SonicWALL, Inc., a leading provider of intelligent network security and data protection solutions, today issued its mid-year cyber-threat intelligence bulletin. The bulletin reveals that businesses are increasingly under attack by cyber-criminals who seek to exploit employees connecting to corporate networks via mobile devices and their rising use of social media.
Growth in Android-based malware and social media scams such as click-jacking on Facebook and malicious links sent over Twitter are creating new and heightened levels of business vulnerability from data intrusion, theft and loss. Productivity and profitability are also compromised due to network and application downtime. Data for the bulletin was sourced from the SonicWALL Global Response Intelligent Defense (GRID) Network(TM), which gathers, analyzes and correlates billions of dynamic, real-time global cyber-threats.
Penetrating corporate networks
Said Boris Yanovsky, SonicWALL vice president of software engineering, “Cyber-criminals are focusing their attention on penetrating corporate networks and data through mobile workflow and applications. Employees innocently surfing dating sites via a mobile device or PC, that are in fact fake sites, or clicking on offers on Facebook such as a free McDonald’s meal that are click-jacking scams, can have a catastrophic impact on data security, business continuity and profitability.”
Yanovsky stated that, “New levels of network and firewall security are needed to protect against these increasingly sophisticated and prolific threats. Advanced networking security technologies such as application intelligence and control, real-time data visualization, intrusion prevention and malware protection, all of which are available in SonicWALL’s Next-Generation Firewalls, deliver this protection.”
Key findings of the intelligence bulletin
Mobile-based threats have risen significantly over the last six months. While these threats are not as widespread as computer-based threats, cyber-criminals have found workarounds to attack mobile phones on any platform. Threats that infiltrate mobile devices via popular applications like Apple Safari and Adobe Reader can attack multiple operating systems.
Also, the small screens of mobile devices typically truncate the view of long URLs, giving hackers an opportunity to lure unsuspecting users to a fake site masquerading as the site of a trusted institution.
Android market malware is a growing issue. With the growth of the Android market, there has been an increase in rogue applications affecting thousands of users. Google is actively removing malicious applications that appear in the market and has also removed multiple malicious apps remotely from users’ mobile devices. However, some threats remain.
Security threats resulting from the use of social media continue to rise. As social media has become part of the fabric of social and work-life, constant access to sites by employees from the corporate network is creating new levels of vulnerability. Click-jacking scams lead to surveys that generate income for the hackers and rogue apps compromise confidential information. Twitter messages can contain shortened malicious links that can even activate just by hovering over them. Email attacks on popular sites emulate the “look and feel” of these sites to produce very credible-looking scams.
The US, Canada and Taiwan are the most heavily hit countries for worldwide threat-related traffic. In addition, the US, China, India and Korea lead in intrusion-related and multimedia threats.