Web site threats rocket

Powered by SC Magazine
 

The threat to firms of their Web sites being hacked has risen dramatically, according to new research from web security vendor ScanSafe.

The security software-as-a-service provider reported that 68 percent of all Web-based malware it blocked on behalf of its enterprise customers last month was found on legitimate sites, up more than 407 percent compared to the same time last year.

SQL injection attacks are the most common cause of these sites became compromised, according to ScanSafe. This method of attack is designed to deliver "password stealers and backdoors to visitors’ computers", the firm said.

“The criminals are leveraging the popularity of these web sites - when you compromise a site drawing hundreds of thousands of visitors a day it's a much faster way to reach [a large audience]," said ScanSafe senior researcher, Mary Landesman.

"In terms of what IT managers can do for theri own web servers; OWASP is an open web app security project offering tools and technologies to assist the web site owner."

In related security news, Raimund Genes, chief technology officer of Web security vendor TrendMicro, has hit out at current malware testing techniques, labeling them "antiquated".

The firm has said it will no longer support testing by Virus Bulletin – regarded as one of the premier independent testers in the anti-virus industry – because of the organisation's failure to recognise modern testing techniques such as behavioural analysis and heuristics.

He added that widespread testing methodologies such as pattern matching and whitelisting are not effective in detecting modern day threats, which are ever-changing and more covert.

"Testing procedures and methodologies were developed twenty years ago when incidents were isolated and viruses were written for fun," Genes argued.

"As long as malware is tested in an isolated lab environment with no internet connection, it is not relevant – security companies want independent testing in real-life scenarios."

Genes explained that the major security vendors which are members of industry body the Anti Malware Testing Standards Organisation (AMTSO), are currently working towards new testing methodologies.

itweek.co.uk @ 2010 Incisive Media


 
 
 
Top Stories
Matching databases to Linux distros
Reviewed: OS-repository DBMSs, MariaDB vs MySQL.
 
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  70%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 719

Vote