Browser-based attacks increase as viruses dip

As the threat to IT operations by viruses and worms dips, browser-based attacks are increasing, according to a technology trade organization.

The Computing Technology Industry Association, or CompTIA, on Tuesday released its third annual report on IT security and the work force. The survey of nearly 500 organizations, found that 56.6 percent had been the victim of a browser-based attack, up from 36.8 percent a year ago and a quarter two years ago, CompTIA said.

Browser-based attacks often take advantage of security flaws in Web browsers and other components of the user's PC such as the operating system. The attackers' objective can be to sabotage a computer or steal private data, and the attacks can be launched when a person visits a Web page that appears harmless but contains malicious code.

One of the ways to lure victims to a bad Web site is through spam e-mail that include a hyperlink. Phishing, a form of attack that typically includes e-mail and fraudulent Web sites resembling legitimate ones, is on the rise, CompTIA said. Phishing is usually an attempt to steal sensitive information such as usernames, passwords and credit card numbers.

A year ago, 18 percent of organizations said they had become victims of phishing. This year the figure has grown to 25 percent, CompTIA said.

Still, viruses and worms continue to be the No. 1 IT security threat, though the number of these attacks has dipped slightly. Two-thirds of organizations reported they had experienced such attacks in the past year, down slightly from 68.6 percent a year ago.

New pests are also affecting users, CompTIA said. Pharming and threats to mobile devices are causing headaches, the organization said. In pharming attacks, people are redirected to a malicious Web site after an attacker hijacks a domain-name system server--a computer that maps text-based Web site names to actual IP addresses.

CompTIA commissioned TNS Prognostics to conduct the study, which included interviews with 489 professionals from government, IT, financial, education and other sectors.

[Jonthin]

Solution

It all just gets worse and worse and worse. So why don't you do
what I did and switch to Apple Mac. It is simply immune to all that
crud and as a result productivity increases tenfold.

[aabcdefghij987654321]

Ignorance is not bliss

The Mac OS is not "immune" to all that, all such claims are simply hubris. Apple has released security fix patches to OSX so it's obvious that you have a false sense of security.

[mlindl]

You are right about the switch

Apple may have put out security patches but that doesn't mean
the user is under threat because in every instance they have
been theoretical.

Windows patches aren't about theory they are about reality. Not
all exploitable holes have been exploited but NOBODY hacks
Macs.

Mac servers and computers have been left online 24/7 for years
and not one breach has been reported. And it isn't like there
aren't good targets.

OS X is higher quality, Apple computers are higher quality and
TCO is LOWER, LOWER, LOWER.

But if the enterprise doesn't adopt them, it wouldn't be the first
time the enterprise didn't buy the cheapest and best option,
would it?

[treet007]

Too bad their Security+ is not recognized in the marketplace...

It's interesting that an information security-related survey came from CompTIA and not ISC2. When I talked to companies about the CompTIA Security+ certification, they are absolutely clueless, and some even think that it is part of the A+ PC hardware certification line. But talk to the same people about the ISC2 CISSP, then they instantly recognize the certification for information security.

So why should I believe in the CompTIA's study if their information security certification is unrecognizable in the marketplace and thus basically worthless?

--GIF