Welcome to another trip down the Internet highway, with me your friendly security guide.
I’m going to briefly examine three web security issues …
Enterprise users experienced an average of 274 Web malware encounters per month in 1Q11 This is a 103% increase compared with 2010 Unique Web malware encountered also increased (46%) in 1Q11 Up from 72,294 unique Web malware in January 2011 to 105,536 in March
There are still plenty of out-of-date browsers out there, ripe for exploitation. StatCounter is a web analytics service. From their web site: As of 1 June 2010, our tracking code is installed on more than 3 million sites globally. (These sites cover various activities and geographic locations.) Every month, we record billions of hits to these sites. For each hit, we analyse the browser/operating system used and we establish if the hit is from a mobile device. We do not manipulate the data in any way. We do not collate it with any other information sources. No artificial weightings are used. We simply publish the data as we record it. In other words we calculate our Global Stats on the basis of more than 15 billion hits per month, by people from all over the world onto our 3 million+ member sites. By collating our data in this way, we track the activity of third party visitors to our member websites. We do not calculate our stats based on the activity of our members. This helps to minimise bias in the data and ensures a random sample is achieved. In May 2010, our global sample consisted of 16.3 billion hits (US: 4.0 billion); 2.1 billion of these were search engine referrals (US: 532 million); 109 million of these were social media referrals (US: 51 million).
Operation Aurora is a cyber attack which began in mid-2009 and continued through December 2009. The attack was first publicly disclosed by Google on January 12, 2010, in a blog post. In the blog post, Google said the attack originated in China. The attacks were both sophisticated and well resourced and consistent with that associated with an Advanced Persistent Threat. The exploit used a zero-day vulnerability in Internet Explorer. Even if you were patched up to date, you were still at risk.
Here’s an example of a simple spear phishing email that we used to test our client’s ‘human firewall’. People still fall for these!
This is data from my home PC as analysed by Secunia’s Personal Software Inspector (PSI)