This white paper describes Web threats, how they function, and their impacts; it explains why conventional methods fail to protect against these threats and describes the characteristics of a new approach required to ensure security, regulatory compliance, and business continuity.
Web Threats
Challenges and Solutions
Web Security
Web Threat Protection
A Trend Micro White Paper | March 2008
WEB THREATS: CHALLENGES AND SOLUTIONS
I. EXECUTIVE SUMMARY
Motivated by the lure of profits from the sale of stolen confidential information, cyber criminals today are shifting to the Web as their chosen attack vector, which provides an ideal environment for cyber crime. Many Web threats can be deployed unbeknownst to the user, requiring no additional action than merely opening a Web page. Large numbers of users, an assortment of technologies, and a complex network structure provide criminals with the targets, exploitable weaknesses, and anonymity required for large-scale fraud.
Web threats pose a broad range of risks, including financial damages, identity theft, loss of confidential business information, theft of network resources, damaged brand or personal reputation, and erosion of consumer confidence in e-commerce. These high stakes, the pervasive use of the Web, and the complexity of protecting against Web threats combine to form perhaps the greatest challenge to protecting personal and business information in a decade.
Web threats employ blended techniques, an explosion of variants, and targeted regional attacks often based on social engineering to defraud users. And these threats often use multiple protocols, such as an email that delivers a link to a dangerous Web site, using both the SMTP and HTTP protocols in the attack. Conventional means do not provide adequate protection from these threats, and no single method or technology will improve this situation. Instead, a multi-layered, comprehensive set of techniques must be brought to bear. This white paper describes Web threats, how they function, and their impacts; it explains why conventional methods fail to protect against these threats and describes the characteristics of a new approach required to ensure security, regulatory compliance, and business continuity.
II. INTRODUCTION: AN UNWELCOME SCENARIO
Robert, a Human Resources Director at a large law firm, arrives at his office on Monday morning, logs on to his computer, and scans his new email. He opens an email from a large employment site he uses frequently, clicks an embedded link, then logs on to the site to view his postings and responses. Robert's client status entitles him to access job seekers' personal information, which he uses to perform background investigations and credit checks. Unbeknownst to Robert, the email was actually fraudulent, spoofing the employment site. When his email client rendered the images in his message, malicious code contained in the .jpg file secretly downloaded an executable file, which ran automatically on his computer. This malware logged keystrokes on Robert's computer, capturing his login information when he accessed the job site and providing this information to the hacker.
In August 2007, a very similar scene played out as cyber criminals infiltrated the monster.com job site through "Monster for Employers" accounts, compromising the personal information of 1.6 million users. Many of these users then received official-looking emails, claiming to be from monster.com and encouraging them to download a "helper application" that turned out to be yet more malware. These
2 White Paper | Web Threats: Challenges and Solutions WEB THREATS: CHALLENGES AND SOLUTIONS
attacks were well-researched, using familiar language and branding, and coded to transfer data slowly, under the radar of IT administrators looking for suspicious network traffic.[1]
Web threats also include malware that is downloaded from an email attachment, but accesses the Web to convey information to the hacker. In 2007, fraudulent emails were sent purporting to be from the Federal Trade Commission. These emails claimed that a complaint had been filed against the company and contained an attachment. If the recipient opened the attachment, a keylogging Trojan was deployed that attempted to steal login information from the user's computer and send it back to the hacker. [2]
Phishing is a prevalent Web threat, spoofing legitimate companies to trick people into providing confidential information. Consumer phishing is wide-sprea... [download for more]
