{"id":5978,"date":"2012-06-19T20:30:33","date_gmt":"2012-06-20T00:30:33","guid":{"rendered":"http:\/\/rbach.net\/blog\/?p=5978"},"modified":"2022-09-15T13:59:21","modified_gmt":"2022-09-15T17:59:21","slug":"attackers-attack-emerging-technologies","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/attackers-attack-emerging-technologies\/","title":{"rendered":"Attackers Attack Emerging Technologies"},"content":{"rendered":"<p><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-103006\" title=\"Attackers Attack Emerging Technologies\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/laptop_user-e1567548320687-150x63.jpg?resize=110%2C49&#038;ssl=1\" alt=\"\" width=\"110\" height=\"49\" \/><a title=\"www.net-security.org\" href=\"https:\/\/www.helpnetsecurity.com\/\" target=\"_blank\" rel=\"noopener noreferrer\"><em>Help Net Security<\/em><\/a> reports that attackers continue to focus on social engineering attacks and circumventing legacy enterprise security systems according to a recent report by\u00a0<a title=\"Zscaler\" href=\"https:\/\/www.zscaler.com\/\" target=\"_blank\" rel=\"homepage noopener noreferrer\">Zscaler<\/a>. The\u00a0<a title=\"Sunnyvale, California\" href=\"http:\/\/maps.google.com\/maps?ll=37.3719444444,-122.026111111&amp;spn=0.1,0.1&amp;q=37.3719444444,-122.026111111%20%28Sunnyvale%2C%20California%29&amp;t=h\" target=\"_blank\" rel=\"geolocation noopener noreferrer\">Sunnyvale, CA<\/a>-based firm reported shifts in the sources of enterprise web traffic, and that some popular sites attempt to improve user security. Here are some of the top findings detailed in the report:<\/p>\n<ul>\n<li>Local apps are generating more direct <a title=\"Hypertext Transfer Protocol\" href=\"http:\/\/en.wikipedia.org\/wiki\/Hypertext_Transfer_Protocol\" target=\"_blank\" rel=\"noopener wikipedia noreferrer\">HTTP<\/a> and <a title=\"HTTP Secure\" href=\"http:\/\/en.wikipedia.org\/wiki\/HTTP_Secure\" target=\"_blank\" rel=\"noopener wikipedia noreferrer\">HTTPS<\/a> traffic<\/li>\n<li>Not all web traffic comes from browsers, and as this traffic shifts, <a title=\"Web threat\" href=\"http:\/\/en.wikipedia.org\/wiki\/Web_threat\" target=\"_blank\" rel=\"noopener wikipedia noreferrer\">web threats<\/a> have a new attack vector<\/li>\n<li><a title=\"Internet Explorer\" href=\"http:\/\/support.microsoft.com\/lifecycle\/search\/default.aspx?sort=PN&amp;alpha=Internet+Explorer&amp;Filter=FilterNO&#96;\" target=\"_blank\" rel=\"homepage noopener noreferrer\">Internet Explorer<\/a> 6 is on the decline in the enterprise. While this mitigates the security risks of the old browser platform, it could lead to a shift in attacks.<\/li>\n<li><a title=\"Google\" href=\"https:\/\/www.google.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Google<\/a> (<a title=\"NASDAQ : GOOG\" href=\"https:\/\/www.tradingview.com\/symbols\/NASDAQ-GOOG\/\" target=\"_blank\" rel=\"noopener noreferrer\">GOOG<\/a>)\u00a0is actively attempting to thwart search engine optimization (SEO) spam and <a title=\"Rogue security software\" href=\"http:\/\/en.wikipedia.org\/wiki\/Rogue_security_software\" target=\"_blank\" rel=\"noopener wikipedia noreferrer\">fake AV<\/a> attacks, the topmost Internet threats today. However, most users remain exposed to these threats.<\/li>\n<li>More sites, like\u00a0<a title=\"Facebook\" href=\"https:\/\/www.facebook.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Facebook<\/a> (<a title=\"NASDAQ : FB\" href=\"https:\/\/www.tradingview.com\/symbols\/NASDAQ-FB\/\" target=\"_blank\" rel=\"noopener noreferrer\">FB<\/a>) and <a title=\"Gmail\" href=\"https:\/\/www.gmail.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Gmail<\/a>, are moving to HTTPS delivery. This is good for preventing <a title=\"Session hijacking\" href=\"http:\/\/en.wikipedia.org\/wiki\/Session_hijacking\" target=\"_blank\" rel=\"noopener wikipedia noreferrer\">sidejacking<\/a>, but it allows savvy attackers a way to bypass traditional network-based security controls like IDS\/IPS, which cannot decrypt traffic for inspection.<\/li>\n<\/ul>\n<p><a href=\"http:\/\/scribbles-notes.blogspot.com\/2011\/11\/invasion-of-internet-of-things.html\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-103009\" title=\"Internet of Things\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/Internet-of-things1-2.jpg?resize=126%2C110&#038;ssl=1\" alt=\"Internet of Things\" width=\"126\" height=\"110\" \/><\/a>&#8220;Attackers know the limits of traditional security solutions,&#8221; says <a title=\"Michael Sutton\" href=\"https:\/\/www.zscaler.com\/leadership.html\" target=\"_blank\" rel=\"noopener wikipedia noreferrer\">Michael Sutton<\/a>, VP of Security Research at Zscaler. &#8220;But they are also very good at taking advantage of emerging technologies and new vectors for attack. Standalone user applications, social engineering attacks, and the move to HTTPS all have the potential to introduce new threats. Now more than ever, enterprise security solutions must inspect traffic in real-time, all the time, regardless of source, to provide true protection.&#8221;<\/p>\n<p><strong><em>RB-<\/em><\/strong><\/p>\n<p><em>I have covered IOT for a while <a title=\"rbach.net\" href=\"https:\/\/wp.me\/p2wgaW-1h4\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a> and <a title=\"rbach.net\" href=\"https:\/\/wp.me\/p2wgaW-2N1\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>. I wrote about the big sites moving to HTTPS a while ago <a title=\"rbach.net\" href=\"https:\/\/wp.me\/p2wgaW-13w\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a> and even wrote about <a title=\"www.eff.org\" href=\"https:\/\/www.eff.org\/https-everywhere\" target=\"_blank\" rel=\"noopener noreferrer\">HTTPS Everywhere<\/a> <a title=\"rbach.net\" href=\"https:\/\/wp.me\/p2wgaW-182\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>. And I am sure I don&#8217;t cost as much as an engagement with these firms.<\/em><\/p>\n<h6>Related articles<\/h6>\n<ul>\n<li><a href=\"https:\/\/web.archive.org\/web\/20120215205246\/http:\/\/www.allfacebook.com:80\/zscaler-threatlabz-takes-on-facebook-likejacking-2011-09\" target=\"_blank\" rel=\"noopener noreferrer\">Zscaler ThreatLabZ Tackles Facebook Likejacking<\/a> (allfacebook.com)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><em><a title=\"Ralph Bach\" href=\"https:\/\/rbach.net\/index.php\/new-resume\/\" target=\"_blank\" rel=\"noopener noreferrer\">Ralph Bach<\/a>\u00a0has been in IT long enough to know better and has blogged from his\u00a0<a title=\"Bach Seat\" href=\"https:\/\/rbach.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bach Seat<\/a> about IT, careers, and anything else that catches his attention since 2005. You can follow him on <a class=\"broken_link\" href=\"http:\/\/www.linkedin.com\/in\/rb48334\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">LinkedIn<\/a>,\u00a0<a href=\"https:\/\/www.facebook.com\/ralph.bach.14\" target=\"_blank\" rel=\"noopener noreferrer\">Facebook<\/a>,\u00a0and\u00a0<a href=\"https:\/\/twitter.com\/rbach48334\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>. Email the Bach Seat\u00a0<a href=\"mailto:\/\/bach.seat@gmail.com\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Zscaler says attack still focus on social engineering and bypassing security systems despite shifts in sources of enterprise web traffic and use of HTTPS by some popular sites<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[2197,1768,891,104,1096,536,92,286,970,832,944,82,421,4,890],"class_list":["post-5978","post","type-post","status-publish","format-standard","hentry","category-security","tag-2197","tag-controls","tag-emerging-technologies","tag-facebook","tag-fb","tag-goog","tag-google","tag-https","tag-internet-explorer","tag-internet-of-things","tag-iot","tag-microsoft","tag-msft","tag-security","tag-zscaler"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/5978","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/comments?post=5978"}],"version-history":[{"count":15,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/5978\/revisions"}],"predecessor-version":[{"id":131367,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/5978\/revisions\/131367"}],"wp:attachment":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/media?parent=5978"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/categories?post=5978"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/tags?post=5978"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}