How You Can Get Infected via World Wide Web Exploits
It has been common for quite some time that the Internet or the World Wide Web be the most usual angle of attack for hackers, most often targeting software vulnerabilities or using exploits on the receiving client.
Software vulnerabilities can be anything from third party software exploits to Cross-site scripting (XSS).
The most commonly exploited software on your PC has been Oracle Java, Adobe Flash and Adobe Acrobat Reader for many years. More frequently, now browsers such as Google Chrome and Internet Explorer are also being exploited, which make World Wide Web exploits a serious information security risk.
That means that software on your computer or your corporate environment is also a risk, so make no mistake about it. In approximately 70% of web based attacks the direct target is a vulnerability on your computer.
Other angles of attack used by hackers from the Internet are attacks such as phishing, drive-by downloads, watering hole attacks or social website attacks. If you don’t know them, you can read more about each important type of attack.
So, since the Internet or websites are now the most commonly used angles of attack, delivering a variety of attacks types, let’s find out which sources of the Internet are actually delivering them to your computer or which underlying sources are trying to infect your company’s organization.
Please keep in mind that the information below does not refer to websites that a computer user might access (e.g. Facebook.com), but it concerns the original source for the malicious content. The source of infection could be the visited website, but also concealed content, which is loaded from another website (e.g. through an iFrame).
Most common World Wide Web exploits used to deliver cyber-attacks
The following is a detailed list of which types of websites are being used to deliver malicious attacks by hackers (data extracted from our comprehensive Heimdal Security Intelligence Database):
- 90,0% – delivered from advertising networks
- 4,63% – websites being used only for malicious purposes
- 4,10% – delivered from remarketing networks
- 1,20% – the actual website itself, which is malware infected
- 0,04% – typo squatting normal websites
- 0,03% – Content Delivery Networks.
Some of the categories above deserve a more in depth look on the type of attack used.
Within the category of websites used only for malicious purposes, the split of the attack type is:
- 88,6% – websites used to deliver drive-by downloads
- 10,7% – websites used for phishing attacks
- 0,70% – websites used for redirecting the user to other destinations on the Internet, which are malware infected.
How hackers target vulnerabilities in your system
Within the advertising and remarketing space, the most often attack type used is targeting vulnerabilities or using exploits on your PC. The rest is a blend of methods used to deliver malware to the computer.
However, looking at the numbers below, we will have to remember that World Wide Web exploits can also be used with a variety of intents. So this is just a view of the initial attack purpose, not the final goal.
The assumed total look of attack types is therefore as follows:
- Trying to target vulnerabilities and exploits – 75,6%
- Trying to deliver malware to the PC – 23,9%
- Trying to fish the user for personal information – 0,50%.
As we have covered in earlier blog posts, it is commonly known that Oracle Java, Adobe Reader or Adobe Flash is present on 99% of computers. Not only that, but the vulnerabilities seen in these types of software are extremely critical, which means that a simple click on a advertising banner could give a hacker full access to your computer.
Also recently Adobe Flash was directly integrated as a component in Google Chrome and Internet Explorer, which means that the number of World Wide Web exploits related to it is likely to increase.
Only 3 weeks ago Adobe Flash had 4 vulnerabilities within a week, so it is fully understandable why hackers take this route to attack your PC.
As a private PC user, CIO or IT manager, we can therefore only urge you to find a web-filtering tool and keep your software up to date. Having traffic filtering enabled will help protect you against Zero Hour vulnerabilities as well.