Need a sobering reminder that malware attacks can devastate our seemingly benign web experience? Then you need to check out the 2011 Blue Coat Web Security Report, which examines web behavior and the malware to which users are most frequently exposed. What they found may change the way you look at the web. Or it may cause you to throw caution to the wind.

Death, Disaster, Drama

The social state of the Internet, while engaging, also presents potentially risky behaviors. Facebook, Twitter and rich media applications are breeding grounds for cybercrime, identity theft and malvertising. In fact, behind every dynamic web link is a web threat waiting to be unleashed. According to the report:

Dynamic Web links are the most powerful tool for cybercrime to leverage as lures drive user behavior, often from memories, human interest or the fate of others."

Despite their destruction, there’s much we can learn from reviewing significant Web incidents, attack methods and delivery techniques. From hijacked disaster recovery donation websites to Wikileaks, the report’s doomsday summary of life in 2010 highlights that, where there is death and disaster, there is surely drama.

Trends, Lessons, Advice

Fortunately, if you are able to get past the doom and gloom, Blue Coat has isolated several trends that can help users both understand and identify malware attacks and cyber scams so as to protect their information.

  • Numerous wire fraud cases in 2010 challenged an aging uniform commercial code on who is responsible -- the customer or the financial institution -- when it comes to IT security
  • Cybercriminals can and will key log access credentials and change notification settings to email accounts they control, as well as moving into the mobile device world with SMS-related attacks.
  • Cybercriminals are patient, to develop valuable and trusted positions within Web advertising structures before launching attacks.
  • Malvertising attacks are more common on the weekend when IT resources are low and an attack is less likely to be noticed.
  • Link farms continue to pollute search engine results and social networking is poised to take the lead for online scams.
  • The dynamic link, combined with trusted relationships inside social networking and the lure of seeing a photograph or video, has shown to be very effective for cybercrime.
  • Click-jacking enables cybercriminals to reach a large audience, force users through surveys to reveal private information and collect hits for ad revenue.
  • Fake antivirus accounts for 60% of malware found on domains that include trending keywords, and 50% of malware delivered via "malvertising" is fake antivirus.

Now that you know what you’re up against, what are you expected to do to combat these cybercrime attacks? Short of abandoning your presence online, there is no guarantee that your information will remain safe 100% of the time. However, Blue Coat does provide some takeaways that will help develop strategies that fight against attacks from various perspectives, including:

  • Antivirus alone is not a Web defense in the first hours of a Web attack.
  • Any web-filtering solution should provide feedback in one day to its ratings.
  • Automation is required to continuously analyze existing ratings for accuracy, purpose and reputation.
  • Yesterday’s firewall, antivirus and simple URL filtering are not enough to protect data and resources.

Blue Coat makes a convincing case for a real-time Web defense and for better data governance to protect your information in a malware world. Protecting your data is always a good idea, but you shouldn’t be driven by fear to implement policies.