Websense Issues 2010 Threat Report: Rise of the Data Thieves

Thieves are pretty well-known for their craftiness. Case in point, the just-issued Websense 2010 Threat Report indicates that data thieves are getting more creative, deploying a combination of phishing, phony social networking messages, and compromised websites to make increasingly elaborate efforts to steal personal information. Here’s the scoop.

The findings in the threat report were gathered by special analysis of Websense’s prided ThreatSeeker network, which the company says scans 40 million websites per hour looking for malicious code — not to mention 10 million emails for “unwanted content.” And Websense’s press release says that the conclusion reached is that “cybercriminals and their blended attacks are having a field day taking advantage of security gaps left open by legacy technologies like firewalls, antivirus, and simple URL blockers.”

Here are some of those key statistics they found, taken directly from Websense’s press release:

• 111.4 percent increase in the number of malicious websites from 2009 to 2010
• 79.9 percent of websites with malicious code were legitimate sites that have been compromised
• 52 percent of data-stealing attacks were conducted over the Web
• 34 percent of malicious Web/HTTP attacks included data-stealing code
• 89.9 percent of all unwanted emails in circulation during this period contained links to spam sites and/or malicious websites
• The United States and China continued to be the top two countries hosting crimeware and receiving stolen data during 2010; the Netherlands has found its way into the top five
• Searching for breaking news represented a higher risk (22.4 percent) than searching for objectionable content (21.8 percent)
• 23 percent of real-time search results on entertainment lead to a malicious link
• 40 percent of all Facebook status updates have links and 10 percent of those links are either spam or malicious

Takeaways from that list include a trend towards politically-motivated cybercrime and savvy scammers who get people to click on bogus breaking news stories on their social media profiles. It’s a scary Internet out there, and an MSP in the know has plenty of opportunity to upsell security services to clients who probably aren’t as worried as they should be.

The press release concludes with a call to arms. Enterprises are putting themselves at harm with “scattershot” security measures that leave them open to these kinds of attacks. Instead, Websense calls on IT pros to migrate to a unified security architecture (like theirs, of course) that leaves no stone unturned when it comes to rooting out evil.

Sign up for MSPmentor’s Weekly Enewsletter, Webcasts and Resource Center. Follow us via RSS, Facebook, Identi.ca and Twitter. Check out more MSP voices at www.MSPtweet.com. Read our editorial disclosure here.