Forcepoint 2016 Global Threat Report: Evasion, Insider Threats, and Ransomware Advance; New “Jaku” Botnet Targets Asia

AUSTIN, Texas—April 26, 2016 — Forcepoint, a global leader in empowering organizations to drive business forward through transformative security technologies, today rel
eased the Forcepoint® 2016 Global Threat Report, detailing some of the latest evolving threats, gathered from more than three billion data points per day in 155 countries around the world.

This year’s report analyzes the impact of:

  • A brand new botnet campaign that Forcepoint is calling “Jaku” that was discovered as a result of a 6-month investigation by Forcepoint’s Special Investigations (SI) team
  • A new crop of opportunistic ransomware, anti-malware tools and issues caused by the ever-dissolving perimeter that are posing serious challenges to cybersecurity professionals and the organizations they aim to protect
  • Increases in data breaches caused by both malicious and “accidental” insiders
  • Inconsistent security controls between cloud providers and businesses, which are complicating data protection
  • The continuing convergence of email and web attack vectors as nine out of ten unwanted emails contain one or mcyberthreatore URLs and millions of malicious macros are being sent

“The rapid evolution of the cyber threat environment has consequences that are much broader than just technical, operational, and financial – they can impact every piece of a business,” said Forcepoint Chief Scientist Dr. Richard Ford.  “With this Threat Re
port, we want to demystify these threats and help enable businesses with tools, recommendations and, quite simply, knowledge, so they can continue to move forward without fear.”

The Forcepoint 2016 Global Threat Report details multiple behavioral and technique-based trends and provides guidance on today’s most impactful threats to assist security professionals in planning their cybersecurity defense strategy.

Top findings include:

  • Malicious content in email increased 250% compared to 2014, driven largely by malware and ransomware
  • The United States hosts more phishing websites than all others countries combined
  • Ransomware focus is sharpening, targeting countries, economies and industries where a high ransom is more likely to be paid
  • “Insiders” – malicious and accidental – represent the biggest threat to company security and the one for which businesses feel least prepared
  • Advanced evasion techniques are gaining in popularity and are combining multiple evasion methods, such as IP fragmentation and TCP segmentation, to create new ways to bypass access controls, attack watering holes and disguise traffic

The Forcepoint 2016 Global Threat Report data was collected and evaluated using the Threatseeker® Intelligence Cloud, working behind-the-scenes 24x7x365 to provide Forcepoint visibility into the very latest threats. The Forcepoint team provided expert interpretation, with researchers and engineers in Europe, the Middle East, Asia and North America performing interviews and investigations that examined attack activity and its impact across the full Kill Chain.

To download the Forcepoint 2016 Global Threat Report, visit www.forcepoint.com/threatreport. For ongoing research updates, be sure to follow the Forcepoint Security Labs blog at https://blogs.forcepoint.com/security-labs.

Symantec – Wipro Ink Partnership for Data Loss Prevention and Backup & Recovery Services

Symantec Corp., and Wipro Ltd (NYSE:WIT) today announced a new partnership under which Wipro Infotech will offer data loss prevention, and backup and recovery infrastructure consultancy services based on Symantec technology. This will offer customers increased visibility into information and a risk-based approach to data security.

“Information is the most valuable asset of any organization and ensuring that it does not fall into the wrong hands is critical to its reputation and business,” said Ajay Verma, director, Channels and Alliances, Symantec India. “Wipro Infotech’s professional services background, market reach, consulting expertise, complemented by Symantec’s industry-leading solutions will offer customers a better insight in to data risk. ”

Symantec’s content-aware data loss prevention solution spans data at the endpoint, in storage and the network. When offered through Wipro’s technology practice, it will provide customers the confidence that their information is secure in today’s connected world.

Wipro’s cross-platform expertise along with Symantec VERITAS Backup Reporter’s capability to proactively identify and quantify exposures before they impact backup operations, will help customers achieve greater efficiency, verify backup service-level compliance, and justify the business costs associated with protecting data.

Speaking on the occasion, Vikas Srivastava, vice president and business head, Infrastructure Technology Solutions Division, Wipro Infotech said, “The Backup and Recovery Infrastructure Consulting service and Data Loss Prevention Services are very unique service offerings that will contribute significantly to customers’ business continuity and data protection initiatives, which in turn would lead to improved efficiency, security and cost reduction . Symantec was an ideal choice to partner with for these services because of their hardware-agnostic solutions and superior technology.”

Service-centric Data Loss Prevention

Information is paramount to gain substantial competitive advantage in today’s business scenario. Almost 90 percent of threats in 2008 were targeted at confidential information, according to a Symantec report. In fact, an IDC study commissioned by Symantec revealed that 79 percent of Indian enterprises highlighted data loss as their most serious information security concern. This has entailed a paradigm shift from infrastructure-centric to information-centric security.

Wipro Infotech’s Service-Centric Data Loss Prevention will offer a prioritized, risk-based approach to achieve measurable reduction in data risks. It will also create a cross-functional framework to monitor, manage, and remediate data security incidents.

Backup and Restore Infrastructure Consultancy Services (BRICS)

Data protection strategy, including backup and recovery for physical and virtual environments not mapped to the business, can lead to financial loss and damage to reputation. Symantec study on disaster recovery cites lack of backup storage and automated recovery tools as top challenges to protect data in virtual environments. The survey also found, that a significant percentage of virtual environments are not regularly backed up – pointing to the need for more automation and cross-environment tools.

Wipro Infotech’s consulting division will offer granular reporting of end-to-end backup infrastructure through Symantec’s VERITAS Backup Reporter. Customers will get a detailed view of media usage and insights into data risks in physical and virtualized environments. Wipro’s Global Service Management Center will bring in scale and increased efficiency of backup operations in virtual environments.

AVG’s Prediction on Internet Security Threats for 2010

The year gone by has seen a significant rise in the incidence of spam, phishing, botnet activity, and malware. Each year cyber-criminals who have largely succeeded in duping the unsuspecting user, are investing in sophisticated and automated ways to run their operations. It can be safely predicted that in 2010 the threat environment will witness higher volumes of web-threats and be even more transient, agile and organised! Internet security threats that AVG expects to have significant impact on users in 2010 are as follows:

1. More diverse, automatically generated malware: Cyber-criminals can now automatically create hundreds of thousands of unique pieces of malware a day, much of which has no unique signature and can bypass old-fashioned, signature-based virus detection software.

2. The bad guys still want your money, identity and/or resources: In the coming year, cyber-criminals will, with increased sophistication, continue to make money via social engineering and phishing scams, trick users into providing, or steal personal details.

3. Cyber criminals in the cloud: To keep ahead of the computer security industry’s efforts to thwart their activities, the cyber-criminals are now using “in the cloud” technologies in far more sophisticated and effective ways than most legitimate businesses.

4. Highly transient web threats: In 2010, cyber criminals will continue to improve the speed with which they are able to move their campaigns from domain to domain, server to server. In early 2009, AVG researchers reported that 60% of these poisoned web threats were active for less than a day and 75% for less than 30 days.

5. Exploitation of major events, news and gossip: Cyber-criminals exploit latest trends and topics that are gaining popularity on the internet by hijacking search results into clicks on links to their malicious web pages. Expect to see more highly targeted, convincing attacks with custom malware in 2010.

6. “Web two-point-uh-oh”: Cyber-criminals exploit trust. With the rise of Web 2.0, attacks that impersonate social networking sites or spoof contacts from your “friends” list are more likely to be clicked on. It is likely we’ll see a great deal more of similar scams in 2010.

7. Emerging nations go online with poor security: Many users especially from amongst developing countries, who are amongst the growing millions who are getting connected to the Internet, still use pirated software that can’t be kept up to date with security patches. We expect to see a big increase in threats being delivered via emerging countries in 2010.

8. Global economic crisis impacts security: As employment has taken a hard hit due to the economic crisis, it is likely that more people will be lured by the easy money of cyber-crime. Also, individuals desperate in search of earning opportunities are more likely to fall prey to bogus offers or disgruntled employees may breach official data that could fall into the wrong hands.

9. Business still too complacent: Events in 2009 showed that many businesses simply weren’t properly protected. The success of the exploits used to penetrate and establish Conficker into business and enterprise networks early in 2009 was largely because of complacency.

10. More people will buy complete protection: The good news is that reputable security vendors now provide full Internet security suites with multiple layers of protection. The majority of people that pay for security software now buy the full suite, complete protection solution instead of entry-level solutions. This trend continued through 2009, in spite of tougher economic times, and AVG expects it to be maintained in 2010.

It will get worse before it gets better

Sadly, the security threats in 2010 are likely to be nastier, more targeted and more frequent, with malware and cyber-crime being almost exclusively driven by organised crime and motivated by money.

Mcafee first to deliver network security IPS solution with integrated zero-day malware protection

McAfee Inc. recently launched its McAfee Full Spectrum Network Defense solution, featuring major enhancements to the McAfee® Network Security Platform, including day-zero malware detection, network threat behavior analysis, and application-level security. The solution includes Network IPS, User Behavior Analysis, Network Threat Behavior Analysis, Network Access Control, and McAfee Firewall Enterprise.

“Organizations typically lack the ability to see the full spectrum of network threats,” said Charles Kolodgy, research director at IDC. “They need deeper insight into the whole set of threats in order to provide full protection for critical business systems such as data centers. Integrating threat detection provides full visibility when inspection isn’t enough or when it isn’t feasible for cost or scalability reasons. In an incredibly dynamic threat environment, the ability to detect malware in real-time can provide tangible benefits.”

McAfee claims that Full Spectrum Network Defense is the first solution to integrate a network intrusion prevention system with behavioral analysis tools to provide additional visibility across the network, real-time threat protection technology, and enterprise risk assessment tools.

“Customers have come to rely on McAfee for the best network protection available, and our commitment to them is to continue to innovate and break the molds of traditional Network IPS and firewall capabilities,” said Dan Ryan, executive vice president and general manager of the Network Security business unit at McAfee. “With Full Spectrum Network Defense, we are reinforcing that commitment by integrating best-in-class security technologies into our network defense products. We will continue to deliver on customer demand by providing powerful new tools that extend visibility into the vast unprotected areas of the network.”

Industry-Leading Advancements in Network Security

Full Spectrum Network Defense identifies traffic, users, content and applications, and defends against any threats that may exist across the network. The solution is powered by McAfee® NetPrism technology, McAfee’s patented protocol analysis approach to network threat protection, and features enhanced interlock between network security, endpoint security, and global threat intelligence, to deliver the world’s most advanced threat protection. New features being announced in the Full Spectrum Network Defense Solution include the following benefits:

  • Real-time malware protection – McAfee is the first and only vendor to offer day-zero malware protection, enabled by McAfee® Artemis technology, which is tightly integrated with IPS. Supported by threat sensors distributed around the globe and McAfee’s proprietary threat analysis, IPS is able to provide ‘pre-protection’ against zero day malware, in addition to our leading vulnerability-based network protections.
  • Network Threat Behavior Analysis – McAfee is releasing a new set of threat analysis appliances, which provide a comprehensive way to inspect the entire network for threats and correlate network behaviours. Additionally, McAfee is the only vendor to provide Layer-7 flow export. This, when coupled with network flow data, empowers security analysts to ‘turn on the lights’ across the network with visibility into users, data, and applications.
  • Integration with McAfee Risk Advisor – McAfee’s unique decision support tool empowers administrators to immediately identify which systems are vulnerable to an attack that is underway. By analyzing the vulnerability state of endpoints and the countermeasures currently deployed, this new feature will enable IPS administrators to rapidly deploy a signature to ensure protection of devices pre-patch.
  • Network Security Management – The single Network-centric console manages all aspects of the solution, including real-time threat analysis and integration of global threat intelligence feeds. McAfee IPS and behavior analysis solutions are the only solutions that offer native integration with McAfee® ePolicy Orchestrator™ security management console.