Web site threats rocket

Powered by SC Magazine

The threat to firms of their Web sites being hacked has risen dramatically, according to new research from web security vendor ScanSafe.

The security software-as-a-service provider reported that 68 percent of all Web-based malware it blocked on behalf of its enterprise customers last month was found on legitimate sites, up more than 407 percent compared to the same time last year.

SQL injection attacks are the most common cause of these sites became compromised, according to ScanSafe. This method of attack is designed to deliver "password stealers and backdoors to visitors’ computers", the firm said.

“The criminals are leveraging the popularity of these web sites - when you compromise a site drawing hundreds of thousands of visitors a day it's a much faster way to reach [a large audience]," said ScanSafe senior researcher, Mary Landesman.

"In terms of what IT managers can do for theri own web servers; OWASP is an open web app security project offering tools and technologies to assist the web site owner."

In related security news, Raimund Genes, chief technology officer of Web security vendor TrendMicro, has hit out at current malware testing techniques, labeling them "antiquated".

The firm has said it will no longer support testing by Virus Bulletin – regarded as one of the premier independent testers in the anti-virus industry – because of the organisation's failure to recognise modern testing techniques such as behavioural analysis and heuristics.

He added that widespread testing methodologies such as pattern matching and whitelisting are not effective in detecting modern day threats, which are ever-changing and more covert.

"Testing procedures and methodologies were developed twenty years ago when incidents were isolated and viruses were written for fun," Genes argued.

"As long as malware is tested in an isolated lab environment with no internet connection, it is not relevant – security companies want independent testing in real-life scenarios."

Genes explained that the major security vendors which are members of industry body the Anti Malware Testing Standards Organisation (AMTSO), are currently working towards new testing methodologies.

itweek.co.uk @ 2010 Incisive Media

Top Stories
Myer CIO named retailer's new chief executive
Richard Umbers to lead data-driven retail strategy.
Empty terminals and mountains of data
Qantas CIO Luc Hennekens says no-one is safe from digital disruption.
BoQ takes $10m hit on Salesforce CRM
Regulatory hurdles end cloud pilot.
Sign up to receive iTnews email bulletins
Latest Comments
Who do you trust most to protect your private data?

   |   View results
Your bank
Your insurance company
A technology company (Google, Facebook et al)
Your telco, ISP or utility
A retailer (Coles, Woolworths et al)
A Federal Government agency (ATO, Centrelink etc)
An Australian law enforcement agency (AFP, ASIO et al)
A State Government agency (Health dept, etc)

Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
I DON'T support shutting the OAIC.