Subscribe
  • Home
  • /
  • TechForum
  • /
  • Browsing legit sites can put company data at risk - Web-based attacks are on the rise

Browsing legit sites can put company data at risk - Web-based attacks are on the rise

By Richard Broeke, sales manager at Securicom.


Johannesburg, 09 Jul 2013

Employees could be putting their company's network and data at risk by visiting legitimate Web sites that have been secretly compromised with malware.

This is according to Richard Broeke, sales manager at Securicom, a specialist provider of IT security services in southern Africa.

"Web-based attacks on corporate networks and end-user computers have increased significantly in the past few years, specifically since the advent of Web 2.0. Legitimate Web sites are compromised when they are infiltrated by attackers who are using Web-attack toolkits.

"A covert piece of JavaScript or a few lines of malicious code linking to another Web site can install malware that is very difficult to detect. The software then checks the system of each visitor for browser or operating system vulnerabilities. Where there are vulnerabilities, it installs malware on the user's system.

"Companies that rely on signature-based anti-virus protection are not able to protect themselves against these 'silent' attacks. Furthermore, infrequent and inadequate patch updates make organisations especially vulnerable to Web-based attacks," explains Broeke.

Referring to Symantec's 2013 Internet Security Report, Broeke says these sorts of Web-based attacks increased by almost a third (30%) in 2012. The organisation's analysis of Web-based attacks shows that it is older, non-patched vulnerabilities that cause most systems to be compromised. In 2012, Symantec's Trust Services technology scanned over 1.5 million Web sites as part of its Website Malware Scanning and Vulnerability Assessment services. Over 130 000 URLs were scanned for malware each day, with one in 532 Web sites found to be infected with malware. Sixty-one percent of malicious sites are actually regular Web sites that have been compromised and infected with malicious code.

"It's pretty disheartening to think that users are inadvertently infecting company computers and putting networks and business data at risk by visiting Web sites they think, and which their employers deem, as safe.

"So, avoiding or preventing access to Web sites that are typically considered no-go zones due to content doesn't provide protection against Web-based threats," he says.

But how are hackers infiltrating legitimate sites, and why?

Broeke says they use various means, among which include using attack toolkits; exploiting vulnerabilities in the Web site's hosting or content management software; direct hacking through the Web server backend infrastructure; and by simply paying to host an advert that is infected on the site.

The last, very commonly used method, known as 'malvertising', allows attackers to infect Web sites without even having to hack into the site.

Some malware can be particularly destructive while others have the purpose of 'spying' with the ultimate goal of stealing information.

"Cyber criminals and scammers are ultimately in it for the money. They use the Web to infect computer systems in order to get their hands on contact, personal, business and financial information. At best, this information is used to populate databases and perpetuate spam; at worst, it's used to commit fraud, steal identities or for espionage," explains Broeke.

Symantec, in its report, warns that infections from Web sites will become more common and even harder to detect and block without advanced security software. Internet users, and the companies that employ them, are going to have to become more proactive about security and privacy online.

Broeke agrees, saying signature-based anti-virus on desktops and laptops is not enough to protect against Web-based attacks. Additional layers of security are necessary, including comprehensive endpoint security and browser protection.

"Endpoint security solutions, which provide intrusion prevention to protect against unpatched vulnerabilities, will help stop malware from ever making it onto endpoints. A comprehensive Web security product is also essential for protecting against Web-based attacks. These should be combined with robust application control, which will prevent applications and browser plug-ins from downloading unauthorised, unwanted content," he advises.

Share

Securicom

Securicom is an IT security management and consulting company.

It is one of only a handful of South African technology companies to offer an end-to-end range of fully managed IT security services in the cloud.

Securicom's holistic suite of solutions provides comprehensive weaponry and proactive defence against the host of threats that afflict businesses today, from perimeter and endpoint protection, to WAN, LAN, cloud and mobile.

Its solutions operate on only the best-of-breed technology, including Symantec Brightmail, Riverbed, Trustwave and XenMobile, formerly known as ZenCloud, and are hosted offsite at Securicom's local data centres.

Securicom has offices in Johannesburg, Cape Town and Namibia, and offers its services in 10 other African countries. For more information on Securicom, please visit www.securicom.co.za.

Editorial contacts

Kerry Webb
Securicom
(082) 496 0713