More malicious Websites were spotted in 2012, and most of them weren’t found in the seedier parts of the Internet, according to a recently released report from Websense.
Nearly 85 percent of malicious Web links last year were found on legitimate hosts that had been compromised, compared to 82 percent in 2011, Websense said Tuesday in its 2013 Threat Report. Websense also found a 600 percent increase malicious websites in 2012 over 2011 levels. Organizations faced an average of 1,719 attacks for every 1,000 users every week, Websense found.
There were over 100 million unique Web-based attacks in 2012, Charles Renert, vice-president of research and development for Websense Labs, told SecurityWeek. The unique attacks were detected and separately classified so “none of them were like any others,” he said. While a particular type of malware may be used to compromise thousands of Websites, in the Websense report, those thousands of sites were counted as one incident, because they were all the same malware, he said.
Cyber-criminals are finding it more valuable to compromise computers in the enterprise by targeting IT-related sites, such as vendor websites, blogs, and news sites. Websites categorized as “Information technology” and “business and economy” were the top two most targeted sites for malicious code infection and malware, Websense found. Criminals continue to be financially motivated and will steal whatever supports their business model, Renert said.
While companies have no problem deploying Web filtering rules to block access to adult content and gambling sites, they are less willing to apply rules that may limit productivity, leaving the area open for attackers.
The report from Websense echoes findings from a Cisco’s 2013 Annual Security Report released Jan. 30, which found that it can be more dangerous to click on an online advertisement than visit adult content site, nullifying the common belief that security risks increase as a user engages in riskier and “shadier” behavior online.
Attackers are focused on just bypassing existing controls in organizations. Port 80, or Web traffic is open on all firewalls, compromising a legitimate site gets the attacker into the network. Only 7.7 percent of malware interacted with the system registry, which bypasses many of the behavioral detection and antivirus systems, Websense found.
Targeted attacks don’t have to be “blindly sophisticated in order to work,” Renert said, adding that attackers are creative and flexible.
Half of Web-based malware downloaded additional malware in the first 60 seconds of the compromise, Websense found in its report.
It turns out that only one if five emails sent worldwide is actually a legitimate piece of communication, Renert said. Companies generally are very effective at blocking out junk and malicious messages from user Inboxes, which is why many users don’t realize that 76 percent of total mail volume is spam.
About 32 percent of malicious links sent over social media used URL shorteners such as bit.ly and others, making it harder for users to detect whether or not the link was pointing to a malicious site. It’s important to remember that with so many legitimate sites are being compromised, as noted by Websense, verifying that the domain looks authentic doesn’t really keep users safe, either.
“While it is useful to talk about these super-advanced threats, they are the exceptions, rather than the norm,” Renert said.