Skip to main content

The web: an online ghetto?

Email-based attacks used to be the weapon of choice, but hackers have now shifted their attention to the web.

Despite users becoming more computer-savvy and wising up to malicious emails, many have remained uneducated to the dangers lurking on the internet: 'what harm can come from just looking at a webpage?'

Online criminals are continuing to use social engineering techniques to exploit users' ignorance and the financial rewards have not disappointed cybercriminals in their new-found vector of infection.

Why the web?

The web is an indispensable tool, used globally by millions on a daily basis, and yet it remains a relatively unprotected route to users' desktops and laptops.

Once compromised, computers give cybercriminals unhindered access to personal details, passwords and confidential data, without user knowledge.

The machines could also be hijacked to send out millions of spam emails, an act which sees the malware writers team up with the spammers.

More and more web hackers are planting spyware and other malware onto websites and then tempting users to the compromised webpages via spammed email invitations.

Once web surfers are transported to an infected page, insufficiently protected computers are exposed, meaning the fraudster is one step closer to successfully stealing data or money.

Any kind of website can fall victim to attack - whether it offers knitting patterns or pornography. In fact, the more inoffensive the site, the better it is for fraudsters, as they're less likely to arouse surfers' suspicion.

A recent report found that around 80 percent of all web-based malware is hosted on innocent - but compromised - websites.By targeting legitimate sites, they are able to expose a potentially huge pool of victims to their malicious code.

Web 2.0 has made it easier for hackers to break into sites and post Trojan horses and drive-by browser exploits.

Drive-by downloads

There are several methods open to fraudsters looking to make money online, and the most popular of these is the 'drive-by download', which occurs once a surfer has been fraudulently directed to a web page that has been infected with malicious code.

It is easy to obtain kits that enable cybercriminals to simply and quickly create malicious code designed to launch their spyware, viruses or phishing attacks.

Once they have found an unprotected web host, the fraudster injects the malicious code and attempts to entice unsuspecting users to visit the infected page.

To do this, cybercriminals deploy a number of tactics including coaxing victims with alluring content, redirecting users from other pages or even loading the content silently from another page.

A further simple technique is to simply include the URL in a spam message.

The escalating threat of drive-by downloads is illustrated by a number of high-profile sites that have been hacked this year.

In the UK, it was reported that an interactive forum for fans of popular British TV comedy Only Fools and Horses was targeted, along with a number of other legitimate sites.

The attack on ISPs

In June 2007, multiple Italian websites were attacked, making headlines around the world. More than 10,000 web pages were infected, most of which were on legitimate but compromised websites.

Victim websites included city councils, employment services and tourism sites and most of the affected pages appear to be hosted by one of the country's largest ISPs.

It is crucial that ISPs act responsibly and fully protect the sites they host. If they slip up, and an online criminal catches on to the vulnerability, the implications on users can be dangerously widespread and expensive.

Companies with websites should make a point of checking that their ISPs are keeping up with the necessary security precautions - otherwise, they could find that they are unwittingly hosting malware.

The inside threat

Organisations need to be realistic about employees surfing the web on the corporate network.

It is crucial that users are educated about the threat posed by careless searching to encourage them to surf safely.

Companies need to consider blocking access to malicious sites, as well implement a complementary strategy to block access to websites by category, filtering URLs to create “allowlists” and “blocklists”.

This effectively enables administrators to simply pick and choose relevant websites to allow staff to access.

Although seemingly safe, some social networking sites have been the topic of much controversy in the technology media.

Websites such as MySpace and Facebook are being deemed as productivity-sapping with many employees logging into profiles during the working day.

The other issue is of course, what are employees revealing on sites like Facebook – these sites are public forums from which virtually anyone can see, and steal, what is posted, opening the door to information theft.

Securing web browsing through control

Despite the growing dangers lurking on the web, they need not cause a problem if businesses and users take the necessary precautions.

Hardware such as the Sophos Web Appliance, protects against a full range of web threats, including those that can enter the corporate network and cause harm.

Spyware, viruses, malicious code, unwanted applications and undesirable content are all blocked at the gateway, ensuring users can browse the web securely.

Attacks made via the web are a relatively new phenomenon, and many companies are unsure about how to effectively protect their networks.

It is vital that organisations apply the same structured, routine security measures at the web as they do - or at least should be doing - at the email gateway, desktops and servers.

If run frequently, on-access scanning for malware will help prevent both initial infection and already-infected files from being used, whilst simultaneously stopping users from accidentally serving up malicious content.

Similarly, in the web environment, most appliances provide automatic updates every five minutes ensuring the network is protected against the latest threat.

The functions of a managed appliance are automated and its performance should be maintained by the vendor, requiring minor yet regular administrator involvement.

These websites not only threaten the privacy of an individual but also the reputation of the company.

Controlling what sites employees browse from the corporate network may save users from either financial or confidential data loss.

All administrative functions are easily accessible through the web-based management console.

This console is built around the principle of "three clicks to anywhere" - simplified navigation that ensures easy access to every function within the appliance. These aspects all eliminate the complexity of administering effective web security. By taking these precautions, businesses will be helping to shut another door on fraudsters.

Real world business solution: Heinz

As an internationally recognised brand, Heinz has long understood the importance of maintaining a high level of IT security to protect against the potential impact of cyber crime, in terms of both cost to its business and reputation damage.

Heinz introduced a web-based thin-client for company-wide use, which made it imperative to bolster gateway security to combat the growing threat of web-based attacks, including spyware, viruses, Trojans, worms, adware, and phishing.

The company needed more robust protection against web-based threats.

Upon evaluation, the Sophos Web Appliance was commended for its proactive approach – stopping new and unknown threats before they execute.

In order to reduce delays in downloading legitimate web pages, the appliance relies on information obtained from SophosLabs™ security network, which scours the web for sources of malicious code, and determines the risk level of billions of web pages a day.

This data allows the appliance to determine the depth of scan according to the level of risk that a website poses.

Furthermore, Heinz was impressed that the appliance did not suffer false positive problems, ensuring that employees were not inconvenienced when accessing non-malicious websites.

Initiating contact with the administrator only when action was required, allowed Heinz’s IT staff to focus on more important priorities.

For these reasons, the Sophos Web Appliance was chosen to protect thousands of Heinz employees.