Zscaler Releases Q2 2010 “State of the Web” Report

Zscaler today released its Q2 2010 State of the Web report. The report details the enterprise threat landscape and the variety of web based issues plaguing internet users. It details how attackers are staying one step ahead of the game and enterprises are struggling to keep up.

Here are some of the top findings detailed in the latest Zscaler State of the Web report:

• Attackers were quick to leverage the biggest news stories of the quarter, including the World Cup and release of the iPad, in a variety of attacks
• China has surged to a #2 ranking, up from #5 in Q1, when looking at countries hosting the most malicious sites
• While corporate use of Internet Explorer 6 continues to decline, 1 in 5 employees continue to use the now nine-year-old web browser, despite the continued emergence of 0day threats and a lack of modern security features
• Use of Facebook’s ‘Like’ buttons is also gaining popularity among attackers who are using the feature within the app and on other sites to promote malicious web sites
• Twitter follower scams – sites set up to trick users into providing their Twitter credentials in exchange for more followers—continue to thrive
• Wikileaks, the now infamous site known for publishing confidential documents related to the Afghan war, was a popular destination for employees, with traffic to the site spiking as various news stories of the leaks broke
• Research into the top IP addresses hosting malicious content reveals just how frequently attackers relocate malicious content to avoid detection
• Mass web based attacks are becoming increasingly common with misconfigured web applications permitting SQL injection and unpatched WordPress sites also being popular targets

"Attackers continue to target end users in the hopes of obtaining valuable data or to compromise machines to build botnet armies," according to Michael Sutton, VP of Security Research at Zscaler. "While the goals have not changed, the techniques continue to evolve." He continued: “It is clear that security vendors must be able to quickly adapt and inspect web based content on-the-fly in order to identify and secure against emerging threats in this continually evolving environment.”

As a Security as a Services (SaaS) vendor with a global network of enforcement nodes, Zscaler encounters a multitude of attacks each and every day. The company’s NanoLog technology, which is game changing in its ability to minimize logs exponentially without losing data, enables real-time reporting at the transaction level, giving Zscaler’s research team an edge in drilling down on or identifying new threats. The new report summarizes the threat activity over the course of the quarter and identifies emerging attack trends.