|
User trust targeted attacks on the rise – Websense
|
Websense, Inc. has said that its Websense Security Labs identified 13.7 percent of searches for trending news/buzz words as defined by Yahoo! Buzz & Google Trends led to malware. It said search engine optimization poisoning attacks target the top searches enabling hackers to drive traffic to their sites. These and other findings were revealed as part of its bi-annual research report “Websense Security Labs, State of Internet Security, Q3-Q4 2009”.
In contrast to the first half of the year where mass injection attacks like Gumblar, Beladen and Nine Ball promoted a sharp rise in the number of malicious Web sites, Websense said it saw a 3.3 percent decline in the growth of the number of Web sites compromised. Malware authors have replaced their traditional scattergun approach with focused efforts on Web 2.0 properties, Websense said, with higher traffic and multiple pages. Overall, comparing the second half of 2009 with the same period in 2008, there has been an average growth of 225 percent in malicious web sites.
Websense Chief Technology Officer Dan Hubbard said "Malicious hackers are really focusing their efforts to ensure they're driving their victims straight to them. By poisoning search results and focusing on Web 2.0 sites, their efforts are often more efficient and effective. The blended nature of today's threats combined with compromised legitimate sites, takes full advantage of an increased perception of trust when using search engines and interacting with friends or acquaintances online."
Malware authors continue to capitalize on Web site reputation and exploiting user trust with the second half of 2009 revealing 71 percent of Web sites with malicious code are legitimate sites that have been compromised. Web 2.0 sites allowing user-generated content are a top target for cybercriminals and spammers. Websense said its Defensio technology allowed it to identify 95 percent of user-generated comments to blogs, chat rooms and message boards AS spam or malicious. It also found that 35 percent of malicious Web attacks included data-stealing code, demonstrating that attackers are after essential information and data.
The web continues to be the most popular vector for data-stealing attacks, with the second half of 2009 notching up 58 percent of data-stealing attacks conducted over the web according to Websense research. Tens of thousands of Hotmail, Gmail and Yahoo! email accounts were hacked and passwords stolen and posted online, which resulted in a marked increase in the number of spam emails. Websense Security Labs identified 85.8 percent of all emails as spam, and said that the second half of the year saw 81 percent of emails contain a malicious link. |
