There is no such thing as a safe site


The threat landscape and website risk has increased, where nearly half of the top 1 million websites are at risk, according to Menlo Security’s State of the Web 2016 report released this week. In addition, the report found that the attackers are young, savvy and are getting their hands on exploit tools that are readily available, easy to get, easy to deploy and are highly affective and lucrative in their impact.

As if to support the report, between 5 and 9 December, Europol and law enforcement authorities from Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom and the United States carried out a coordinated action targeting users of Distributed Denial of Service (DDoS) cyber-attack tools, leading to 34 arrests and 101 suspects interviewed and cautioned. Suspects in the EU and beyond were mainly young adults under the age of 20. The individuals arrested are alleged to have been paying for stressers and booter services to maliciously deploy software to launch DDoS attacks, which flood websites and web servers with massive amounts of data, leaving them inaccessible to users. The tools used are part of the criminal ‘DDoS for hire’ facilities for which hackers can pay and aim it at targets at their choosing.

This is the state of the Internet as we move into 2017! The combination of wide spread software vulnerabilities, pervasive exploit kits, and throngs of new attackers has created the perfect storm. Traditional security products are failing with web based and email attacks unable to be stopped from simply applying “a good or bad approach” as we don’t understand what’s going to be bad tomorrow, according to Greg Maudsley, Senior Director of Product Marketing at Menlo Security. Phishing attacks can now use legitimate URLs and because of this vulnerability, attackers can compromise a legitimate site and create ‘drive-by attacks’ or a spoof link within a legitimate website – meaning there is no obvious anomalies in the URL that anti-phishing techniques can pick up…Click HERE to read full article.