Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Most Malware-Laden Links Came From Legitimate Sites in 2012

More malicious Websites were spotted in 2012, and most of them weren’t found in the seedier parts of the Internet, according to a recently released report from Websense.

More malicious Websites were spotted in 2012, and most of them weren’t found in the seedier parts of the Internet, according to a recently released report from Websense.

Nearly 85 percent of malicious Web links last year were found on legitimate hosts that had been compromised, compared to 82 percent in 2011, Websense said Tuesday in its 2013 Threat Report. Websense also found a 600 percent increase malicious websites in 2012 over 2011 levels. Organizations faced an average of 1,719 attacks for every 1,000 users every week, Websense found.

There were over 100 million unique Web-based attacks in 2012, Charles Renert, vice-president of research and development for Websense Labs, told SecurityWeek. The unique attacks were detected and separately classified so “none of them were like any others,” he said. While a particular type of malware may be used to compromise thousands of Websites, in the Websense report, those thousands of sites were counted as one incident, because they were all the same malware, he said.

Web Based Attacks “The headline statistic is that there were nearly six times increase in Web-based attacks,” Renert said.

Cyber-criminals are finding it more valuable to compromise computers in the enterprise by targeting IT-related sites, such as vendor websites, blogs, and news sites. Websites categorized as “Information technology” and “business and economy” were the top two most targeted sites for malicious code infection and malware, Websense found. Criminals continue to be financially motivated and will steal whatever supports their business model, Renert said.

While companies have no problem deploying Web filtering rules to block access to adult content and gambling sites, they are less willing to apply rules that may limit productivity, leaving the area open for attackers.

The report from Websense echoes findings from a Cisco’s 2013 Annual Security Report released Jan. 30, which found that it can be more dangerous to click on an online advertisement than visit adult content site, nullifying the common belief that security risks increase as a user engages in riskier and “shadier” behavior online.

Attackers are focused on just bypassing existing controls in organizations. Port 80, or Web traffic is open on all firewalls, compromising a legitimate site gets the attacker into the network. Only 7.7 percent of malware interacted with the system registry, which bypasses many of the behavioral detection and antivirus systems, Websense found.

Targeted attacks don’t have to be “blindly sophisticated in order to work,” Renert said, adding that attackers are creative and flexible.

Half of Web-based malware downloaded additional malware in the first 60 seconds of the compromise, Websense found in its report.

It turns out that only one if five emails sent worldwide is actually a legitimate piece of communication, Renert said. Companies generally are very effective at blocking out junk and malicious messages from user Inboxes, which is why many users don’t realize that 76 percent of total mail volume is spam.

About 32 percent of malicious links sent over social media used URL shorteners such as bit.ly and others, making it harder for users to detect whether or not the link was pointing to a malicious site. It’s important to remember that with so many legitimate sites are being compromised, as noted by Websense, verifying that the domain looks authentic doesn’t really keep users safe, either.

“While it is useful to talk about these super-advanced threats, they are the exceptions, rather than the norm,” Renert said.

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...