Cybercriminals exploiting traditional trust measures for business compromises, study

Your Feed is from https://www.safeharboroncyber.com/Blog/
CyberWisdom Safe Harbor Commentary on Web Site Vulnerabilities
A must-read story from scmagazine.com and techrepublic.com evaluate hidden facts on web site vulnerabilities:
42% of the 100,000 sites on the network are using software that is vulnerable or has been attacked in some way. – Menlo Security, 2018
4,600 phishing sites use legitimate hosting services to avoid detection. – Menlo Security, 2018
According to the latest Menlo Security report, many of the places we think are the safest places on the Internet are actually quite dangerous to business people and consumers. The report found that about 42% of the sites in the top 100,000 sites use software that turns them on or has been attacked in some way.
Cybercriminals use long-term confidence trust measures, including the reputation or category of certain websites, to avoid being detected and to increase the effectiveness of the attacks. This means that businesses must be vigilant and ensure that cyber health measures are in place, including employee education and multilayered protection.
Cybercriminals are using traditional methods of trust to gain a foothold on user systems through back-office requests, phishing sites, and cybersquatting that endanger credible sites.
Although many companies have used categories like business and economics, shopping, news and media, and malware to help shape security policies, researchers warn that depending on the Menlo security posture of the network, treating any category as inherently no longer valid It is advisable that the 2017 annual report be released on February 5, 2017.
The researchers said in the report: “Many companies have used these categories to help shape their safety policies.” Unfortunately, taking into account that any category is inherently “safe” is no longer desirable. According to our research, more than a third of all websites in the news, media, entertainment and arts, shopping, travel, etc., are at risk. ”
Web site vulnerabilities from the third party
The problem stems from third-party vulnerabilities, which are generally linked to 25 content background sites such as video clips and online advertisements, and corporate security administrators do not have the tools to monitor these connections. Anyone of them will make them vulnerable to backdoor attacks. Cybercriminals use long-term confidence trust measures, including the reputation or category of certain websites, to avoid being detected and to increase the effectiveness of the attacks. Now businesses must be vigilant and ensure that third party together with their cybersecurity health measures are in place, including employee education and multilayered protection and keep the business in the safe harbor on cyber from threats.
A Remedy for keeping your business safe harbor on cyber from vulnerabilities
In order to keep your business safe harbor on cyber, you need:
Log Collection & Aggregation
Security Incident Event Management (SIEM)
Incident Response & Reporting
Continuous Monitoring / Detection (24×7)
Malware Forensic Examination
Advanced Indicator Sharing (AIS)
Automation of Defense Countermeasure Deployment (DC&T)
Indicators of Attack (IOAs)
Indicators of Compromise (IOCs)

Multiple Storage Options and Retention Lengths Available
Legislative Regulation Compliance
I have found an external cybersecurity service partner, called R&K Cyber Solutions LLC (R&K) that provides both much needed cybersecurity 24×7 operation center and solutions to meet the legislative requirements. R&K has affordable solutions that allow its partners to establish real budgets when dealing with the cost of a Cyber Program. R&K also specializes in [providing affordable solutions for meeting tough Legislative Regulations such as Defense Federal Acquisition Regulation Supplement (DFARS), the Federal Acquisition Regulation (FAR), the Health Insurance Portability and Accountability Act (HIPAA), (PCI DSS) Payment Card Industry Data Security Standard and the EU General Data Protection Regulation (GDPR). R&K exceeds expectations with their reputation and history of awards.
To learn more about their services, contact your next cybersecurity operations provider today by visiting www.rkcybersolutions.com, or R&K Cyber Solutions LLC, Office: 703.326.0755, or Email: inquiries@ rkcybersolutions.com.
***For a limited time, Mention the code: ‘David Eng February’ to get 5% off for the initial trial special.
Web site vulnerabilities
The report notes that ordinary websites connect to 25 content background sites, such as video clips or advertisements. Most enterprise security administrators lack the necessary resources to monitor these back-office connections, leaving organizations vulnerable to backdoor attacks.
The report also found that efforts to categorize locations into different categories were largely ineffective. For example, websites belonging to the “Business and Economics” category have had the highest number of security incidents in the past year and have hosted more phishing websites and more sites that run vulnerable software (such as PHP 5.3.3), But not any other category “gambling.”
advertising
The report found that about 49% of “News & Media” websites were considered risky, with 45% of “Entertainment & Arts” websites and 41% of “Travel” websites considered as at-risk.
Increasingly sophisticated phishing attacks: The report found that some 4,600 phishing sites use legitimate hosting services to avoid detection. Instead of using other alternatives, attackers can more easily set up subdomains on legitimate hosting services, which are often whitelisted by the company.
The report found that domain name registrations or the existence of fake domain names that contain misspelled words for phishing and malware delivery still exist. About 19% of the domain names are found in trusted categories such as financial services, news, and media.
The report found that 49% of news and media sites, 45% of entertainment and art sites, 41% of travel sites, 40% of personal websites and blogs, 39% of social sites, 39% of businesses and economies are at risk, Not as safe as they seem, is a phishing website or a phishing website.
Vulnerable software used on trusted sites also poses a significant risk. The report found that according to Alexa’s rankings, 42% of the top 100,000 websites use software that makes them vulnerable or has been attacked in some way.
Some of the most popular software put these sites at risk, 32,669 sites put Microsoft IIS 7.5 users in jeopardy, 26,796 sites put PHP/5.45.15 users in jeopardy, 18,379 sites put users in apache / 2.2.15 risk.
The predominantly vulnerable website categories included 51,045 commercial and economic sites, 25,977 websites, 20,675 personal blog sites, 1,7083 news media sites and 1,669 adult porn sites.
The researchers said that business and economics websites have experienced the most security incidents, and they contain more websites that run vulnerable software such as PHP 5.3.3 than any other category.
To avoid potential threats, the researchers advised site owners to ensure that their servers run the latest software updates and to investigate technologies such as content security tactics. The researchers added that consumers should devoutly download software updates to avoid vulnerable technologies such as Adobe Flash and use Chrome as much as possible.

Cybercriminals exploiting traditional trust measures for compromises, study
Cybercriminals are exploiting traditional measures of trust to gain a foothold on users systems by compromising trusted sites…. Cybercriminals exploiting traditional trust measures for compromises, study

and
Phishing attacks continue to grow more sophisticated, as 4,600 phishing sites use legitimate hosting services, according to Cybercriminals exploiting traditional trust measures for business compromises. Engaging post, Read More…
thumbnail courtesy of techrepublic.com.
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post
The post Cybercriminals exploiting traditional trust measures for business compromises, study appeared first on Safe Harbor on Cyber.