Hackers exploit website reputations, says Websense

Hackers will use more sophisticated ways of targeting websites with good reputations

Hackers will use more sophisticated ways of targeting websites with good reputations, according to the latest internet security report from Websense.

In the first six months of 2008, 75% of legitimate websites were compromised, an increase of almost 50% on the previous six months.

60% of the 100 most popular sites, many used and trusted by business, have also been involved in malicious activity.

Carl Leonard, the threat research manager for EMEA at Websense, said companies need to be able to scan, analyse and classify content at any given time.

"It is no longer sufficient to have a purely reputation-based, signature-based, or URL-based security system, they must be able to check sites are clean in real time," Carl Leonard said.

Another trend identified in the report is that e-mail spammers have broken the CAPTCHA response testing safeguards against automated account registering used by trusted email services.

The report said e-mail services like Gmail and Windows Live Mail are vulnerable to hackers to register accounts and bypass filters that allow mail from these sources.

Leonard said this trend is likely to continue for some time until improved CAPTCHA systems can be implemented. It is important users be made aware of the increased threat, he said.

The Websense report said enterprises need to rethink their approaches to the web, messaging and data security to ensure risk mitigation keeps in step with current threats.

Leonard said organisations should move to a comprehensive data-centric approach to security that looks at all the data involved to determine if websites or e-mails are safe.

"Security needs to be geared up to look at contents of web pages and all the data surrounding the sending of e-mails such as the reputation of the sender, the URLs involved in the emails, and the patterns of attacks," he said.

Read more on IT risk management