今天读了WebSense在2013年2月发布的2013年威胁报告。

报告提供了多组统计数据,例如:

1)恶意网站数量同比增长了6倍;

2)85%的恶意网站都在合法的WEB宿主上;

3)只有五分之一的邮件是合法的;而垃圾邮件流量占了76%;

4)有一半的基于WEB连接的恶意代码会在感染后60秒内开始下载附加恶意代码;

5)恶意网站宿主国家前10是:美国、俄国、德国、中国、摩尔多瓦、捷克、英国、法国、荷兰、加拿大;

6)最大受***国家是美国;

7)32%的社交媒体恶意网址采用短连接;

8)CnC服务器宿主国家前10是:中国、美国、俄国、德国、荷兰、土耳其、乌克兰、加拿大、摩尔多瓦、拉脱维亚;


报告给出的建议:

1. Inline, real-time information security is necessary to help prevent web-borne threats.
2. Integrated security solutions are required to control inbound and outbound threats
brought about through increasing use of social media by on-site, remote and
mobile users.
3. Mobile device management (MDM) capabilities must be augmented with defenses
that can control mobile access to key resources, and perform real-time analysis of
potentially malicious content in all vectors.
4. Email security requires real-time threat analysis that coordinates with web, mobile
and other defenses.
5. Malware defenses need to monitor both inbound and outbound HTTP and HTTPS
traffic to prevent infection and detect command and control (CnC) communications.
6. Data loss prevention (DLP) approaches must address encrypted communications,
and better control both inbound and outbound content flow.


报告还有一个附录列举了APT或者ADT(高级数据窃取)的7个步骤:

1)踩点;

2)投饵;

3)重定向;

4)漏洞利用;

5)释放文件;

6)召唤;

7)窃取;


报告最后引用了IDC的报告:

IDC stating “Signature based tools (anti-virus, firewalls and intrusion prevention) are only effective against 30-50 percent of current security threats.
Moreover, customers expect the effectiveness of signature-based security to continue to
decline rapidly.” Much of this can be attributed to how attacks evolved to specifically counter those defenses. To address this exposure, IDC recommended that organizations consider
“a shift in security posture toward being more proactive.”