The growing use of web 2.0 technologies by online retailers and others is making it easier for crooks to compromise trusted sites and gain access to customers’ confidential information, according to the September 2007 Symantec Internet Security Threat Report.
Criminals no longer are trying to break into the computers of targeted users but instead are compromising trusted sites and/or applications, such as shopping carts, content-management systems, blogs and web-based e-mail, Symantec says. When the end user visits that site or uses that application, the attacker is able to compromise the user’s computer, often by directing the user to a malicious web site or by downloading a Trojan onto the user’s computer, the report states.
During the January through June reporting period covered by the report, 61% of all vulnerabilities disclosed were related to web applications. “This has serious implications for end users because they can no longer place their trust in well-known sites,” Symantec says.
Attackers are increasingly targeting web applications as a means of circumventing network security measures, such as firewalls. “Social networking sites have proven fruitful for attackers because they give attackers access to large numbers of people, many of whom implicitly trust that the site—and the content on it—are secure,” the report says. “Attackers are increasingly targeting social networking sites as web users are becoming wary of unsolicited e-mail attachments and other enticements.”
Symantec also found that attackers have moved away from nuisance and destructive attacks towards activity that is motivated by financial gain. “Today’s attackers are increasingly sophisticated and organized, and have begun to adopt methods that are similar to traditional software development and business practices,” the report says.
Back...
