40% of Malicious URLs Were Found on Good Domains (helpnetsecurity.com) 75
Help Net Security shared an interesting statistic from the 2019 Webroot Threat Report.
40 percent of malicious URLs were found on good domains. Legitimate websites are frequently compromised to host malicious content.
To protect users, cybersecurity solutions need URL-level visibility or, when unavailable, domain-level metrics, that accurately represent the dangers.
The report also found that while Google was the single most impersonated brand in phishing, 77% of all phishing attacks impersonated financial institutions. (The good news? After 12 months of security awareness training, end users were 70% less likely to fall for phishing attacks.)
And Windows 10 devices were "at least twice as secure as those running Windows 7. Webroot has seen a relatively steady decline in malware on Windows 10 machines for both consumer and business."
To protect users, cybersecurity solutions need URL-level visibility or, when unavailable, domain-level metrics, that accurately represent the dangers.
The report also found that while Google was the single most impersonated brand in phishing, 77% of all phishing attacks impersonated financial institutions. (The good news? After 12 months of security awareness training, end users were 70% less likely to fall for phishing attacks.)
And Windows 10 devices were "at least twice as secure as those running Windows 7. Webroot has seen a relatively steady decline in malware on Windows 10 machines for both consumer and business."
hosts file (Score:2)
Re: (Score:2)
Unless I take the list of evil URLs and make my boss's hosts file point everything at them. Naw, I'd *never* do such a thing.
Re: (Score:1)
You know, sarcasm feels fun, and insulting random people on the Internet can produce a feeling of satisfaction as well. But these short-term rewards have a long-term cost. They condition the mind to automatically and perpetually respond to everything with something negative and mean-spirited. This can have harmful effects on one's mental health and social life.
Since you are smart enough to come to this site and make a cogent post, you are probably smart enough to succeed and accomplish meaningful achieve
Re: (Score:3)
After 12 months of security awareness training, end users are 70 percent less likely to fall for a phishing attempt.
If I'd spent 12 months training users, and only saw a 70% reduction(?), I would not be bragging about my course. I would be revamping my curriculum to figure out where I went wrong.
Re:Correlation, Causation? No details at all? (Score:5, Interesting)
Where I work, they send out fake phishing emails and provide a 'report phish' button in Outlook. Reporting real ones trains the system on what to filter and failing to report fake ones trains I.T. on who needs training.
This seems pretty effective and targeted.
Re: (Score:2)
Re: (Score:2)
Taking this a bit further; It underscores why awareness training is really a waste of time at this point. I am not personally involved it it but its one of the services the firm I work at provides to some clients.
There are basically two kinds of computer users at this point. Those who are pretty savvy and won't be easily phished period. The other group is simply untrainable. They will never learn not to be scammed because they are one of the following: stupid (sometimes it really is that simple), proud
Re: (Score:2)
Re: (Score:1)
Browsers (Score:1)
Browsers need URL level visibility. Anything that obscures the URL in the browser should be fixed. Mouse-over should always display what is about to be clicked.
Re: (Score:2)
Does that include all the shit loaded behind the scene by javascript?
It's gonna be a mighty long list of URLs to read through for every page...
it's easy to filter most of them (Score:2)
If the link matches this REGEX, it's almost certainly for a compromised site: /\/wp-(includes|content)\/(images|uploads?|themes|plugins|cache)\//
Whatever claims and advances WordPress makes in the realm of security, it is FAR too easy for people to configure it a way to store malware, and redirections to same. Any "deep linking" to one suspicious at best.
Of course, if a link uses a "shortened URL", its probability of legitimacy is rather low, too.
Re: (Score:2)
Of course, if a link uses a "shortened URL", its probability of legitimacy is rather low, too.
Wonderful story. Our local UNI has decided that too many people click on phishing emails and hand over their login details, so ALL must start using 2FA.
The URL they distributed to provide information about this new requirement was 1. a shortened URL, 2. from a ccTLD that has no connection at all with the UNI, and 3. misspells the name of the UNI's animal mascot so it fits with the ccTLD.
In other words, if an email from my university contains a shortened URL that misspells the mascot and comes out of a co
An ad company (Score:2)