Slashdot Mirror

← Back to Stories (view on slashdot.org)

40% of Malicious URLs Were Found on Good Domains (helpnetsecurity.com)

Posted by EditorDavid on from the company-you-keep dept.

Help Net Security shared an interesting statistic from the 2019 Webroot Threat Report. 40 percent of malicious URLs were found on good domains. Legitimate websites are frequently compromised to host malicious content.

To protect users, cybersecurity solutions need URL-level visibility or, when unavailable, domain-level metrics, that accurately represent the dangers.
The report also found that while Google was the single most impersonated brand in phishing, 77% of all phishing attacks impersonated financial institutions. (The good news? After 12 months of security awareness training, end users were 70% less likely to fall for phishing attacks.)

And Windows 10 devices were "at least twice as secure as those running Windows 7. Webroot has seen a relatively steady decline in malware on Windows 10 machines for both consumer and business."

14 of 75 comments (clear)

  1. hosts file by K.+S.+Kyosuke · · Score: 1

    But I'm pretty sure a hosts file will protect you from all that...

    --
    Ezekiel 23:20
    1. Re:hosts file by Freshly+Exhumed · · Score: 1

      Unless I take the list of evil URLs and make my boss's hosts file point everything at them. Naw, I'd *never* do such a thing.

      --
      I deny that I have not avoided attaining the opposite of that which I do not want.
  2. Re:Correlation, Causation? No details at all? by phantomfive · · Score: 2
    Then there's this lovely quote:

    After 12 months of security awareness training, end users are 70 percent less likely to fall for a phishing attempt.

    If I'd spent 12 months training users, and only saw a 70% reduction(?), I would not be bragging about my course. I would be revamping my curriculum to figure out where I went wrong.

    --
    "First they came for the slanderers and i said nothing."
  3. Re:Correlation, Causation? No details at all? by TechyImmigrant · · Score: 4, Interesting

    Where I work, they send out fake phishing emails and provide a 'report phish' button in Outlook. Reporting real ones trains the system on what to filter and failing to report fake ones trains I.T. on who needs training.

    This seems pretty effective and targeted.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  4. Re:No mention of Linux at all by Anonymous Coward · · Score: 1

    You know, sarcasm feels fun, and insulting random people on the Internet can produce a feeling of satisfaction as well. But these short-term rewards have a long-term cost. They condition the mind to automatically and perpetually respond to everything with something negative and mean-spirited. This can have harmful effects on one's mental health and social life.

    Since you are smart enough to come to this site and make a cogent post, you are probably smart enough to succeed and accomplish meaningful achievements in your life. But you will have to apply yourself.

      One way to start would be to look for opportunities to meaningfully contribute to online dialogues, rather than just fling mud.

  5. Browsers by Cmdln+Daco · · Score: 1

    Browsers need URL level visibility. Anything that obscures the URL in the browser should be fixed. Mouse-over should always display what is about to be clicked.

    1. Re:Browsers by Rosco+P.+Coltrane · · Score: 1

      Does that include all the shit loaded behind the scene by javascript?

      It's gonna be a mighty long list of URLs to read through for every page...

      --
      "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  6. it's easy to filter most of them by WoodstockJeff · · Score: 1

    If the link matches this REGEX, it's almost certainly for a compromised site: /\/wp-(includes|content)\/(images|uploads?|themes|plugins|cache)\//

    Whatever claims and advances WordPress makes in the realm of security, it is FAR too easy for people to configure it a way to store malware, and redirections to same. Any "deep linking" to one suspicious at best.

    Of course, if a link uses a "shortened URL", its probability of legitimacy is rather low, too.

    1. Re:it's easy to filter most of them by Obfuscant · · Score: 1

      Of course, if a link uses a "shortened URL", its probability of legitimacy is rather low, too.

      Wonderful story. Our local UNI has decided that too many people click on phishing emails and hand over their login details, so ALL must start using 2FA.

      The URL they distributed to provide information about this new requirement was 1. a shortened URL, 2. from a ccTLD that has no connection at all with the UNI, and 3. misspells the name of the UNI's animal mascot so it fits with the ccTLD.

      In other words, if an email from my university contains a shortened URL that misspells the mascot and comes out of a country on the other side of the planet, it is actually REAL. And the UNI IT people blame the employees for falling for phishing attacks.

  7. An ad company by AHuxley · · Score: 1

    and social media company is a good domain?

    --
    Domestic spying is now "Benign Information Gathering"
  8. Re:Please enjoy my MacOS version, too... apk by IwantaWaffleIron · · Score: 1

    I truly believe slashdot should auto-ban any user who makes a comment with the string " apk" in it. Just look at the fucking spam all over this page. jesus christ.

  9. Re:Correlation, Causation? No details at all? by DarkOx · · Score: 1

    Taking this a bit further; It underscores why awareness training is really a waste of time at this point. I am not personally involved it it but its one of the services the firm I work at provides to some clients.

    There are basically two kinds of computer users at this point. Those who are pretty savvy and won't be easily phished period. The other group is simply untrainable. They will never learn not to be scammed because they are one of the following: stupid (sometimes it really is that simple), proud (being do this to long to lean anything from a CBT attitude / I am to important for this), affected by perverse incentives (sure there is a 99.9% chance this is scam but I am in sales and if I it is a client it might mean a commission for me, if it blows up my computer or gets the company hacked which is way more likely that is other peoples problems).

    The fact is at this point there are a lot of phishes that are in fact really good. They are highly targeted, domain fronting is used to make sure no spam filters or firewalls classify the source domain as malicious, it only send malicious content when accessed by they target. The content is tarred to the specific person or organization. Its well researched, includes lots of facts an insider would know but were likely discovered by social media and other opsec leaks. They have borrowed the companies presentation style by cloning press releases etc so it looks like it came from your marketing department. These would fool literally anyone and there is NOTHING you can teach in a click thru awareness program that would allow someone to spot these. Eventually to get something to run at some point they will have hit a OS/mail client/browser generated prompt. However they author will have taken great care to make sure the every aspect of the text they can control on that prompt looks as legit as possible. Even the the point of taking advantage of vulnerabilities in the software around look-a-like unicode characters on certificate orgs end users can't distinguish etc. Oh teach them never to click those pop-up prompts from anything that originated from an external source....ugh good luck with that as soon as HR decides to engage an outside payroll processor or benefits management firm..

    Basically you have to have effective technical controls on this one. DLP, EDR software, isolated client networks using tools like ISE to control access to other resources, solid least privilege implementation both on clients and network resources, outbound SSL/TLS proxying (without exception), defenses against lateral movement like unique administrative and support passwords and client isolation on networks. This is the only answer that might save a larger organization for a targeted phishing campaign. In 2019 user training is a wasted effort.

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  10. Re:Correlation, Causation? No details at all? by Chelloveck · · Score: 1

    Where I work they send out fake phishing emails which include an X-PHISHTEST header, making it trivial to write a filter to bin them automatically.

    --
    Chelloveck
    I give up on debugging. From now on, SIGSEGV is a feature.
  11. Re:Correlation, Causation? No details at all? by phantomfive · · Score: 1

    My own personal strategy is to never click on any link I get in email.

    --
    "First they came for the slanderers and i said nothing."