By Simon Quicke
24 July 2008
The increasing number of attacks on company websites, designed to leave visitors to those pages infected, has grown in the first half of this year.
According to the Sophos Security Threat Report for the first six months of this year there has been a significant increase in website infections as well as a growth in spear-phising, the phrase used to describe targeted phising attacks on a small number of individuals.
Graham Cluley, senior technology consultant at Sophos, said that spear-phising often went unpublisiced because it impacted so few people but it was growing as criminals honed their ability to trick individuals into parting with financial information.
He added that the first half of the year had been marked by a significant increase in the number of corporate websites being targeted by hackers looking to use it is a platform to infect web visitors.
“it is happening an awful lot, every five seconds we come across a site that has been infected, and it is three times more than last year and it is large websites as well as the small ones,” he said.
He added that there was still a job for resellers to educate customers about the need for more website vigilance.
Dave Ellis, director of e-security, professional services and training at ComputerLinks, said that what was worrying is the number of companies that used corporate websites as a form of intranet for staff.
“That does open up the potential of spreading inside an organisation and is something that customers must think about,” he said.
Nick Garlick, managing director at reseller Nebulas Security, said that it had continued to see code injections that opened up companies to hackers and there was still widespread ignorance around the problem.
“There is a lack of understanding of how easy it is to penetrate back end databases and in general the whole knowledge around this area is still too low,” he said.
