Employees could be putting their company’s network and data at risk by visiting legitimate Web sites that have been secretly compromised with malware. This is according to Richard Broeke, sales manager at Securicom, a specialist provider of IT security services in southern Africa.
“Web-based attacks on corporate networks and end-user computers have increased significantly in the past few years, specifically since the advent of Web 2.0. Legitimate Web sites are compromised when they are infiltrated by attackers who are using Web-attack toolkits.
“Companies that rely on signature-based antivirus protection are not able to protect themselves against these ‘silent’ attacks. Furthermore, infrequent and inadequate patch updates make organizations especially vulnerable to Web-based attacks,” explains Broeke.
Referring to Symantec’s 2013 Internet Security Report, Broke says these sorts of Web-based attacks increased by almost a third (30%) in 2012. The organisation’s analysis of Web-based attacks shows that it is older, non-patched vulnerabilities that cause most systems to be compromised.
In 2012, Symantec’s Trust Services technology scanned over 1,5-million Web sites as part of its Web site Malware Scanning and Vulnerability Assessment services. Over 130 000 URLs were scanned for malware each day, with 1 in 532 of Web sites found to be infected with malware. 61% of malicious sites are actually regular Web sites that have been compromised and infected with malicious code.
“It’s pretty disheartening to think that users are inadvertently infecting company computers and putting networks and business data at risk by visiting Web sites that they think, and which their employers, deem as safe.
“So, avoiding or preventing access to Web sites which are typically considered no-go zones due to content doesn’t provide protection against Web-based threats,” he says.
But how are hackers infiltrating legitimate sites and why?
Broeke says they use various means amongst which include using attack toolkits; exploiting vulnerabilities in the Web site’s hosting or content management software; direct hacking through the Web server backend infrastructure, and by simply paying to host an advert which is infected on the site.
The last, very commonly-used method, known as “malvertising”, allows attackers to infect Web sites without even having to hack into the site. Some malware can be particularly destructive while others have the purpose of ‘spying’ with the ultimate goal of stealing information.
“Cybercriminals and scammers are ultimately in it for the money. They use the Web to infect computer systems in order to get their hands on contact, personal, business and financial information. At best, this information is used to populate databases and perpetuate spam, at worst it’s used to commit fraud, steal identities or for espionage,” explains Broeke.
Symantec, in its report, warns that infections from Web sites will become more common and even harder to detect and block without advanced security software. Internet users, and the companies that employ them, are going to have to become more proactive about security and privacy online.
Broeke agrees saying that signature-based antivirus on desktops and laptops is not enough to protect against Web-based attacks. Additional layers of security are necessary, including comprehensive endpoint security and browser protection.
“Endpoint security solutions which provide intrusion prevention to protect against unpatched vulnerabilities will help stop malware from ever making it onto endpoints. A comprehensive Web security product is also essential for protecting against Web-based attacks.
“These should be combined with robust application control which will prevent applications and browser plug-ins from downloading unauthorised, unwanted content,” he advises.