UK government websites compromised by attackers


UK government websites compromised by attackers

Antony Savvas

Websense says hundreds of thousands of legitimate websites - including the United Nations site and UK government ones - have been compromised with a massive Javascript injection attack aimed at stealing user information.

Web security firm Websense says it has alerted sites of the problem. It has not named which government sites were compromised.

The attack method highlights a growing number of attacks that take advantage of the flaws in traditional security that rely on signatures and website reputation to protect customers, said Websense.

By infecting hundreds of thousands of much-used, well-known websites simultaneously, attackers only need a window of a few hours to get a large number of potential victims.

Web users and organisations without real-time protection are vulnerable, said Websense.

The well-orchestrated, widespread attack reported appears to be from the same group that launched a similar one in March 2008, said Websense, in which tens of thousands of well-known websites were infected with malicious links.

The same group may also be connected to the Dolphin Stadium Super Bowl attack in 2007, it said.

"This attack seeks to exploit users who trust that their favourite, legitimate websites are safe," said Dan Hubbard, vice-president of security research at Websense.

"Unfortunately, we believe that attacks that target popular websites will be on the rise. In this rapidly changing threat environment, organisations must have web security that can adapt to threats in real-time," he said.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy