bizEDGE New Zealand logo
Story image

Suspicious minds

01 Oct 2010

Blended attacks use more than one avenue to break through the security gateways of ERP software systems to deliver malware viruses. Accounting for more than 176 billion messages per day, you can understand that this has become a serious and growing issue.

The latest type of blended threat to emerge is one that uses a powerful combination of email and web to deliver its payload and infect a user’s computer. The attacker sends an email message with an embedded URL link, the intrigued user then clicks on the URL link which either prompts an immediate malware download, or redirects the user to a web page, where they are invited to download and subsequently install a crucial ‘update’, which inevitably turns out to be malware.

These blended email attacks are one of the most successful attack methods on the internet today. They are successful because the email message is simple, well engineered and difficult to detect as spam. It also does not have an attachment, so there is nothing for the email gateway to scan. They infect using the web channel which, typically, has next-to-no malware scanning capabilities. In fact, the web channel is now by far the most popular route of malware infection in the enterprise environment, simply because the majority of organisations deploy insufficient protection on their web gateways.

Any protection they have is usually based around URL filtering lists, which used to be effective and sufficient, however, as the internet and internet threats change, so must the security controls used to protect the business network and its multiple users.

As the initial instigator of attacks, email should certainly be the first port of call for preventing them. Too many email security vendors rely on web products to address threats, or they assume that standard spam filters are sufficient barriers to these malicious emails. Spam filters will catch some blended threat emails, but as baiting emails improve in format and design, adopting legitimate email addresses and domains to fool security gateway control, we are seeing much higher numbers of malicious messages slip through into users’ inboxes.

On the web side, vendors have been using URL filtering lists to block access to malicious websites created by hackers. Unfortunately, to counter this, the hackers have changed tactics and are now infecting legitimate websites. As a result, by using URL filtering lists to block access to suspicious websites, organisations are in danger of hampering productivity should their employees require access to these sites in their daily work. It is important to note that URL filtering lists don’t actually offer the most effective means of protection to end users anymore. In today’s environment, hackers are continuously evolving their attack methods and organisations must remain vigilant to new and ever-more prolific threats.

Behavioural analysis is one innovation that is positioning organisations one step ahead of cybercriminals in terms of blended threat defence. Operating at the email gateway, to stop baiting emails even reaching end users, it works by running the suspect code or URL link within the email in a virtual computer, tracking it to see what it does and whether it makes operational modifications. This determines if this code or link is malicious or not.

Through behavioural analysis, not only are you able to accurately detect all malware, no matter whether or not you have seen it before, but this technology can also be deployed in an email security gateway, whereby the gateway strips out any suspicious URL links from email and analyses the content. Appropriate actions can then be taken depending on the result.

In order to combat email and web malware, innovation such as this must continue. Spam hasn’t gone away nor has it died down. Hackers are making too much money with email and webbased threats to stop their malware march into the enterprise.