Report finds enterprises are failing to block malware

Cyber criminals are still able to get malware through enterprise restriction policies

A report from WAN optimisation and security firm Bluecoat has found that enterprises are not restricting access to all types of internet sites used by cyber criminals to distribute malware.

Bluecoat's 2011 Mid-Year Security Report found that although businesses consistently block employee access to sites within the "Pornography, Placeholders, Phishing, Hacking, Online Games and Illegal/Questionable" categories, other types of sites are used by malware distributors.

"Malware hosting is often found within categories, such as Online Storage and Software Downloads, that companies typically allow in acceptable use policies," the report noted.

Given that blocking access to these categories would restrict the use of many sites with genuine business applications, enterprises need additional layers of security to protect against any malware that may unwittingly be downloaded.

The report added: "A single defence layer, such as a firewall or anti-virus software, is insufficient to protect against the dynamic nature of malware and the extensive infrastructure of malware delivery networks.

"Instead, businesses need the real-time protection and intelligence that a cloud-based Web defence can deliver as it quickly expands and adapts to new threats."

Bluecoat's study also analysed how and where internet users are introduced to malware delivery networks. In the first half of 2011, search engine poisoning was the most popular malware vector.

Search engine poisoning is a technique where cyber criminals attempt to get their malicious site at or near the top of search engine rankings. Users commonly place more trust in the topmost rankings, and are less liable to be cautious when visiting such sites.

The report found that in nearly 40 per cent of all malware incidents, search engines were the entry point into malware delivery networks.