Majority of enterprise websites are at risk for malware, says Dasient report

At the Black Hat tech security/hacker convention last week, Dasient Inc., an anti-malware security provider, released a report, “Structural Vulnerabilities on Websites: Why Enterprise Websites Are Vulnerable to Malware Attacks,” that outlines the biggest security leaks on company websites.

According to data by Microsoft and Websense and cited by Dasient, malware infection has been on the rise in recent years.

The report finds that three third-party elements make up the key security risks of malware infection: third party widgets, advertising, and outdated web applications.

Dasient finds that 75% of enterprise websites use third-party JavaScript widgets. The more of these apps that a website combines, the more opportunities there are for the site to be compromised. Even third-party providers that are legitimate can be hacked.

42% of websites were found to rely on third-party advertising, which is susceptible to malvertising. This includes a 41% of financial institutions that use third-party advertising on parts of their website where crucial financial advice was being exchanged among online communities.

A massive 91% of websites were found to be running outdated, vulnerable third party applications, which can include CMS, CRM, help desk, and other web-based enterprise software.

“In today’s online world, it is highly unlikely that enterprises will rely completely on using all their own software on their websites – they depend on third parties to supply widgets, applications and ads to offer functionality and interactivity for many parts of their websites,” says Neil Daswani, one of the founders of Dasient. “Even while maintaining high security standards for the parts of the website that they directly manage, many enterprises have much less control over the security practices of these third-party providers, offering attackers easy, backdoor access to legitimate websites. If any of these third parties become compromised or infected, the entire website can be turned into a vehicle for the distribution of web-based malware, significantly damaging the enterprises’ business.”

Number of Entries on the Google Safe Browsing Malware List

To prevent such security breaks, Dasient recommends vetting third-party associates for security practices, proactive website monitoring, and detection and remediation Web Anti-Malware (WAM) services to automatically monitor and contain malware infections.

Tags: dasient, malware