According to the latest Websense State of Internet Security report [PDF] and the Sophos Security Threat report for the first half of 2008, hacked websites are being infected with malware at an ever-increasing rate.

The Sophos report indicates that the website infection rate is three times faster, with Sophos detecting 16,172 malicious webpages every day. Over 90% of the websites spreading malware are legitimate websites, the number one host being Blogger (Blogspot.com). The Websense report is similar, with over 75 percent of the malware-distributing websites being legitimate. Websense indicates that hacked sites outweigh the number of sites specifically set up to deliver attacks and that 60% of the most popular sites on the web were subverted or indirectly involved with some form of malicious activity in the past 6 months.

Sophos technology consultant Graham Cluley warns businesses to educate employees about posting too much information to social networking sites like LinkedIn or Facebook. Experts indicate that cybercriminals are using hacked profiles to launch phishing attacks at employees that result in data breaches.

According to Websense, 45% of the sites hosting malware allow for some portion of user-driven content, so Web 2.0 technologies / social networking services continue to be the focus of attackers. They indicate that 29% of malicious web attacks are designed to steal data.

“Hackers will continue to get creative and leverage user-created content and Web 2.0 applications to create even bigger security concerns for organizations,” the Websense report authors said. “Researchers expect attackers to see a rise in special interest attacks — targeting specific groups of people based on interests and profiles. With an increase in spam and ‘talk back’ sections of new sites, new active media, Web modules, scripting and social networks, organizations will need to ensure their Web, messaging and data security programs are adequate to plug the holes and curb the new avenues hackers exploit to spread malicious code for financial gain.”

IMB’s X-Force Threat Insight report [PDF] also indicates that malware is continuing to accelerate. According to this report, 50% of vulnerabilities are designed to gain local and remote access to data.

Via eweek, 2 Tags: data security, web security, malware, hacked websites, hacking, security, it security, business security, security threats, web 2.0 security