Threat Reports Show Web 2.0 Attacks on the Rise
Threat Reports Show Web 2.0 Attacks on the Rise
January 23, 2008: Threat reports from the security firm’s Websense and Sophos have shown a marked increase in Web 2.0 attacks which has lead to compromised websites outnumbering purposefully created malicious sites for the first time.
Purposefully created malicious sites have been around for a long time and are a more traditional form of attack than compromising legitimate websites. The push to educate end users in the dangers of malicious sites has lead to the need to compromise legitimate websites because users are getting smarter, it’s become harder to fool a large number of corporate employees and so legitimate websites are being targeted.
Compromised websites are notorious for keeping server administrators up at night because not only do you risk infecting customers and stakeholders who visit your site, but you also risk massive brand and reputation damage should it be revealed that your legitimate site was compromised. Websense’s report has shown that the number of compromised legitimate sites has risen to the point where they now outnumber the purposefully created fake websites for the first time.
“More and more, attackers are compromising legitimate Web sites to infect visitors with information-stealing code or to add users’ machines to botnets,” said Dan Hubbard, vice president of security research, Websense. “Additionally, they are increasing the sophistication of their attack methods and building resilient infrastructures as we saw with the Storm worm attacks last year. We believe that attackers will continue to be creative and leverage Web 2.0 applications and user-generated content to create even bigger security concerns for organisations. With this in mind, organisations need to ensure their Web, messaging and data security solutions can protect the avenues hackers seek to exploit for financial gain.”
The Websense report shows a significant rise in Web 2.0 attacks in the second half of 2007, which were carried out through compromised social network websites like Myspace and Facebook and specifically targeted Trojans. This follows a general trend by malicious users attempting to use trusted sites to redirect users to compromised or illegitimate websites in order to infect their computer or steal personal information.
Mac users targeted for the first time
Sophos’ threat report has shown that Apple Macintosh users have been targeted by financially-motivated malware for the first time. While there’s long been a perennial sneer in most Mac users attitude towards Window users and the pile of threats they face, it was only a matter of time before the scope of threats migrated across to the fruit themed hardware.
"No-one should underestimate the significance of financially-motivatedmalware arriving for Apple Macs at the end of 2007. Although Macs have a long way to go in the popularity stakes before they overtake PCs,particularly in the workplace, their increased attractiveness toconsumers has proven irresistible to some criminal cybergangs," saidGraham Cluley, senior technology consultant at Sophos.
When you consider that Sophos are discovering more then 6,000 infected websites every day, a staggering one every 14 seconds. Of this number, over 83% belong to innocent individuals and companies who aren’t aware that their website has been compromised. Whether or not this will translate into high infection levels for Mac users will be governed by end user decisions.
"Mac users have for years prided themselves on making smarter decisions than their PC cousins - well, now's the chance to prove it. The Mac malware problem is currently tiny compared to the Windows one, so if enough Apple Mac usersresist clicking on unsolicited weblinks or downloading unknown code fromthe web then there's a chance they could send a clear message to thehackers that it's not financially rewarding to target Macs."
Where’s the infection coming from?
One of the interesting revelations in the Sophos report is the extent to which certain countries have been infected. Back in 2006 China only had 30% of the world’s malware hosted within its boundaries, falling far behind the USA who were guilty of hosting the lions share of the world’s malware. Last year saw this situation reverse with China taking a huge leap into having more then half of the world’s malware hosted there.
Sophos’ top ten list of malware-hosting countries in 2007:
- China 51.4%
- United States 23.4%
- Russia 9.6%
- Ukraine 3.0%
- Germany 2.3%
- Poland 0.9%
- United Kingdom 0.7%
- France 0.7%
- Canada 0.7%
- Netherlands 0.7%
"We would like to see China making less of an impact on the charts inthe coming year. Chinese computers, whether knowingly or not, are making a disturbingly large contribution to the problems of viruses and spam affecting all of us today," explained Cluley.