Websense report - State of Internet Security Q3-Q4 2008

Digesting the latest report from Websense reveals a bleak picture for the 2nd half of 2008. Let's review the findings and elaborate:
77 percent of Web sites with malicious code are legitimate sites that have been compromised.
Meaning that instead of primarily registering new sites, attackers are instead choosing to compromise existing ones.
70 percent of the top 100 sites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites.
Attackers are choosing to compromise the very sites that people use frequently and normally trust (e.g. CNET Networks, BusinessWeek.com, BillOReilly.com, the New York Times, Facebook, Twitter)
sites that allow user-generated content comprise the majority of the top 50 most
active distributors of malicious content.
Web 2.0 allows for rich interactions with other users and content. However, it also provides hackers with powerful means to infect new machines by taking advantage of the dynamic and rich nature of the content that can be served (i.e. scripting).
57 percent of data-stealing attacks are conducted over the Web (a 24% increase)
The web has become the new weapon of choice for hackers, allowing massive theft of data, distributed over numerous law enforcement jurisdictions, making it hard to quickly investigate and prosecute.
The Web Remains the Number-One Attack Vector
The top 10 web attack vectors are not surprisingly centered around browser vulnerabilities, flaws with media software (PDF, Flash, ActiveX, RealPlayer, QuickTime), social engineering, third-party apps, and DNS weaknesses.

Src: State of Internet Security Q3-Q4 2008 | Websense

No comments: