This issue is something that we have blogged about on several occasions recently here on the TrendLabs blog, but sometimes the issue needs to be highlighted and emphasized to articulate the underlying trends that are emerging.
How bad is the problem of compromised Web sites/Web servers in The Internet? Epic.
Brian Krebs wrote earlier today about how alarming this issue has really become — and we are seeing the same alarming level of escalation.
Why? Insecure Web site implementation and/or no ongoing effort by Web site administrators to ensure that the platforms that these Web sites are built upon are maintained properly, patched diligently, and regularly examined for security deficiencies.
Cyber criminals are actively and successfully preying on the unfortunately large number of Web sites out there which are not implemented or maintained properly, to surreptitiously embed exploits for unwitting Web surfers.
Why? Mainly to obtain user credentials — logins, passwords, credit card information, etc.
This is perhaps the most dangerous, and least appreciated threat to casual Internet users today. There is a wholesale effort underway by cyber criminals to subvert and compromise Web services around the globe to use for their own criminal purposes.
And it gets worse, unfortunately.
The real threat is no longer “scanning for viruses” on the local PC, although it is a useful tool that will probably always play a role in the total threat protection scenario.
The threat “game” has now gone into and onto The Web, and in a big way. Cyber criminals started focusing their attention on Web threats last year in a big way, and in a way which takes advantage of the fact that most Web sites/Web pages are not actively maintained by professionals — they are, in fact, constructed and put into play by folks who have no professional training in secure Web implementations (or simply walk away and don’t update older software vulnerabilities as they are discovered, etc.)
I’ve said this many times, and I’ll repeat it here: The days of simply putting a Web page up on The Internet and forgetting about it are long gone.
An ongoing effort to do due diligence must be a focus — otherwise criminals will exploit the opportunity to seed their malicious craft, and victimize unwitting Internet users.
Criminals are targeting Web sites with “high user count” probabilities — Web sites with large audiences, e-commerce Web sites with potential “high value” compromise possibilities, and entire server farms in third-party hosting facilities.
Not only are they targeting “high-profile” Web sites, they are also targeting any Web site which they can use to host criminal activity.
The latest example of this trend: We were alerted to the fact that a Web site hosting content for the Thai Royal Air Force is being used to harbor a phishing redirect for major banking fraud yesterday (see screenshot below).
We alerted the ThaiCERT folks about this incident yesterday, but it is has not been removed at the time of this posting.
Not to pick on any particular organization — we are all at risk here. Don’t kid yourself.
We’ve recently seen literally thousands of compromised Web sites and Web pages that, if an unsuspecting users happens upon the content (and has some arbitrary unpatched vulnerability), they are victimized.
I cannot stress how important this issue has become, and how this will fundamentally change the way we use The Internet if we do not take dramatic steps to correct these basic deficiencies.
The lifeblood of the Internet depends on it.
When Vint Cerf spoke at the World Economic Forum in Davos, Switzerland, last year, he pretty much nailed the issue spot on — “Criminals may indeed overwhelm the web” as we (collectively) sit idly by.
Take action. Now.
“Fergie”, a.k.a. Paul Ferguson
Internet Security Intelligence
Advanced Threats Research