It's long been a tactic by cyber criminals to load up compromised websites with malware-laden links to snare victims, but instead of it being the sex sites as of old, the favored type of website now is for information technology, according to analysis in the Websense threat report out today.
According to analysis based on its ThreatSeeker technology and other means, 85 percent of malicious Web links last year were found on legitimate hosts that had been compromised, up from 82 percent the year before. Cyber criminals are finding the value in infiltrating computers of enterprises by subverting anything remotely related to information technology, from vendor websites to content like blogs and news, says Chris Astacio, research manager at Websense.
[ Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
In addition, businesses today that do Web filtering are usually blocking access to porn and gambling sites, whereas they're reluctant to limit access to any site related to IT because it might cut into productivity. After the category of "information technology," the most targeted websites for malware links were for "business and economy."
The top countries hosting malware are the United States, the Russian Federation and Germany, the report points out. And the top three "victim" countries are the U.S., France and the United Kingdom. And of course, spam remains the attacker's trajectory to reach victims, with only 1 in 5 emails considered safe or legitimate, according to the Websense report. The U.S. also must be counted as the top country for hosting phishing emails last year, followed by the Bahamas and Canada.
Once a victim's machine has been compromised, there's the likelihood that sensitive information would be transferred out of the enterprise network by the attacker through a system of so-called command and control (CnC) servers. In examining where these have been seen, Websense used a customized sandboxing method to detect attempted attacks against its customers. According to Websense, the top countries hosting CnC servers are China, the U.S. and Russia, which together are said to account for about half of all detected activity of this kind.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: firstname.lastname@example.org.
Read more about wide area network in Network World's Wide Area Network section.