Trusted Web Site? Not So FastTrusted Web Site? Not So Fast
It's not been a great year for Web security, so far. First we learn that <a href="http://www.informationweek.com/showArticle.jhtml;jsessionid=K2W1RSXSTB1REQSNDLRSKH0CJUNN2JVN?articleID=205900444&queryText=hacker-safe">HackerSafe</a> isn't so hacker safe, after all. Then we find out that hackers have found a way to automatically redirect most home routers to wherever they <a href="http://informationweek.com/blog/main/archives/2008/01/driveby_pharmin.html;jsessionid=K2W1RSXSTB1REQSNDLRSKH0CJUNN2JV
January 23, 2008
It's not been a great year for Web security, so far. First we learn that HackerSafe isn't so hacker safe, after all. Then we find out that hackers have found a way to automatically redirect most home routers to wherever they wish. And now it seems that so-called legitimate Web sites may not be so "legitimate" (or at least safe) after all.It's apparently so easy to infect existing Web sites that there's decreasing need for criminals to set up shill sites. At least that's the takeaway from a recent report published by security vendor Websense, which attempts to examine security trends for the second half of last year.
In fact, 51% of Web sites infected with malicious code are actually legitimate, but compromised, Web sites. This is actually a stark increase from the 30% or so of infected legitimate sites the company reported for the first half of 2007.
So this means that miscreants -- because the Web site security and development practices of conventional businesses are negligent -- don't even have to go through the trouble of developing and hosting a Web site, or even the bother of deluging everyone with spam designed to lure folks to a Web site trap.
No, all they have to do is find a trusted site that's already vulnerable. And that, unfortunately, seems all too easy.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
What Ransomware Groups Look for in Enterprise Victims
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Selling Breaches: The Transfer of Enterprise Network Access on Criminal Forums
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage