for name change
Court order for name change
 
Petition for name change
Petition for name changePetition for name change
Petition for name change
 
Pre post mastect instr
Pre post mastect instrPre post mastect instr
Pre post mastect instr
 
Preparing forsurgery
Preparing forsurgeryPreparing forsurgery
Preparing forsurgery
 
Pre post mastect instr
Pre post mastect instrPre post mastect instr
Pre post mastect instr
 

W verb68

  • 1. THE POWER TO DESTROY: HOW MALWARE WORKS
  • 2. p. 2 The Power to Destroy: How Malware Works At a glance 3 Web attacks on the rise 4 Prevention is better than a cure 5 Staying hidden pays off 6 Website visitors are ripe for the picking 7 What malware can do 8 What’s bad for clients is worse for you 9 Take responsibility 10 References 11 CONTENTS
  • 3. p. 3 The Power to Destroy: How Malware Works Nearly a quarter of IT managers simply don’t know how secure their website is.1 However, with the number of web-attacks blocked per day rising from 190,370 to 247,350 between 2011 and 2012, it’s vital for businesses to understand the part their website plays in the distribution of malware to clients, customers and the wider online community.2 Malware takes many different forms. It can log keystrokes, lead to data breaches, lock down hardware and use infected systems to spread malware to other victims. As a website owner it’s your responsibility to not only protect your business and customers, but the safety of the Internet too. Consider the impact to your business and brand if you were the source of infection. At a glance 190,370 247,350 2011 2012 WEB-ATTACKS BLOCKED PER DAY BETWEEN 2011 AND 2012
  • 4. p. 4 The Power to Destroy: How Malware Works ‘Driven by attack toolkits, in 2012 the number of web-based attacks increased by one third and many of these attacks originated from the compromised website of small businesses.’ This was the finding of Symantec’s latest Website Security Threat Security Report (WSTR), which makes for sobering reading. WEB ATTACKS ON THE RISE 93%87% SMALL BUSINESS LARGE ORGANISATION % OF UK BUSINESSES TO SUFFER A DATA BREACH LAST YEAR Malware works to compromise the data and functionality of your website server, and to exploit and extract information and money from your clients and customers, all of which damages your reputation and costs your business money. In the worst cases it can even put your very livelihood on the line. The cost is critical In 2012 cybercrime cost businesses six percent more than in 2011. The cost of security breaches alone has roughly tripled in the last year and reaches into the billions.3 The average recovery time from a cyber attack in 2012 was 24 days, which equates to a cost of $591,780.4 And these are just the direct costs of labour, hardware and software repair and compensation. Take into account lost business and damaged reputation and the figure climbs even higher. Malware’s damaging ripple effect is huge and criminals see websites as a way to infect your servers, steal your information, infect visitors with their malware and often times create havoc. A common and costly crime Understanding how malware works, and why criminals use it, can help considerably in the prevention and detection of threats. The most obvious point of danger when it comes to malware is your website server and the data it holds. In other words: data breaches. Taking the UK as an example last year, 93 percent of large organisations and 87 percent of small businesses suffered a data breach.5 If a criminal can find a way to get malicious code onto your server that can access files or log information exchanges, they can get at customer data, credit card information, passwords and more. So far in 2013, 8.9 million identities have been exposed, and 62 percent of those breaches included people’s real names.6 Exposing client or customer data means you are at risk from compensation costs, lost business and a severely damaged reputation.
  • 5. p. 5 The Power to Destroy: How Malware Works When it comes to data breaches there is a combination of things you can do to minimise your risk. Firstly, keeping your staff fully up to date on the risks of falling victim to social engineering and phishing attacks is key. It’s been found that companies with a poorly understood security policy are twice as likely to have a staff-related breach as those with a very well understood policy.7 It’s also important to regularly scan your website for vulnerabilities and malware. Automatic scanning comes as standard with many of Symantec’s SSL Certificates, and not only helps you spot weaknesses before they are exploited but also gives you an actionable threat report so you know how to shore up your defences. Scanning combats stealth Although prevention is best when it comes to malware, regular scanning is vitally important in order to spot stealthy malware that has been designed to stay hidden. While some malware causes lots of disruption, and takes down servers, often criminals want to keep their malware running on your website server undetected so they can continue to harvest information and maximise their opportunity. In July 2012, for example, a Trojan was discovered that was being used to steal information from the Japanese government. It turned out to have been in operation for two years totally undetected.8 This is also why SSL Certificates are so important. A lot of information is sent back and forth between visitors to your website and your server, sometimes highly confidential information like credit card details, addresses and other personal identification points. By configuring SSL to be ‘always on’ you can ensure that all communication is encrypted from the moment a visitor arrives on your site, reducing the risk of malware being able to eavesdrop and undermine your customer’s confidentiality. Using SSL like this can help to build trust and keep confidential data safe. This is why sites such as Twitter, Facebook, Google and LinkedIn do it. Prevention is better than a cure
  • 6. p. 6 The Power to Destroy: How Malware Works Stealth also works in the criminals’ favour when the malware they have installed doesn’t attack your server, but instead sits on your website and attacks your customers and clients. In this case, you might not be the target, but your business is still the victim. STAYINg HIDDEN PAYS OFF OTHER 41% 37% 22% The Blackhole Toolkit, was responsible for 41 percent of web attacks in 2012 The Sakura toolkit, which wasn’t even in the top ten in 2011, last year accounted for 22 percent of attacks WEB ATTACKS IN 2012 Web attacks are on the rise, and the latest ISTR highlights that 61 percent of malicious web sites are actually legitimate sites that have been hacked or compromised and had malicious code inserted without the owner’s knowledge. You can find out more about the different weaknesses inherent in your website that criminals can use to deploy malware, such as unpatched servers and cross- site scripting, in our whitepaper, ‘Reducing the Cost and Complexity of Web Vulnerability Management’ http://www.symantec.com/content/en/uk/enterprise/ white_papers/b-reducing-cost-complexity-of-web- vulnerability-mgmt_WP.pdf Toolkits: the master key for website vulnerabilities The most common way for criminals to exploit your website vulnerabilities is with toolkits. These are software bundles that criminals can buy off-the-shelf, like you would legitimate programs, which already have the right code to exploit certain vulnerabilities and deploy the type of malware the buyer wants to use. Cybercriminals create and trade malware much like legitimate companies buy and sell software. There are even popular hit products and up-and-coming new arrivals. In fact, a single toolkit, called Blackhole, was responsible for 41 percent of web attacks in 2012. The Sakura toolkit, which wasn’t even in the top ten in 2011, last year accounted for 22 percent of attacks. This is clearly a slick, organised and profitable venture. The risk that your site will be infected by malware is significantly increased thanks to the existence of these toolkits. They allow cybercriminals, who are not necessarily skilled enough to develop complex code themselves, to still attack your site and its visitors.
  • 7. p. 7 The Power to Destroy: How Malware Works One of the likely reasons toolkits are so popular is because of how often they are effective. Once on your site, malware searches for vulnerabilities in your visitor’s browser and if it finds one it will download a ‘dropper’, or malicious code that then searches their entire computer for vulnerabilities and takes advantage of what it finds. Website visitors are ripe for the picking Attacker profiles victims and the kind of websites they go to. 1. Profile Attacker then tests these websites for vulnerabilities. 2. Test2. Test When attackers finds a website that can be compromised, they inject JavaScript or HTML, redirecting the victim to a separate site that hosts the exploit code for the chosen vulnerability. 3. Compromise The compromised website is now “waiting” to infect the profiled victim with a zero- day exploit, just like a lion waiting at a watering hole. 4. Wait Reported vulnerabilities in browsers and plug-ins last year fluctuated between 300 and 500 per month. ‘Criminals ability to quickly find and exploit new vulnerabilities is not matched by software vendors’ ability to fix and release patches,’ states the WSTR. Major software vendors regularly release urgent patches for recently-discovered vulnerabilities. Add to this many people’s lack of vigilance when it comes to keeping their software up to date, and many companies’ inability to upgrade without disruption to business critical applications, and you can see why criminals will take advantage of any path that leads to such ripe pickings. Watering hole attacks As well as inserting malicious code into your website that will download malware to visitors’ vulnerable devices, criminals also inject malware onto your site in order to redirect visitors to another site. That site will contain malware, which will infect the victim with a zero- day exploit. As explained in our ‘Website Vulnerabilities Guide’, this is an exploit that takes advantage of a vulnerability that no one yet knows about, which is why the criminals keep the code on their own malicious site, to keep it secret. This technique is known as a watering hole attack, and is becoming increasingly popular with cybercriminals.
  • 8. p. 8 The Power to Destroy: How Malware Works What malware can do What it does How it earns criminals money Ransomware locks a users’ computer and displays a single warning screen. Support cannot even remote into the device to try and remove the malware. Often the screen will impersonate a local law enforcement agency and the software can sometimes even use the victim’s own camera to include a photo of them in the warning. As the name indicates, criminals demand a ransom to unlock the device. Usually they pretend it’s a fine for illegal or illicit behaviour on the victim’s part, imposed by the local law enforcement agency. Even when you pay, often they don’t unlock your device. Last year it is thought three percent of victims paid up. Botnets are networks of dispersed computers and servers that criminals use to distribute spam emails or generate bogus clicks on pay-per-click advertising. The right malware will silently incorporate a victim’s device into one of these botnets. Although the returns on this sort of malware are not immediately high, it is hard to detect and difficult to remove meaning it offers a long-term steady stream of income for criminals. Keystroke logging does exactly what it says on the tin. This malware is able to record every key that is pressed meaning it can look for 16-digit combinations that are likely to be credit card details, 6-digit date-of-birth sequences or unusual strings of characters that are likely to be passwords. This type of malware is used to gather information for identity theft, credit card fraud and account hacking. Information is a highly valuable commodity on the black market, and malware that can gather this type of intelligence can reap big rewards, especially if it’s one of your big clients that happen to fall victim and criminals bypass their more sophisticated and strongly protected systems. Further malware distribution. If the victim of this malware is connected to a network, everyone in that network, and all the servers connected to it, are at risk as the malware distributes to every device placing data, devices and operations at risk. The rewards all depend on how far the malware is distributed and what additional malware is triggered on different machines as per their vulnerabilities. This type of malware can paralyse an organisation, cause major data breaches and cost hundreds of thousands to rectify. There are a many different sorts of malware that look to turn a profit for criminals, or sometimes simply cause disruption and disturbance. The type of malware that criminals are most likely to try and distribute using your website, however, are those that make them money. If your site has been infected, the following types of malware can be downloaded to a client or customer’s device simply by them arriving on your site. All they will see is your brand, followed by either a warning from their anti-virus software, or worse, the effects of an infection. The Symantec ISTR also reported on the Shamoon attacks. In 2012, this malware, which targeted energy companies, was able to wipe entire hard drives. This type of action is extremely sophisticated, and so far it has been limited to high-value targets, but it indicates a trend: ‘if it is possible, someone will try it; if it is profitable, many people will do it’.
  • 9. p. 9 The Power to Destroy: How Malware Works WHAT’S BAD FOR ClIENTS IS WORSE FOR YOU If your website is responsible for the infection of a client’s computer, or worse their entire network, it’s going to cost you more than just their lost business. In particular if you are a small business you need to prove to big clients that they are safe in their online interactions with your website. Targeted attacks have increased considerably against small businesses in the last year and at least part of that is thought to be down to criminals thinking they can take advantage of small companies’ often weak defences to leapfrog the stronger defences of the bigger businesses they interact with. As a result, big clients are demanding more stringent security from their third party providers and partners. The Norton Secured Seal is one way of proving up front that you take yours and their safety seriously. It is displayed over 750 million times each day, and is the most recognised trust mark on the Internet.9 The cost of customer trust Putting individual customers at risk could cost you dearly as well. The estimated loss of business cost for the average security breach is £300-600 for small businesses and £10,000-15,000 for large organisations.10 In addition, if a search engine crawls your site and finds malicious code, you will be immediately blacklisted, wiping out all your search engine rankings and credibility. Warnings from a search engine or a customer’s own anti- virus software about the safety of your site can destroy your reputation in seconds. Not only is that thought to cost £1,500-8000 for small businesses and £25,000- 115,000 to large organisations, but once trust is lost it is also incredibly hard to regain.11 When a customer searches for your business you want to start building trust from the very first click, not losing it. The Norton Secured Seal, which is included with all Symantec SSL Certificates, is displayed in search engine results next to your site and proves that you monitor and protect your website, you are who you say you are and you take online security seriously. Symantec Seal-in-Search is certainly a way that you can build trust from the very first moment someone searches online. £300 - £600FOR SMALL BUSINESS £10,000 - £15,000 FOR LARGE ORGANISATION ESTIMATED lOSS OF BUSINESS COST FOR AvERAgE SECURITY BREACH $500-1000 $1,800-10,000 for small businesses and $40,000- 190,000 $15,000-25,000
  • 10. p. 10 The Power to Destroy: How Malware Works Despite the scale of the threat from cybercriminals, over half of business owners have never carried out a website vulnerability assessment.12 You need to know your weak points before you can even begin to implement technology and processes to protect against them. A Symantec vulnerability assessment provides you with an actionable threat report to help you prevent the malicious spread of malware through your website. Ultimately when you fail to properly secure your website you are putting your business, your customers and clients at risk. With the increase in drive-by web attacks, any number of people could fall victim to the malware lurking on your site. It’s in the interests of everyone in the wider online community for you to stay secure. Partner with professionals As you’ve read, cybercriminals see malware as part of a serious, multi-million dollar industry. They invest time and money in exploiting vulnerabilities and maximising the impact of their malicious software. You, on the other hand, need to focus on the growth and success of your own business, therefore you need a security partner that is as committed to keeping websites secure as the criminals are to exploiting them. Symantec has a full range of Website Security Solutions to help you search for vulnerabilities, encrypt data, spot malware and inspire confidence on your website. We are the leading source of trust online and we protect all the companies in the Fortune 500. We can help to protect you too. Take responsibility
  • 11. p. 11 The Power to Destroy: How Malware Works 1. Symantec’s Vulnerability Assessment – Feeling Vulnerable? You Should Be, https://www.symantec-wss.com/campaigns/14601/uk/assets/VA-WhitePaper-UK.pdf 2. Symantec’s Website Security Threat Report 2013, https://www.symantec.com/content/en/us/enterprise/images/mktg/SOP/EMEA/14385_ symantec_wstr_whitepaper_uk.pdf All subsequent Internet security statistics are sourced from the ISTR unless otherwise footnoted. 3. Department for Business Skills and Innovation, 2013 Information Security Breaches Survey, https://www.gov.uk/government/uploads/system/ uploads/attachment_data/file/200455/bis-13-p184-2013-information-security-breaches-survey-technical-report.pdf 4. http://www.symantec.com/connect/blogs/cost-cybercrime-2012 5. 2013 Information Security Breaches Survey. 6. Symantec Intelligence Report: July 2013, http://www.symantec.com/security_response/publications/monthlythreatreport.jsp 7. 2013 Information Security Breaches Survey. 8. http://www.theregister.co.uk/2012/07/25/japan_finance_ministry_trojan_attack/ 9. International Online Consumer Research: US, Germany, UK, July 2012 10. 2013 Information Security Breaches Survey. 11. 2013 Information Security Breaches Survey. 12. Symantec’s Vulnerability Assessment – Feeling Vulnerable? You Should Be, https://www.symantec-wss.com/campaigns/14601/uk/assets/VA-WhitePaper-UK.pdf References
  • 12. Symantec Website Security Solutions Website Security Threat Report 2013 ABOUT SYMANTEC Symantec Website Security Solutions include industry leading SSL, certificate management, vulnerability assessment and malware scanning. The Norton™ Secured Seal and Symantec Seal-in-Search assure your customers that they are safe from search, to browse, to buy. More information is available from ��l�k�h�b�j�v�f� The Power to Destroy: How Malware Works www.symnatec.com/en/aa/ssl-certificates Email us on: ssl_sales_au@symantec.com ssl_sales_asia@symantec.com