Enterprise networks victimized from the inside out

by Steve Ragan - Feb 25 2010, 00:18

Zscaler recently published their quarterly report on the State of the Web for Q4 2009. In it, they examine Web traffic passed through their global network to detail attack trends including botnet traffic, Internet access policy, and the use of outdated browsing software.

In their report, Zscaler noted that when it comes to attacks online, criminals are persistent if nothing else. As users crossed Zscaler’s global network, most of the malicious destinations were using JavaScript or Iframes to initiate an attack. From there the attack patterns are as expected, the malicious code will target software on the user’s system, such as Acrobat Reader, and deliver a payload, such as one of the many Trojans used to develop and manage botnets.

According to the report, Zscaler is also seeing an upswing in the number of botnet related traffic. The correlation is that the more often than not, the malicious domains using JavaScript or Iframe to launch the attack are seeking to expand the Zeus botnet, or infect systems with code to harvest banking data. In addition, they noticed that the second most popular payload was the delivery of Rogue anti-Virus.

Botnet attacks, fake anti-Virus applications, Phishing, and Malware delivery are all common threats to the Enterprise, and the Zscaler report puts the recent Symantec report in perspective. The takeaway point from Symantec’s report is that Enterprises are well aware of the threats they face, but are trapped between a rock and a hard place when it comes to dealing with them.

Zscaler’s report gives anyone researching Symantec’s data the insight needed to examine the type of entry points used to attack end users. Moreover, it details the methodology used by attackers.

Using the two reports, you can see the types of risk management needed inside Enterprise scale operations. For example, Internet Explorer is still the most popular browser within the Enterprise, Zscaler says; however, Mozilla’s Firefox has been making moves as well, with a six percent jump in usage during December 2009.

The problem is that supporting multiple browsers within the Enterprise is a daunting task for IT. In addition to helpdesk related browser needs, IT will need to contend with deployment and security management on both platforms, which sucks time away from other security needs. The deployment of Internet Explorer 6, accounting for 48-percent of the browsers tracked by Zscaler, is another problem in itself.

Internet Explorer 6 is missing many of the protections offered within Internet Explorer 7 or 8. However, it is still supported by Microsoft, and easier to use. End users are familiar with it, and for an IT manager, deploying new versions of a browser across thousands of desktops is a blood boiling task, which will certainly be met with frustrations from the users and within the IT department. However, as attacks get more and more targeted, the layered protections offered by the newer IE versions are needed layers of defenses. The good news is that 46-percent of Enterprise organizations realize this and are using Internet Explorer 7.

“Attackers are no longer targeting web and email servers. Instead, they are focusing on the weakest link in the security chain -­ end users. Whether such attacks leverage technical vulnerabilities, or more likely, social engineering attacks, Web based, client-­ side attacks are the most common way to compromise end user machines,” the report notes.

The Symantec report, details of which are here, outlines the fact that Enterprises are caught in a damned if you do or damned if you don’t zone where attacks to their network are consistent and effective. The Zscaler report augments this with a methodical look into Web traffic and user behavior.

You can view the Zscaler report here, but you need to register some information first.

Around the Web