Booby-trapped legitimate sites are far better at distributing malware than malicious ones, according to new research from Cisco Systems.
The most effective traps being set for Internet users are not on malicious sites, but the sites users would least expectâ€”and the ones they trust the most.
In Cisco Systems’ 2013 annual security report, researchers found that online shopping sites are 21 times as likelyâ€”and search engines 27 times as likelyâ€”to deliver malicious content as counterfeit software sites. Along the same lines, online advertisements are 182 times as likely to deliver malicious content as pornography sites.
“Attackers have no need to attract users to malicious sites,” said Mary Landesman, senior security researcher at Cisco. “The Web is a very powerful distribution tool for malware and our analysis shows that the majority of this malware is being distributed through known, reputable, legitimate Websites. That malware may be delivered by compromising the legitimate site, or via third-party advertising or other content providers to the legitimate site.”
In such cases, the malware itself is downloaded silently via drive-by download attacks, meaning the user “has done nothing wrong,” Landesman said. Though Cisco does not track the overall number of legitimate sites that get compromised, 83 percent of Web malware encounters it detected were with malicious scripts and iFrames, something that is typically indicative of encounters with such sites.
According to the report, malware writers are targeting the usual suspects with their exploits. The vast majority of Web exploitsâ€”87 percentâ€”targeted Java. PDF and Adobe Flash Player exploits were the next most common types of Web exploits.
While it may be assumed that smaller businesses may be worse off than larger companies, Cisco found that the largest enterprises (25,000 or more employees) have more than 2.5 times the risk of encountering Web malware than smaller companies. This increased risk may be a reflection that larger companies possess more high-value intellectual property and thus are more frequently targeted, according to the report.
“While smaller companies have fewer Web malware encounters per user, it’s important to note that all companiesâ€”regardless of sizeâ€”face significant risk of Web malware encounters,” the report notes. “Every organization should focus on the fundamentals of securing its network and intellectual property.”
Going by country, the landscape for Web malware encounters had a seismic shift, with China falling from second on the list in 2011 to sixth in 2012. Denmark and Sweden hold the third and fourth spots, respectively, while the top spot still belongs to the United States. According to Cisco, 33 percent of all Web malware encounters occurred via Websites hosted in the United States.
“Today’s malware is criminally purposed for profit,” said Landesman. “Put another way, the attackers want to make money. As such, attackers will follow users. Given that the Web is a central destination regardless of device or OS used, it stands to reason that Web malware attacks will continue and possibly even increase. Some attackers are already expanding their toolkits to include exploits for smartphones and Macs, hence it’s reasonable to expect that trend to continue.”-eWeek