Threat Management, Malware, Phishing

Cybercriminals exploiting traditional trust measures for compromises, study

Cybercriminals are exploiting traditional measures of trust to gain a foothold on users systems by compromising trusted sites via background initiated requests, using phishing sites, and typosquatting.

While many companies have used categories such as  Business and Economy, Shopping, News and Media, and Malware, to help set security policy researchers are warning it's no longer advisable to consider any category as inherently safe, according to the Menlo Security State of the Web 2017 report released Feb. 5, 2018.

“Many companies have used these categories to help set security policy,” researchers said in the report.  “Unfortunately, it's no longer advisable to consider any category as inherently “safe. According to our research, more than a third of all sites in categories including News and Media, Entertainment and Arts, Shopping, and Travel were risky.”

The problem stems from third party vulnerabilities with the average website connecting to 25 background sites for content, such as video clips and online ads and that enterprise security administrators don't have tools to monitor these connections. Any one of these leaving them vulnerable to backdoor attacks.

The report found 49 percent of news and media sites, 45 percent of entertainment and arts sites, 41 percent of travel sites, 40 percent of personal sites and blogs, 39 percent of society sites, and 39 percent business and economy, were at risk or not being as safe as they appear, being a phishing site, or a typosquatting site.

Vulnerable software used on trusted site also pose a significant risk. The report found that 42 percent of the top 100,000 sites on the web, as ranked by Alexa, are either using software that leaves them vulnerable to attack or have already been compromised in some way.

Some of the most popular software putting these sites at risk with 32,669 sites putting users at risk with Microsoft IIS 7.5, 26,796 sites putting users at risk with php/5.45.15, and 18,379 sites putting users at risk with apache/2.2.15.

The top sites categories relying on vulnerable software included business and economy with 51,045 sites, society with 25,977 sites, personal and blogs with 20,675 sites, news and media with 17,083 sites, and adult and pornography sites with 16,929 sites.

Researchers said business and economy sites experienced the most security incidents and that they contained more sites running vulnerable software, such as PHP 5.3.3, than any other category.

In order to avoid and defend against potential threats, researchers recommend website owners  make sure their servers run the latest software updates and investigate technologies such as  Content-Security-Policy. Consumers should download software updates religiously, avoid vulnerable technologies such as Adobe Flash, and use the Chrome browser when possible, researchers added.

Chris Olson, chief executive officer at The Media Trust said enterprises should be concerned about the increasing frequency of website breaches attributed to compromised third-party code.

“Clearly, app sec, antivirus and other traditional website security solutions can't keep pace with the thousands of malicious domains generated every month,” Olson said. “The onus is on enterprise IT to continuously monitor all executing code – both first and third-party code – on websites and mobile apps to discover what and who is executing in the digital environment.”

He added that unauthorized or anomalous code should be immediately remediated and that today's dynamic internet environment requires a continuous security approach to detect real-time security and performance failures before they have detrimental effects on both the enterprise network and its website users.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.