Researchers at Blue Coat Systems Inc. have been mapping malware to better understand malware delivery. In the Blue Coat 2011 Mid-year report (.pdf), the company found a variety of websites and online forums consistently used by cybercriminals to spread malware.
The problem stems not only from websites dealing with pornographic and pirated material. Attackers are taking advantage of common website vulnerabilities on trusted and popular websites for use by cybercrime.
In an update provided recently, Larsen said poisoned search engine results are constantly being used to drive traffic to those malicious sites. While search engine providers are labeling suspicious sites, cybercriminals have an agile process in place. They can switch domains on the fly to maintain up-time and continue spreading malware, overseeing an ever increasing number of infected machines, Larsen told SearchSecurity.com.]]>
Digital certificate breaches have fueled an erosion of trust online, according to the SearchSecurity editorial team. While researchers look for alternatives to the digital certificate system, it may not always be clear that the site you’re visiting is legitimate.
In this wide ranging discussion, SearchSecurity editors and special guest Andrew Jaquith of Perimeter E-Security, explore whether 2011 was a good year for the security industry or if the latest security incidents highlight many of the industry’s faults.
In addition to the digital certificate breaches, part two of this podcast explores the trend of companies increasingly studying the threat landscape to be better prepared for real world attacks. While many organizations fail at completing the most basic security tasks, others have applied the basics and are taking the next steps in understanding who their adversaries are and how to defend against them.
In addition, McAfee’s Operation ShadyRAT report may have come under intense criticism, but vendor research serves an important purpose, according to Jaquith. When taken into context, some research reports can be helpful when strategic planning.
Part 1 of Security Wins and Fails of 2011]]>