Websense: Malware-as-a-Service Makes Cybercrime Easier



websense-threat-report

Websense released their annual Threat Report, which is interesting if you want to know what’s really happening in the criminal cyber landscape. Here are a few highlights, with a link to the full report below.

Despite the increase in data breaches, the total volume of malware threats is actually 5.1 percent less compared to 2013. They logged a whopping 3.96 billion security threats in 2014 though.

The Websense numbers again show that the human is the weak link in IT security. Around one in three (30%) of end-users click through a malicious URL in an email even though they have been warned of the danger. "End users are increasingly desensitized from the warnings, don’t feel responsible and still lack enterprise-driven education," according to Websense.

The most important change year-over-year is that cyber criminals have become more focused and efficient as they moved from "spray and pray" tactics to more "quiet, targeted and unique attacks", e.g. moving from spam to spear-phishing

The report also notes that the cyber mafia is clearly in it for the money and does not like to reinvent the wheel. They efficiently recycle and reuse the same delivery techniques and infrastructure, as 98% of malware uses command and control servers shared by other types of malware.

Malware-as-a-Service

Cyber criminals have become more effective by using cutting-edge hacking software. Hackers are mixing older tactics such as macros with new evasion techniques and more sophisticated social engineering. Existing malicious code is being “recycled” into new threats launched through phishing attacks and compromised web servers. 

Novice hackers (script kiddies) are able to easily create and launch attacks because exploit kits are for rent these days for very little money. There is a thriving underground cybercrime community with specialists for hire, so complex, multi-stage attacks can be subcontracted. 

You can get your copy of the Websense 2015 Threat Report here (registration required). It is clear that employees need to be thoroughly trained not to fall for social engineering attacks. Find out how affordable effective security awareness training is today.

 

Get A Quote Now

 

 


Topics: Malware, Cybercrime

Subscribe To Our Blog


Ransomware Has Gone Nuclear Webinar




Get the latest about social engineering

Subscribe to CyberheistNews