The threat blender
Considering that this amounts to more than 176 billion messages per day, it has become a serious and growing issue The latest in blended threats A blended threat is described as any threat that uses a combination of attacks through different methods. Early blended threats used a combination of viruses and application vulnerabilities to infect a user’s computer. The latest type of blended threat is one that uses a powerful combination of email and web to deliver its payload and infect a user’s computer. In such cases the attacker sends an email message with an embedded URL link, and when the user clicks on the link they get infected either directly or get fooled into downloading and installing an update that turns out to be malware. What makes blended threats so dangerous These blended email attacks are one of the most successful attacks on the internet today. They are successful because the email message – being simple and well engineered – is difficult to detect as spam, there is no attachment (so nothing for the email gateway to scan), and they infect using the web channel, which typically has next to no malware scanning on it. While in the past destination websites referenced in blended email attacks tended to be temporary websites that were set up by the hackers for the sole purpose of infecting visitors, hackers are now infecting legitimate websites. The change from creating temporary hacked websites to using legitimate websites means that the technology required to address these threats needs to be much more granular, to directly locate the infected pages and only block that particular content instead of the entire website. What can be done about blended threats The best advice resellers can offer end-users who want to address multi-channel attacks is to look to vendors that offer a strong and comprehensive product portfolio across both email and web, and are actively collating threat information between the two channels. While implementing single-channel solutions such as email or web security is a step in the right direction, as individual operations they will not be able to effectively prevent blended threat attacks. The email gateway is the best place to address email blended threats, as it stops the baiting emails from even getting to the end-users’ inboxes. However, the emails are improving in design and format, and have started using spoofed email address from trusted, credible domains to bypass the spam filters. The rise in blended email attacks has been driving innovations in malware detection and new opportunities for resellers to expand their customer offerings. One of the most exciting innovations is behavioural malware analysis. This relies on actually running the suspected malware or link within a virtual computer to analyse what it tries to do, whether it tries to do any of the common actions that malware generally does. It provides extremely high detection rates and can analyse URL links, making it uniquely positioned to detect blended email attacks at the email gateway. Given the increasing prevalence of blended threats, resellers need to remain across developments in this area, to ensure they able to provide end-users with the most appropriate solution.