Cyber Crooks Attack Businesses with MAAS Model - Websense

Threat Report of 2015 of security firm Websense Security Labs said that enterprises must recognize that more cybercriminals are capable of launching advanced attacks due to appearance of malware-as-a-service (MAAS) business model.

Websense reports that the ranks of actors of cyber threat across the world grew to incredible proportions during the past year.

Security researchers have seen three times more number of exploit kits available on the progressive competitive cyber criminal market in the last 12 months with average prices relatively low at $800 to $1,500 per month.

Researchers have also seen some exploit kits such as Angler and Nuclear experience developments to use new complicated layers and to integrate zero-day code more easily.

Computerweekly.com published news on 8th April, 2015 quoting Carl Leonard, Principal Security Analyst of Websense Security Labs, as saying "Even cyber criminals with low technical capabilities can now access malware code and techniques which would previously been out of their reach."

The report revealed that other trends include the tendency of cyber-criminals to reuse infrastructure and techniques. For example, more than 99% of C&C infrastructure detected had been used by at least one other author of the malware.

Email, which is one of the traditional attack vectors, is still a powerful attack launcher in spite of the development of the web.

Websense scanned and found more than 80% of emails in 2014 to be malicious which is 25% more than previous year.

Charles Renert, Vice-President of Websense Security Research, said: "Cyber threats last year combined fresh techniques with the conventional resulting high elusive attacks which posed an important risk for theft of data."

In view of easy availability of malware, criminals are focusing on the quality of attack instead on its quantity.

Websense report reveals that security threats in 2014 plummeted by more than 5% last year to 3.96 billion but high profile organizations with heavy security investments have been the targets of several attacks.

Infosecurity-magazine.com published news on 9th April, 2015 quoting Leonard as saying "It is guaranteed that authors of malware will always develop techniques, tools and tactics. Organisations must re-check their security posture to consider technical and human elements."

» SPAMfighter News - 4/17/2015