Cyber-criminals exploiting traditional trust measures for compromises

News by Robert Abel

Cyber-criminals are exploiting traditional measures of trust to gain a foothold on users systems by compromising trusted sites via background initiated requests, using phishing sites, and typo-squatting.

Cyber-criminals are exploiting traditional measures of trust to gain a foothold on users systems by compromising trusted sites via background initiated requests, using phishing sites, and typo-squatting.

While many companies have used categories such as Business and Economy, Shopping, News and Media, and Malware, to help set security policy researchers are warning it's no longer advisable to consider any category as inherently safe, according to the Menlo Security State of the Web 2017 report released 5 February, 2018.

“Many companies have used these categories to help set security policy,” researchers said in the report.  “Unfortunately, it's no longer advisable to consider any category as inherently “safe. According to our research, more than a third of all sites in categories including News and Media, Entertainment and Arts, Shopping, and Travel were risky.”

The problem stems from third party vulnerabilities with the average website connecting to 25 background sites for content, such as video clips and online ads and that enterprise security administrators don't have tools to monitor these connections. Any one of these leaving them vulnerable to backdoor attacks.

The report found 49 percent of news and media sites, 45 percent of entertainment and arts sites, 41 percent of travel sites, 40 percent of personal sites and blogs, 39 percent of society sites, and 39 percent business and economy, were at risk or not being as safe as they appear, being a phishing site, or a typosquatting site.

Vulnerable software used on trusted site also pose a significant risk. The report found that 42 percent of the top 100,000 sites on the web, as ranked by Alexa, are either using software that leaves them vulnerable to attack or have already been compromised in some way.

Some of the most popular software putting these sites at risk with 32,669 sites putting users at risk with Microsoft IIS 7.5, 26,796 sites putting users at risk with php/5.45.15, and 18,379 sites putting users at risk with apache/2.2.15.

The top sites categories relying on vulnerable software included business and economy with 51,045 sites, society with 25,977 sites, personal and blogs with 20,675 sites, news and media with 17,083 sites, and adult and pornography sites with 16,929 sites.

Researchers said business and economy sites experienced the most security incidents and that they contained more sites running vulnerable software, such as PHP 5.3.3, than any other category.

To avoid and defend against potential threats, researchers recommend website owners make sure their servers run the latest software updates and investigate technologies such as Content-Security-Policy. Consumers should download software updates religiously, avoid vulnerable technologies such as Adobe Flash, and use the Chrome browser when possible, researchers added.

Chris Olson, chief executive officer at The Media Trust said enterprises should be concerned about the increasing frequency of website breaches attributed to compromised third-party code.

“Clearly, app sec, antivirus and other traditional website security solutions can't keep pace with the thousands of malicious domains generated every month,” Olson said. “The onus is on enterprise IT to continuously monitor all executing code – both first and third-party code – on websites and mobile apps to discover what and who is executing in the digital environment.”

He added that unauthorised or anomalous code should be immediately remediated and that today's dynamic internet environment requires a continuous security approach to detect real-time security and performance failures before they have detrimental effects on both the enterprise network and its website users.

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events