From a news article on the topic:
A recent study by TrendMicro reveals that Google Trends, a public web facility of Google, which shows how a particular search term is relative to the total search volume has been used by cyber criminals to find the most popular search terms. They then use these terms to point to links to their malicious sites, allowing them to victimize more people. Clearly, cyber crooks seem to be keeping up with the most recent technological advancements, using newly released applications to profit as much as possible.
Apart from poisoning the top search results, cyber criminals have been found to use GeoIP tracking as a social engineering tactic. This helps the bad guys to identify the geographical location of an internet-connected computer, mobile device, or website visitor. Geolocation data can include information such as country, region, city, postal/zip code, latitude, longitude and time zone.
Using geolocation data, cyber criminals can customize spammed emails and URLs to fool users into thinking that these are from non-malicious sources. This increases the possibility of malicious emails spreading, even while users unsuspectingly click on these links.
Says Abhinav Karnwal, product marketing manager, Trend Micro: “Malicious websites are making around $10,000 every day. It all starts with a pop-up showing a problem in your computer. The user would go to the internet and look for an anti-virus (AV) software. These malicious sites feign the look and feel of an authentic anti-virus company. The site would run a scan on your computer and show multiple errors, which doesn’t actually exist in reality. It would ask the user to pay a certain amount and download the AV file. After payment, the fake AV programme would indicate that your computer is free from errors, which never existed anyway.”
While these scams and the money aspect isn't new news, it's a good reminder why we have proxies in place to secure our access to the internet from our organizations. The article also provides some good reminders:
The team says, “Although ‘classic’ techniques are relatively well-known, cyber criminals are becoming cleverer. Users need to be educated to stop clicking on links in emails from unknown senders. If it is sent from a friend or colleague, it should be double-checked with the sender. Users should always be suspicious of any site with an unknown domain that contains the name of a well-known site in the latter part of the web address.”
The biggest threat now facing users may no longer be phishing—or accessing passwords. At least three quarters of malicious content is contained in legitimate sites. ... Almost 70 per cent of the top 100 most popular websites either hosted malicious content or contained a ‘masked redirect’ to lure unsuspecting victims from legitimate sites to malicious sites.
“In essence, the only way to be secure against the threat landscape is to ensure that a powerful security solution is in place which can provide real-time protection,” the UK team said. It is still a cops and robbers game. And there are too many robbers out there.
We've talked in the past here about real-time protection on your proxy. Since user education can only go so far, making sure your proxy has the capability to do real-time rating is more important than ever coupled with malware scanning capability.
Posts
No comments:
Post a Comment