Web-Based Threat to Businesses Increasing at an Unbelievable Rate

The mounting threat to the businesses has once again come into limelight after security firm Websense reported an enormous increase of 671% in the number of malicious sites in the past year.

The security firm, in its report, has not just reported a tremendous growth in the number of malicious sites, but also in the constant activity designed to hack legitimate sites. During January-June 2009, Websense noted a 233% increase in malicious websites. Also, during the same period, it was noted that more than three-quarters of sites containing malicious codes were actually the compromised legitimate websites.

Carl Leonard, Threat Manager, Websense EMEA, stated that the sites can be protected from exploitation, provided people examine their codes, keep a watch on the flaws in their servers, and keeping third-party applications patched, reported v3.co.uk on September 15, 2009.

As per the statement given by the firm, spammers and cybercriminals chiefly target Web 2.0 websites that allow user-generated content. Websense Security Labs identified that 95% of user-generated comments to chat rooms, message boards and blogs are malicious or spam.

In the meantime, efforts made to protect Web 2.0 properties proved to be ineffective to a great extent. The research by Websense suggests that community-driven security tools that are used on websites like BlogSpot and YouTube are 65-75% unsuccessful in safeguarding users from security threats and offensive content.

Furthermore, Websense Security Labs has stated in the report that 37% of the malicious Web attacks involved data stealing code, clearly indicating attacker's chase for important data and information. It was noted that the Web remains to be the most sought after vector for data breaching. Websense noted that 57% of data-stealing attacks were accomplished over the Web during the first six months of 2009.

The study found that most of these breaches took place because of three extensive SQL injection campaigns, named Beladen, Gumblar and Nine Ball. These campaigns made use of 'drive-by' exploits for installing Trojan downloaders on atleast 40,000 genuine websites. Additionally, automated submission of forum and blog comments that contain links to malicious web pages was also very much popular.

Related article: Web Browsers Too Have Security Exploits

» SPAMfighter News - 10/6/2009