Converged Web And e-Mail Threats On The Rise: Websense

Websense has revealed the findings from its bi-annual research report: Websense Security Labs, State of Internet Security, Q3-Q4 2008 . Key facts from the report include:

- 70 percent of the top 100 most popular websites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites. This represents a 16 percent increase over the last six-month period, according to new research released from Websense Security Labs. The top 100 most popular Web sites, many of which are social networking, Web 2.0 and search sites, represent the majority of all Web page views and are the most popular target for attackers.

- In the second half of 2008, more than 77 percent of the websites Websense classified as malicious were actually sites with seemingly ‘good’ reputations that had been compromised by attackers. This percentage is up slightly from 75 percent in the first half of 2008.

- The number of malicious websites identified by Websense Security Labs from January 1, 2008 through January 1, 2009 has increased by 46 percent.

- Websense Security Labs found that 39 percent of malicious Web attacks included data-stealing code, demonstrating that attackers are after essential information and data.

- The Web continues to be the most popular vector for data-stealing attacks. In the second half of 2008, Websense Security Labs found that 57 percent of data-stealing attacks are conducted over the Web, representing a 24 percent increase over the six-month period.

- The convergence of blended Web and e-mail threats continues to increase. Websense Security Labs reports that 90.4 percent of all unwanted e-mails in circulation in the second half of 2008 contained links to spam sites and/or malicious websites. This represents a nearly 6 percent increase in e-mails containing a malicious link to compromised sites.

Websense chief technology officer Dan Hubbard said, “In the last six months, criminals have really stepped up their game in a few notable areas. Spammers are increasingly using links to malicious websites and spam sites in their e-mail campaigns to lure users and evade security systems that lack Web intelligence. We’re also seeing an increase in cybercriminals taking advantage of the growing number of Web 2.0 properties that allow user-generated content. More than ever, we’re seeing attackers inject websites with links and iFrames to direct users to malicious and compromised sites with the ultimate purpose of stealing data.”