Security Experts:

Easier to Get Infected With Malware on 'Good Sites' Than on Shady Sites, Cisco Says

It can be more dangerous to click on an online advertisement than an adult content site these days, Cisco said in its latest version of the yearly security threat report.

Popular belief states that security risks increase as the user engages in riskier and shadier behavior online, but that apparently isn't the case, Cisco found in its 2013 Annual Security report, released Jan. 30. For example, users clicking on online advertisements were 182 times more likely to wind up getting infected with malware than if they'd surfed over to an adult content site, Cisco said.

Cisco LogoThe highest concentration of online security targets do not target pornography, pharmaceutical, or gambling sites as much as they affect legitimate sites such as search engines, online retailers, and social media. Users are more 21 times more likely to get hit with malware from online shopping sites and 27 more times likely with a search engine than if they'd gone to a counterfeit software site, according to Cisco.

The results of the report confirmed that "users aren't stupid," Mary Landesman, senior security researcher at Cisco, told SecurityWeek.

There is an overwhelming perception that people get compromised for "going to dumb sites," Landesman said. "The Web is extremely complex and people are making mistakes, she said.

"Many security professionals—and certainly a large community of online users—hold preconceived ideas about where people are most likely to stumble across dangerous web malware," Cisco's report (PDF) noted.

Malicious advertisements (malvertising) increased in 2012 from 2011, Landesman said. The most malware-stricken computers in recent memory were in the United States, followed by Russian Federation, Denmark, and Sweden.

Along with the Annual Security Report, Cisco also released the second chapter of its 2012 Cisco Connected World Technology Report, a study that examines people's attitude towards security and privacy of data.

"Many employees adopt 'my way' work lifestyles in which their devices, work and online behavior mix with their personal lives virtually anywhere – in the office, at home and everywhere in between," Cisco said in the report. Approximately 80 percent of Gen Y workers who are aware of IT policies regarding mobile devices do not obey the rules, Cisco found.

There was a spike in malware encounters in Sweden and Denmark.

Despite all the attention-grabbing headlines, mobile malware accounted for barely half a percent of malware in 2012, Cisco said, and that's even with a 2,577 percent growth in Android-based malware over the past year.

The company also expanded its security portfolio by adding mobile management support to its Identity Services Engine platform.

In a separate announcement, Cisco announced the acquisition of real-time security intelligence firm Cognitive Security. The Czech company offers a machine learning service that analyzes security threats in real-time. Cognitive Security's technology will eventually be integrated into Cisco's cloud-based security offering by the end of 2013, the company said.

Related: IE Zero-day Vulnerability Used in 'Watering Hole' Attacks 

view counter
Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.