News Vulnerability Management

Legitimate Sites Are Most Likely To Serve Up Malware, Cisco Study Says

Tim Wilson

See more from Tim

Connect directly with Tim: Bio | Contact

About a third of all malware is encountered in the U.S., Cisco annual security study finds

Tim Wilson January 31, 2013

Legitimate sites and advertisements on the Web are much more likely to deliver malware than "shady" sites, according to a new study released Wednesday.

According to the Cisco 2013 Annual Security Report, the highest concentration of online security sites does not come from "risky" sites, such as pornography, pharmaceutical, or gambling sites, but from everyday sites.

More Security Insights

White Papers

More >>

Reports

More >>

Webcasts

More >>

"In fact, Cisco found that online shopping sites are 21 times as likely, and search engines are 27 times as likely, to deliver malicious content than a counterfeit software site," the study says. "Online advertisements are 182 as times likely to deliver malicious content than pornography."

The U.S. retains the top spot among countries where the most malware is encountered, accounting for a third of all malware, the study says. Russia was in the No. 2 spot with almost 10 percent; China dropped to less than 6 percent.

Android malware encounters grew 2,577 percent during 2012, according to the study. However, mobile malware represents only 0.5 percent of total Web malware encounters across the globe.

The study indicates that attitudes about online security and privacy are changing as young adults -- Generation Y -- become more prevalent in the workplace.

"Most Generation Y employees believe the age of privacy is over (91%), but one third say that they are not worried about all the data that is stored and captured about them," the study says. "They are willing to sacrifice personal information for socialization online. In fact, more Generation Y workers globally said they feel more comfortable sharing personal information with retail sites than with their own employers' IT departments – departments that are paid to protect employee identities and devices."

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Tim Wilson

See more from Tim

Connect directly with Tim: Bio | Contact

Dark Reading Discussions

Start the Discussion

To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.

Follow Dark Reading

Dark Reading Reports

How Attackers Choose Which Vulnerabilities To Exploit

In the increasingly complex world of information security, it's important for security professionals to be able to understand not only how their organization's systems and data may be compromised but why. In this Dark Reading report we examine why certain vulnerabilities are exploited, by whom and with what. We also provide recommendations for getting out infront of hackers by using some of the same tools and strategies they do.
Assessing Risk and Prioritizing Vulnerability Remediation

Vulnerability remediation is a never-ending process, but, even so, security pros can't plug every hole in every asset and application. The key is to determine which vulnerabilities are most likely to be exploited and the effects such exploits would have on the business. To do this, security pros must know the business and its technology usage and needs intimately, a process that must involve stakeholders across the organization. In this report we recommend the steps that should be taken to determine the risk of vulnerabilities and the lengths to which remediation can and should go.
Finding Vulnerabilities By Attacking Your Own Environment

Vulnerability scans are valuable, but you have to think and act like a hacker if you want to truly understand the ways in which your organization could be compromised. In this report, Dark Reading recommends the tools and methodologies that can be used to test your organization's security.

Other reports from the Vulnerability Management Tech Center:

Related Content

Sponsored by

Mobile Devices Drive Majority of Endpoint Security Concerns

The results of the 2013 State of the Endpoint study tracked endpoint risk in organizations, the resources to address the risk and the technologies deployed to manage threats. This study reveals that the state of endpoint risk is not improving and one of the top concerns is the proliferation of personally owned mobile devices in the workplace such as smart phones and iPads. Download "Mobile Devices Drive Majority of Endpoint Security Concerns" to review some of the most noteworthy survey findings, address the difficulties in managing the endpoint risk, and review recommendations to make improvements.
IT Pros Guide to Data Protection: Top 5 Tips to Securing Data in the Modern Organization

Ready your organization for more robust data protection measures by first implementing these five steps to improve data security in a business- and cost-effective manner.
Best Practice Guide to Addressing Web 2.0 Risks

With the rise of user-generated content, social networks and readily available information offered by the Web 2.0-enabled workplace, users are more connected to people and ideas than ever before. This new level of connectivity also introduces significant risk. Organizations need to find the proper balance of risk vs. productivity through improved policy, controls and education of users.
Closing the Antivirus Protection Gap: A Comparative Study on Effective Endpoint Protection Strategies

Corporate economic concerns have put increased pressure on already limited IT resources in recent years as the onslaught of malware and sophistication of cyber attacks continues to grow at exponential rates. As a result, 50% of endpoint operating costs are directly attributable to malware,1 yet, corporate IT budgets are still focused on maintaining stand alone antivirus as the keystone in endpoint security. In this paper, we will benchmark the effectiveness of standalone AV and O/S resident patching solution versus newer technologies and a defense-in-depth of approach of layering multiple endpoint security and operational technologies together.
Lumension Guide to Device Control Best Practices

USB flash drives and other removable storage devices continue to proliferate throughout organizations. This could result in the loss or theft of your sensitive corporate and customer data, or in the propagation of malware like Stuxnet. Fortunately, powerful data protection tools are now available to help mitigate these risks, while still enabling flexible and managed use of these productivity devices. Learn about the best practices for deploying device control within your environment. Walk away with the recommended process to successfully prepare, enforce and manage the use of removable devices and media, and to protect your sensitive data.

Free Research and Reports

What's this?From the Editors of DarkReading

More >>

Box Icon

Whitepapers

What's this?

More >>

Box Icon

Dark Reading Digital Magazine

Back Issues

In This Issue

How Hackers Fool Your Employees: People are your most vulnerable endpoint. Make sure your security strategy addresses that fact.
Not All Or Nothing: Effective security doesn't mean stopping all attackers.

Download Now

First Name*:
Last Name*:
Email Address*:
Job Title:
Company/Organization/Gov't Dept.:
*Required field
Privacy Statement

Security

Protect The Business - Enable Access

News Vulnerability Management

Legitimate Sites Are Most Likely To Serve Up Malware, Cisco Study Says

About a third of all malware is encountered in the U.S., Cisco annual security study finds

More Security Insights

White Papers

Reports

Webcasts

Related Reading

Dark Reading Discussions

Start the Discussion

Follow Dark Reading

Dark Reading Reports

How Attackers Choose Which Vulnerabilities To Exploit

Assessing Risk and Prioritizing Vulnerability Remediation

Finding Vulnerabilities By Attacking Your Own Environment

Sign up for the Dark Reading Daily email newsletter

Free Research and Reports

Whitepapers

Upcoming Events

Dark Reading Digital Magazine

In This Issue

News Vulnerability Management

Legitimate Sites Are Most Likely To Serve Up Malware, Cisco Study Says

About a third of all malware is encountered in the U.S., Cisco annual security study finds

More Security Insights

White Papers

Reports

Webcasts

Related Reading

Dark Reading Discussions

Start the Discussion

Follow Dark Reading

Dark Reading Reports

Related Content

Dark Reading Newsletter

Sign up for the Dark Reading Daily email newsletter

Free Research and Reports

Whitepapers

Upcoming Events

Dark Reading Digital Magazine

In This Issue