Blue Coat stresses need to combat social engineering

From: http://www.securecomputing.net.au/News/170978,blue-coat-stresses-need-to-combat-social-engineering.aspx


User awareness must supplement protections, says firm.

Administrators and security vendors must step up efforts to prevent social engineering attacks in the enterprise, according to security vendor Blue Coat systems.

The company said in its annual security report that in addition to swifter analysis and protection, end-users need to be made aware of the practices commonly used to trick them into installing malware and releasing sensitive data.

Blue Coat cited increasingly popular trends such as search engine optimisation (SEO) and more sophisticated and targeted attacks in saying that companies need to make employees more aware rather than depending strictly on new security tools and appliances.

"The increasing use of link farms to manipulate search engine results and prey on the trust users have in their internet experience drove many of the malware exploits we saw in 2009 and are continuing to see in 2010," said Blue Coat senior malware researcher Chris Larsen.

"To provide comprehensive protection in the face of these threats, enterprises need not only a layered defence but also better user education."

The increased need for user awareness also comes as users are increasingly relying on social networking platforms that are fertile grounds for social engineering.

Blue Coat said that social networking was the most common activity among users and that messaging over those platforms was beginning to replace some of the traffic on webmail services.

Because users are more apt to trust friends and acquaintances on networking sites, attacks from compromised accounts of hosted applications can be extremely successful for cybercrooks. Services such as Twitter and Facebook have been particularly popular targets.