TechTarget

UK government websites compromised by attackers

Websense says hundreds of thousands of legitimate websites - including the United Nations site and UK government ones - have been compromised with a massive Javascript injection attack aimed at stealing user information.

Websense says hundreds of thousands of legitimate websites - including the United Nations site and UK government...

ones - have been compromised with a massive Javascript injection attack aimed at stealing user information.

Web security firm Websense says it has alerted sites of the problem. It has not named which government sites were compromised.

The attack method highlights a growing number of attacks that take advantage of the flaws in traditional security that rely on signatures and website reputation to protect customers, said Websense.

By infecting hundreds of thousands of much-used, well-known websites simultaneously, attackers only need a window of a few hours to get a large number of potential victims.

Web users and organisations without real-time protection are vulnerable, said Websense.

The well-orchestrated, widespread attack reported appears to be from the same group that launched a similar one in March 2008, said Websense, in which tens of thousands of well-known websites were infected with malicious links.

The same group may also be connected to the Dolphin Stadium Super Bowl attack in 2007, it said.

"This attack seeks to exploit users who trust that their favourite, legitimate websites are safe," said Dan Hubbard, vice-president of security research at Websense.

"Unfortunately, we believe that attacks that target popular websites will be on the rise. In this rapidly changing threat environment, organisations must have web security that can adapt to threats in real-time," he said.




CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close