Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Easier to Get Infected With Malware on ‘Good Sites’ Than on Shady Sites, Cisco Says

It can be more dangerous to click on an online advertisement than an adult content site these days, Cisco said in its latest version of the yearly security threat report.

It can be more dangerous to click on an online advertisement than an adult content site these days, Cisco said in its latest version of the yearly security threat report.

Popular belief states that security risks increase as the user engages in riskier and shadier behavior online, but that apparently isn’t the case, Cisco found in its 2013 Annual Security report, released Jan. 30. For example, users clicking on online advertisements were 182 times more likely to wind up getting infected with malware than if they’d surfed over to an adult content site, Cisco said.

Cisco LogoThe highest concentration of online security targets do not target pornography, pharmaceutical, or gambling sites as much as they affect legitimate sites such as search engines, online retailers, and social media. Users are more 21 times more likely to get hit with malware from online shopping sites and 27 more times likely with a search engine than if they’d gone to a counterfeit software site, according to Cisco.

The results of the report confirmed that “users aren’t stupid,” Mary Landesman, senior security researcher at Cisco, told SecurityWeek.

There is an overwhelming perception that people get compromised for “going to dumb sites,” Landesman said. “The Web is extremely complex and people are making mistakes, she said.

Many security professionals—and certainly a large community of online users—hold preconceived ideas about where people are most likely to stumble across dangerous web malware,” Cisco’s report (PDF) noted.

Malicious advertisements (malvertising) increased in 2012 from 2011, Landesman said. The most malware-stricken computers in recent memory were in the United States, followed by Russian Federation, Denmark, and Sweden.

Along with the Annual Security Report, Cisco also released the second chapter of its 2012 Cisco Connected World Technology Report, a study that examines people’s attitude towards security and privacy of data.

“Many employees adopt ‘my way’ work lifestyles in which their devices, work and online behavior mix with their personal lives virtually anywhere – in the office, at home and everywhere in between,” Cisco said in the report. Approximately 80 percent of Gen Y workers who are aware of IT policies regarding mobile devices do not obey the rules, Cisco found.

Advertisement. Scroll to continue reading.

There was a spike in malware encounters in Sweden and Denmark.

Despite all the attention-grabbing headlines, mobile malware accounted for barely half a percent of malware in 2012, Cisco said, and that’s even with a 2,577 percent growth in Android-based malware over the past year.

The company also expanded its security portfolio by adding mobile management support to its Identity Services Engine platform.

In a separate announcement, Cisco announced the acquisition of real-time security intelligence firm Cognitive Security. The Czech company offers a machine learning service that analyzes security threats in real-time. Cognitive Security’s technology will eventually be integrated into Cisco’s cloud-based security offering by the end of 2013, the company said.

Related: IE Zero-day Vulnerability Used in ‘Watering Hole’ Attacks 

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.