Hackers will use more sophisticated ways of targeting
websites with good reputations, according to the latest
internet security report from
Websense.
In the first six months of 2008, 75% of
legitimate websites were compromised, an increase of almost 50%
on the previous six months.
60% of the 100 most popular sites, many used and trusted by
business, have also been involved in malicious activity.
Carl Leonard, the threat research manager for EMEA at Websense,
said companies need to be able to scan, analyse and classify
content at any given time.
"It is no longer sufficient to have a purely reputation-based,
signature-based, or URL-based security system, they must be able to
check sites are clean in real time," Carl Leonard said.
Another trend identified in the report is that
e-mail
spammers have broken the CAPTCHA response testing safeguards
against automated account registering used by trusted email
services.
The report said e-mail services like Gmail and Windows Live Mail
are vulnerable to hackers to register accounts and bypass filters
that allow mail from these sources.
Leonard said this trend is likely to continue for some time
until improved CAPTCHA systems can be implemented. It is important
users be made aware of the increased threat, he said.
The Websense report said enterprises need to rethink their
approaches to the web, messaging and data security to ensure risk
mitigation keeps in step with
current threats.
Leonard said organisations should move to a comprehensive
data-centric approach to security that looks at all the data
involved to determine if websites or e-mails are safe.
"Security needs to be geared up to look at contents of web pages
and all the data surrounding the sending of e-mails such as the
reputation of the sender, the URLs involved in the emails, and the
patterns of attacks," he said.