Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Easier to Get Infected With Malware on ‘Good Sites’ Than on Shady Sites, Cisco Says

It can be more dangerous to click on an online advertisement than an adult content site these days, Cisco said in its latest version of the yearly security threat report.

It can be more dangerous to click on an online advertisement than an adult content site these days, Cisco said in its latest version of the yearly security threat report.

Popular belief states that security risks increase as the user engages in riskier and shadier behavior online, but that apparently isn’t the case, Cisco found in its 2013 Annual Security report, released Jan. 30. For example, users clicking on online advertisements were 182 times more likely to wind up getting infected with malware than if they’d surfed over to an adult content site, Cisco said.

Cisco LogoThe highest concentration of online security targets do not target pornography, pharmaceutical, or gambling sites as much as they affect legitimate sites such as search engines, online retailers, and social media. Users are more 21 times more likely to get hit with malware from online shopping sites and 27 more times likely with a search engine than if they’d gone to a counterfeit software site, according to Cisco.

The results of the report confirmed that “users aren’t stupid,” Mary Landesman, senior security researcher at Cisco, told SecurityWeek.

There is an overwhelming perception that people get compromised for “going to dumb sites,” Landesman said. “The Web is extremely complex and people are making mistakes, she said.

Many security professionals—and certainly a large community of online users—hold preconceived ideas about where people are most likely to stumble across dangerous web malware,” Cisco’s report (PDF) noted.

Malicious advertisements (malvertising) increased in 2012 from 2011, Landesman said. The most malware-stricken computers in recent memory were in the United States, followed by Russian Federation, Denmark, and Sweden.

Along with the Annual Security Report, Cisco also released the second chapter of its 2012 Cisco Connected World Technology Report, a study that examines people’s attitude towards security and privacy of data.

“Many employees adopt ‘my way’ work lifestyles in which their devices, work and online behavior mix with their personal lives virtually anywhere – in the office, at home and everywhere in between,” Cisco said in the report. Approximately 80 percent of Gen Y workers who are aware of IT policies regarding mobile devices do not obey the rules, Cisco found.

Advertisement. Scroll to continue reading.

There was a spike in malware encounters in Sweden and Denmark.

Despite all the attention-grabbing headlines, mobile malware accounted for barely half a percent of malware in 2012, Cisco said, and that’s even with a 2,577 percent growth in Android-based malware over the past year.

The company also expanded its security portfolio by adding mobile management support to its Identity Services Engine platform.

In a separate announcement, Cisco announced the acquisition of real-time security intelligence firm Cognitive Security. The Czech company offers a machine learning service that analyzes security threats in real-time. Cognitive Security’s technology will eventually be integrated into Cisco’s cloud-based security offering by the end of 2013, the company said.

Related: IE Zero-day Vulnerability Used in ‘Watering Hole’ Attacks 

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jared Bartel has been named CISO at Idaho State University.

Automated phishing protection and scam prevention company Bolster has appointed Rod Schultz as CEO.

Bugcrowd has appointed Trey Ford as CISO for the Americas.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.