Web site threats rocket

Powered by SC Magazine

The threat to firms of their Web sites being hacked has risen dramatically, according to new research from web security vendor ScanSafe.

The security software-as-a-service provider reported that 68 percent of all Web-based malware it blocked on behalf of its enterprise customers last month was found on legitimate sites, up more than 407 percent compared to the same time last year.

SQL injection attacks are the most common cause of these sites became compromised, according to ScanSafe. This method of attack is designed to deliver "password stealers and backdoors to visitors’ computers", the firm said.

“The criminals are leveraging the popularity of these web sites - when you compromise a site drawing hundreds of thousands of visitors a day it's a much faster way to reach [a large audience]," said ScanSafe senior researcher, Mary Landesman.

"In terms of what IT managers can do for theri own web servers; OWASP is an open web app security project offering tools and technologies to assist the web site owner."

In related security news, Raimund Genes, chief technology officer of Web security vendor TrendMicro, has hit out at current malware testing techniques, labeling them "antiquated".

The firm has said it will no longer support testing by Virus Bulletin – regarded as one of the premier independent testers in the anti-virus industry – because of the organisation's failure to recognise modern testing techniques such as behavioural analysis and heuristics.

He added that widespread testing methodologies such as pattern matching and whitelisting are not effective in detecting modern day threats, which are ever-changing and more covert.

"Testing procedures and methodologies were developed twenty years ago when incidents were isolated and viruses were written for fun," Genes argued.

"As long as malware is tested in an isolated lab environment with no internet connection, it is not relevant – security companies want independent testing in real-life scenarios."

Genes explained that the major security vendors which are members of industry body the Anti Malware Testing Standards Organisation (AMTSO), are currently working towards new testing methodologies.

itweek.co.uk @ 2010 Incisive Media

Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
Sign up to receive iTnews email bulletins
Latest Comments
What is delaying adoption of public cloud in your organisation?

   |   View results
Lock-in concerns
Application integration concerns
Security and compliance concerns
Unreliable network infrastructure
Data sovereignty concerns
Lack of stakeholder support
Protecting on-premise IT jobs
Difficulty transitioning CapEx budget into OpEx