Two reports released this week confirmed the tidal shift in the type of websites into which cybercriminals are injecting malware.
WhiteHat Security, in the seventh installment of its Website Security Statistics Report, to be released on Tuesday, found that 82 percent of websites studied over the past year have had a “high,” “critical,” or “urgent” issue during their lifetime, with cross-site scripting continuing to top the list.
WhiteHat’s report is no more alarming than in the past two years, Jeremiah Grossman, founder and CTO of the company, told SCMagazineUS.com on Monday. But this time, most of the more than 1,000 compromised websites reviewed in the report belong to well-known brands.
Security may have been an afterthought when the underlying coding for the web was being developed, said Grossman.
“During the web’s first decade, no one much paid attention to cross-site scripting,” he said.
But after 20 years of web development and 200 million-plus websites now existing, he said the problem has become one of scale.
Meanwhile, in its April report released Monday, security firm MessageLabs unearthed similar findings.
“This is an interesting area,” Paul Wood, MessageLabs Intelligence senior analyst at Symantec, told SCMagazineUS.com. “The impression used to be that the best way to pick up malware was to visit adult sites, but we were surprised to find trends that showed the opposite.”
The bad guys value domains that have well-made reputations, he said.
“This is an abuse of legitimate domains we didn’t expect to see,” Wood said.
What made a good deal of this activity possible, said Wood, is the use of sites that enable users to create content, particularly social networking sites. One of the problems is that the bad guys are figuring out ways to defeat CAPTCHA, a strategy used when a website user is entering data into a form based on an image that contains numbers or letters. This is to ensure that the response is not generated by a robot.
“It’s an ongoing arms race,” Wood explained, fueled by offshore workers being hired to break CAPTCHA codes so that hackers can get past the initial login necessary to enter a legitimate website. “There’s a market of people out there willing to do the job,” he said.
WhiteHat’s report also pointed to social networking sites as the prime target of malware authors. Social networking sites, such as MySpace, Facebook and LinkedIn, which have experienced phenomenal growth in the past few years, topped its list — with 82 percent having a severe vulnerability. Education sites sank to the number two spot with 76 percent, and IT vendor sites came in a close third with 75 percent.
One of the biggest takeaways from the WhiteHat report is that not all vulnerabilities are created equal, but many are quite serious — leaving the door open to exploit sensitive information and cause some serious damage, said WhiteHat’s Grossman.
Users must be extra vigilant and understand that even sites they know and trust and visit regularly might be compromised through attacks, most likely SQL injection attacks, MessageLabs’ Wood said.
Websites must be fixed at the code level or mitigated by firewalls, Grossman added, but the process requires fine tuning.
“It’s a big opportunity for IT professionals,” he said.
Editor’s note: Some of the MessageLabs Intelligence information discussed in this news story will be contained in the company’s May report, due in a few weeks.