Don’t Let Malware Overrun Your Boundaries

In the battle against cybercrime, there is one undisputable fact: the bad guys are working harder, faster and smarter than the average web user. These organized criminal operations have an astonishing grasp of online human behavior and know how to use social engineering tactics and Web 2.0 technologies to lure users to malware. While users have become more aware of hoaxes and scams sent through email, they are still far too trusting of content sent from a friend” or familiar organization on a social networking site. This new threat environment leverages Web 2.0 technologies and is far more advanced than today’s users and the current defenses they are using, which means a whole new security approach is needed.

User 1.0 and Web 2.0 vs. Malware 3.2

Although email threats still exist (think Canadian Pharmacy” and I lost my bag on an international trip” scams), email is no longer the primary delivery vehicle for malware. There are two reasons for this: First, email security solutions have improved greatly. But more important, users have learned not to open suspicious attachments or click on URLs included in email from anonymous sources.

While the online community overall has become more aware of email scams, most people are still at the User 1.0 level when confronted with new web-based threats. For instance, many users still exercise poor security habits, such as assigning the same username and password to multiple online accounts. With the widespread adoption of Web 2.0 technologies, bad guys have a new way to bait users and distribute malware.  In fact, these technologies have contributed to an acceleration of the threat lifecycle, allowing bad guys to quickly create, launch and evolve web threats to stay ahead of the defenses.  If users are at version 1.0 and web technologies are at version 2.0 then, malware has advanced to version 3.2.  And organizations need security 3.3 to protect themselves and their employees.

Social networking: A cybercriminal’s dream

Social networking sites that leverage Web 2.0 technologies have become such popular targets for cybercrime for several reasons:

·         It’s where the users are. To be effective, cybercriminals go where they can find the most victims and today, that means social networking sites.  The number of Facebook users alone surpassed 500 million in 2010. And that number only continues to grow. In fact, today, more users have social networking accounts than webmail accounts.

·         They can exploit trust. While the same user won’t open an email from someone they don’t know, they will friend” people they don’t know in real life and click on a URL sent from someone within their network.  This blind trust is a golden opportunity for bad guys that just need to acquire login credentials to reach all friends” of the victim.  This trust is key to spreading malware through social networks.

·         Social networking is no longer just social. It’s now a common communication tool for businesses of all sizes. In fact, 70% of small and medium-sized businesses rely on Facebook, LinkedIn, YouTube and other social media for essential business services such as customer communication, training videos and content distribution. But in 2010, 30 percent of all small and medium-sized businesses were infected with malware spread through social networks “” a strong indication that traditional firewall and desktop anti-virus protection is no longer adequate to block these threats.

Is there such a thing as safe social networking?

Yes. But you need more than the average security portfolio to achieve it. Safe social networking against the backdrop of the new threat environment requires an aggressive security strategy that goes beyond firewalls and desktop anti-virus. Here are a few key rules to keep in mind to take your security solution to version3.3 and stay ahead of the cybercriminals.

Three Requirements for Security 3.3

First: Proactive web filtering is critical.

The vast majority of today’s attacks use the web to host malware. These schemes drive users to infected URLs through a variety of routes, including manipulated search engine results, spam and social networking recommendations or likes.” Comprehensive Web filtering provides a front line of defense to block links, scripts and other techniques that either trick users with fake offers ( Update Your Video Player” or Your Computer Is At Risk”) or automatically cause the computer to connect to a malware source, botnet or spyware phone-home” site that collects stolen login credentials, user information and other sensitive data.

By identifying the URLs of phone-home” sites, comprehensive web filtering also enables you to identify and clean compromised systems before the attack spreads. In other words, web filtering helps increase your visibility into the various sources of malware and phishing attacks and protect your network and users from those attacks.

Second: Move at the speed of malware.

Real-time threats require real-time security. But traditional security solutions, including desktop AV and firewalls, is simply no match for today’s complex, fast-moving blended threats “” some of which can change in as little as two hours. So if your security approach relies on users to download and install the latest security updates, you’re already at risk of attack.

Cloud-connected communities have emerged as the most effective way to quickly identify and block malicious threats in real time. Communities draw on the intelligence of millions of worldwide users through real time URL requests, so as soon as one member encounters a threat, everyone in the community is notified and automatically protected from that threat. Instead of fighting billions of web threats alone, community members benefit from the safety in numbers and on-demand via the cloud security intelligence.

To keep pace with a rapidly evolving threat landscape, the defenses in cloud-connected communities can be seamlessly expanded to protect against the new and emerging threats.  These defenses can be available to users without requiring manual downloads or updates, ensuring business have the latest protection at all times.

In addition to cloud security and web filtering, security best practices dictate the need for malware scanning at the web gateway. Large enterprises have used this strategy for a while, but these solutions have been price prohibitive for SMBs. The good news is that affordable, enterprise-class solutions are now coming on the market.

Third: Don’t expect end users to be security experts.

End users, no matter how security conscious, are the number-one security risk in any organization, so don’t leave the security of your business data up to them. While user education is important, you have to ensure your employees are protected, wherever they work, at any time. Social engineering tactics that entice people to download malware through the latest celebrity or disaster videos, cheap goods, online pharmaceuticals and more will continue to evolve as today’s scams become less effective. Remember: malware will always try to be two giant steps ahead of your users. It’s up to you to ensure a user’s poor judgment doesn’t put your business at risk.

Why is all this necessary?

As more businesses like yours adopt social networking for communication purposes, the lines between business and personal use will continue to blur. To ensure your business can benefit from Web 2.0 technologies without exposing them to the risk of malware 3.2, you need a security 3.3 strategy in place. A security approach that combines a cloud-based intelligence community with real-time web filtering and malware scanning at the gateway is critical to maximizing the business benefits of social networking while minimizing the security risks.

By Sasi Murthy, Senior Technology Director and General Manager, Blue Coat Systems

[email protected]