3 reasons trustworthy sites can no longer be trusted

Research from Blue Coat Systems claims cybercriminals have shifted their malware-delivery technique from the internet's shadier sites and are hacking the domains we visit every day

. What's this?

By , Senior Editor

February 24, 2011CSO

Last year, malware became increasingly more common on popular and trusted domains, according to research released this week by security firm Blue Coat Systems. Migration to popular hacked sites with trusted reputations and acceptable-use category ratings was the primary theme for hosting malware delivery infrastructure, researchers claim.

Cybercriminals are hacking trusted sites using stolen access credentials in order to launch attacks that are out in the open, but also veiled from reputation filters and commonly blocked web categories. Here are three reasons researchers say you need to be wary — even on sites you count as safe:

Cybercriminals are patient and willing to put in the work
Patience delivers payoffs, according to Blue Coat researchers, who note criminals will often wait months to establish legitimate web site infrastructure that will get past reputation-based software filtering. The most common example of this type of exploitation is malvertising (malware advertising) attacks.

"For example, a relatively new ad domain that had existed for approximately six months had been checked several times for malware with clean ratings when it picked a day in early November to selectively target and deliver its cloaked malware payload," the report states. "The next day it was gone."

See also: 9 dirty tricks: Social engineer's favorite pick-up lines

In other words, the cybercriminal will wait months and allow their intended malicious site to develop a clean reputation within ad networks. It will allow the site to accept categorizations and pass multiple sweeps for malware in order to seem innocent and gain a trusted position within Web advertising. Once that is accomplished, the site will launch an attack during a particularly vulnerable time, such as the weekend when IT support staff is low, the report said.

Roughly 75 percent of phishing attacks now reside on trusted domains that have been hacked
Cybercriminals use search engines to find domains that use vulnerable-hosting software. These domains are prime hacking candidates, according to the research. Phishing attacks are more common to reputed websites now because criminals know users often have the same credentials for several accounts, including bank accounts and social networking accounts. Chances are if a thief gets a hold of your Facebook log in or banking password, they will be able to use it in other lucrative places.

See also: Social Media Risks: The Basics

"Most people associate phishing with SPAM and email attacks; however, social networking has opened a new door for social engineering web-based phishing attacks," the report states. "While classical phishing still exists, cyber crime has moved to social networking attacks to enter the picture as a trusted link between friends, either to deliver malware or to phish for confidential and financial information."

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER