The report, Websense Security Labs Report found that for the first time, today 51 percent of the sites classified as malicious are compromised websites.
According to the vendor, the trend poses a significant risk as traditional security measures are not designed to handle the attacks. "These sites pose a significant risk because many security companies rely on Web site reputation to protect customers. Compromised sites have a good reputation...this raises the effectiveness of the attacks," stated the report.
Dan Hubbard, vice president of security research at Websense said, more and more, attackers are compromising legitimate websites to infect visitors with information-stealing code or to add users’ machines to botnets.
“With this in mind, organisations need to ensure their Web, messaging and data security solutions can protect the avenues hackers seek to exploit for financial gain,” he said.
Popular sites recently hacked include
soccernet.com;
Whitepages.com.au; and the
United Nations' HIV/AIDS Asia Pacific portal.“We believe that attackers will continue to be creative and leverage Web 2.0 applications and user-generated content to create even bigger security concerns for organisations.
“Additionally, they are increasing the sophistication of their attack methods and building resilient infrastructures as we saw with the Storm worm attacks last year,” Hubbard said.