Beware! Even Good Domains Also Carries Malicious URLs
According to an article on helpnetsecurity.com, it reads that nearly 40 percent of good domains carried malicious URLs. So now the question arises is legitimate websites compromised to host malicious content. Now the challenge for cybersecurity experts is to protect users with a solution that gives them URL-level visibility.
The vulnerable people are the home users, since they have very limited basic protection or not protection, compare to the business network. Helpnetsecurity says that 68 percent of the infections are detected on the consumer endpoints, versus 32 percent on business endpoints.
There is a rise in phishing attacks with the number of phishing sites growing 220 percent compared to last year. Interestingly, even phishing websites use SSL certificates and HTTPS to trick users into believing they are genuine. Financial institutions seem to be the favorite for the phishing developers, as they believe impersonating them makes people fall easily. The article read how over 80 percent of the phishing pages used HTTPS.
Webroot said: That organizations that combine phishing simulation campaigns with regular training saw a 70 percent drop in phishing link click-through.
Webroot further says “that a third of malware tries to install itself in %appdata% folders. Although malware can hide almost anywhere, Webroot found several common locations, including %appdata% (29.4 percent), %temp% (24.5 percent), and %cache% (17.5 percent), among others. These locations are prime for hiding malware because these paths are in every user directory with full user permissions to install there. These folders also are hidden by default on Windows Vista and up.”
Webroot says that there is a steady decline in malware on Windows 10 machines against Windows 7.
Hal Lonas, CTO, Webroot said: “We wax poetic about innovation in the cybersecurity field, but you only have to take one look at the stats in this year’s report to know that the true innovators are the cybercriminals. They continue to find new ways to combine attack methods or compromise new and existing vectors for maximum results. My call to businesses today is to be aware, assess your risk, create a layered approach that protects multiple threat vectors and, above all, train your users to be an asset—not a weak link—in your cybersecurity program.”
Julia Sowells698 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.