An annual report on Web security from software provider Blue Coat that was released on Wednesday says that cyber criminals are launching more focused attacks and are targeting trusted sites to distribute malware, viruses and other threats. The author of the 2010 Blue Coat Annual Web Security Report also says that some Web-delivered applications that are used by businesses are at risk of malware if an attacker thinks there are valuable assets to be stolen by getting onto the corporate network.
The Blue Coat report focuses largely on threats that affect all Internet users, from malware delivered through fake ads for antivirus software, celebrity photos and pornography. Tom Clare of Blue Coat notes that when the popular movie "The Twilight Saga: Eclipse" came to theaters in June 2010, about two dozen sites popped up offering links to pirated copies of the film, most likely malware sites.
But the threats continue for businesses, too, Clare adds. As companies increasingly turn to delivering business applications to employees through a Web browser instead of a traditional client-server architecture, they need to guard against malware attacks through that browser, though not in all cases.
If the application requires a high level of authentication to log onto, or is focused on a narrow group of users in a narrow subject, it wouldn't be of much interest to cyber criminals, he says. But if the application is deemed of high interest, the risk is greater.
"If it's the [U.S.] Department of Energy and I'm interested in getting inside the Department of Energy and I found a Web app that's hosted by the Department of Energy, if that's my attack target and I'm financially motivated to get inside that network, then I'm very interested in it. And, yes, these Web apps are easy to break into," Clare says. A hacker could monitor people logging onto the site, see their credentials and use them for their own access to the network.