Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Cybercriminals exploiting traditional trust measures for compromises, study

Cybercriminals exploiting traditional trust measures for compromises, study

Cyber-criminals are exploiting traditional measures of trust to gain a foothold on users systems by compromising trusted sites via background initiated requests, using phishing sites, and typo-squatting.

While many companies have used categories such as  Business and Economy, Shopping, News and Media, and Malware, to help set security policy researchers are warning it’s no longer advisable to consider any category as inherently safe, according to the Menlo Security State of the Web 2017 report released Feb. 5, 2018.

“Many companies have used these categories to help set security policy,” researchers said in the report.  “Unfortunately, it’s no longer advisable to consider any category as inherently “safe. According to our research, more than a third of all sites in categories including News and Media, Entertainment and Arts, Shopping, and Travel were risky.”

The problem stems from third party vulnerabilities with the average website connecting to 25 background sites for content, such as video clips and online ads and that enterprise security administrators don’t have tools to monitor these connections. Any one of these leaving them vulnerable to backdoor attacks.

The report found 49 percent of news and media sites, 45 percent of entertainment and arts sites, 41 percent of travel sites, 40 percent of personal sites and blogs, 39 percent of society sites, and 39 percent business and economy, were at risk or not being as safe as they appear, being a phishing site, or a typo-squatting site.

Vulnerable software used on trusted site also pose a significant risk. The report found that 42 percent of the top 100,000 sites on the web, as ranked by Alexa, are either using software that leaves them vulnerable to attack or have already been compromised in some way.

Some of the most popular software putting these sites at risk with 32,669 sites putting users at risk with Microsoft IIS 7.5, 26,796 sites putting users at risk with php/5.45.15, and 18,379 sites putting users at risk with apache/2.2.15.

The top sites categories relying on vulnerable software included business and economy with 51,045 sites, society with 25,977 sites, personal and blogs with 20,675 sites, news and media with 17,083 sites, and adult and pornography sites with 16,929 sites.

Researchers said business and economy sites experienced the most security incidents and that they contained more sites running vulnerable software, such as PHP 5.3.3, than any other category.

In order to avoid and defend against potential threats, researchers recommend website owners  make sure their servers run the latest software updates and investigate technologies such as  Content-Security-Policy. Consumers should download software updates religiously, avoid vulnerable technologies such as Adobe Flash, and use the Chrome browser when possible, researchers added.

Chris Olson, chief executive officer at The Media Trust said enterprises should be concerned about the increasing frequency of website breaches attributed to compromised third-party code.

“Clearly, app sec, antivirus and other traditional website security solutions can’t keep pace with the thousands of malicious domains generated every month,” Olson said. “The onus is on enterprise IT to continuously monitor all executing code – both first and third-party code – on websites and mobile apps to discover what and who is executing in the digital environment.”

He added that unauthorised or anomalous code should be immediately re-mediated and that today’s dynamic internet environment requires a continuous security approach to detect real-time security and performance failures before they have detrimental effects on both the enterprise network and its website users.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket