UK government websites compromised by attackers

News

UK government websites compromised by attackers

Antony Savvas

Websense says hundreds of thousands of legitimate websites - including the United Nations site and UK government ones - have been compromised with a massive Javascript injection attack aimed at stealing user information.

Web security firm Websense says it has alerted sites of the problem. It has not named which government sites were compromised.

The attack method highlights a growing number of attacks that take advantage of the flaws in traditional security that rely on signatures and website reputation to protect customers, said Websense.

By infecting hundreds of thousands of much-used, well-known websites simultaneously, attackers only need a window of a few hours to get a large number of potential victims.

Web users and organisations without real-time protection are vulnerable, said Websense.

The well-orchestrated, widespread attack reported appears to be from the same group that launched a similar one in March 2008, said Websense, in which tens of thousands of well-known websites were infected with malicious links.

The same group may also be connected to the Dolphin Stadium Super Bowl attack in 2007, it said.

"This attack seeks to exploit users who trust that their favourite, legitimate websites are safe," said Dan Hubbard, vice-president of security research at Websense.

"Unfortunately, we believe that attacks that target popular websites will be on the rise. In this rapidly changing threat environment, organisations must have web security that can adapt to threats in real-time," he said.





Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy