Websense report exposes hacker attacks on popular websites

The report displays a change in trend, with hackers focussing their attacks on webpages with high traffic rather than targeting a mass amount of websites.

Websense senior security research manager Carl Leonard says: “We have seen that the cyber criminals are going to highly trafficked websites to reach a greater audience. As long as the security solutions in place are able to keep up with rapid changes and analyse date in real time the end user is able to navigate these sites safely”.

The findings also revealed that 71% of websites with malicious code are legitimate sites that have been compromised. Thirty-five percent of malware infected sites contained data-stealing code, which can be used to obtain web user’s personal information including bank details.

Leonard says: “A large percentage of attacks are trying to get hold of intellectual property. End Users can protect themselves by ensuring they have security solutions in place. One of the things users can do is become familiar with the types of scams that are occurring through email.”

Hackers are using search engine optimisation attacks to make malicious links appear higher up in search results, making them seem more significant, as this increases traffic to malware infected pages. The Websense report also suggests that hackers are utilising search engine buzzwords to take advantage of web users. Roughly thirteen percent of searches relating to trending news and buzzwords lead to malware.

Leonard Commented: “If you want to find a website you might conduct a simple search for something and these would be manipulated to lead to malicious links.”

Criminals are not only using the web to target users, they are also using email. Websense found that 81% of emails during the second half of the year contained a malicious link.

It has also been revealed that the time it takes for anti-virus experts to create solutions for viruses has more than doubled. The average time it took for a patch to be created 6 months ago was 22 hours, now it takes 46 hours - almost two whole days.
 

What’s Hot on Infosecurity Magazine?