Story image

The threat blender

01 Mar 10

Considering that this amounts to more than 176 billion messages per day, it has become a serious and growing issue

The latest in blended threats

A blended threat is described as any threat that uses a combination of attacks through different methods. Early blended threats used a combination of viruses and application vulnerabilities to infect a user’s computer. The latest type of blended threat is one that uses a powerful combination of email and web to deliver its payload and infect a user’s computer.

In such cases the attacker sends an email message with an embedded URL link, and when the user clicks on the link they get infected either directly or get fooled into downloading and installing an update that turns out to be malware.

What makes blended threats so dangerous

These blended email attacks are one of the most successful attacks on the internet today. They are successful because the email message – being simple and well engineered – is difficult to detect as spam, there is no attachment (so nothing for the email gateway to scan), and they infect using the web channel, which typically has next to no malware scanning on it.

While in the past destination websites referenced in blended email attacks tended to be temporary websites that were set up by the hackers for the sole purpose of infecting visitors, hackers are now infecting legitimate websites.

The change from creating temporary hacked websites to using legitimate websites means that the technology required to address these threats needs to be much more granular, to directly locate the infected pages and only block that particular content instead of the entire website.

What can be done about blended threats

The best advice resellers can offer end-users who want to address multi-channel attacks is to look to vendors that offer a strong and comprehensive product portfolio across both email and web, and are actively collating threat information between the two channels.

While implementing single-channel solutions such as email or web security is a step in the right direction, as individual operations they will not be able to effectively prevent blended threat attacks.

The email gateway is the best place to address email blended threats, as it stops the baiting emails from even getting to the end-users’ inboxes. However, the emails are improving in design and format, and have started using spoofed email address from trusted, credible domains to bypass the spam filters.

The rise in blended email attacks has been driving innovations in malware detection and new opportunities for resellers to expand their customer offerings. One of the most exciting innovations is behavioural malware analysis. This relies on actually running the suspected malware or link within a virtual computer to analyse what it tries to do, whether it tries to do any of the common actions that malware generally does.

It provides extremely high detection rates and can analyse URL links, making it uniquely positioned to detect blended email attacks at the email gateway.

Given the increasing prevalence of blended threats, resellers need to remain across developments in this area, to ensure they able to provide end-users with the most appropriate solution.

Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
How blockchain will impact NZ’s economy
Distributed ledgers and blockchain are anticipated to provide a positive uplift to New Zealand’s economy.
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Review: Blue Mic’s Satellite headphones are good but...
Blue Mic’s newest wireless headphones deliver on sound, aesthetic, and comfort - but there is a more insidious issue at hand.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
Forcepoint and Chillisoft - “a powerful combination”
Following Chillisoft’s portfolio expansion by signing on Forcepoint, the companies’ execs explain how this is a match made in cybersecurity heaven.
David Hickling in memoriam: “Celebrate the life and the music it made”
Dave was a well-respected presence in the IT channel and his recent death was felt by all the many people who knew him as a colleague and a friend.