Study: Cyber criminals favour drive-by download attacks

July saw a significant rise in the prevalence of the Mal/ObfJS family of web threats - up from just 1.8 percent in June to 17.3 percent last month, according to the latest Sophos report.

Despite this growth, Mal/Iframe is the leading malicious program used by hackers, accounting for more than half of all web threats detected by the security vendor.

The prominence of both threats emphasises the popularity of the drive-by download technique with cyber criminals, as well as continued growth in the use of obfuscated Javascripts in compromising sites, the report said.

"The security dangers of the web still aren't fully registering with many businesses and this is providing rich pickings for hackers hell-bent on gaining access to sensitive information," said Carole Theriault, senior security consultant at Sophos.

"It's no surprise to see legitimate web pages targeted for these attacks. Businesses aren't strict enough about stopping their employees accessing these sites, while the websites themselves will already have their own daily flow of user traffic, saving hackers the trouble of trying to entice web surfers," she added.

The research also found that China continued to host more infected web pages than any other nation, with half of all the world’s malicious programs hosted there. While the US continues to host a large chunk of global malware (22 per cent), Russia is now responsible for hosting 15 per cent of all the world’s web threats. This rise was caused by the large number of Mal/Iframe and Mal/ObfJS infected web pages in the country that have been compromised to service as drive-by sites.

"Russia is the main nation on the rise," added Theriault. "It's important for countries to remember that hackers don't have preferred locations for malware-hosting. They'll target any vulnerable web hosts that they can find, meaning no nation is immune to the threat.”

attackscriminalscyberdownloaddrivebyfavoursecuritystudy