Where Is Malware Hiding?

According to Cisco’s 2015 Annual Security Report, the top industries that pose a risk to you through their websites, depending on where you live, include aviation, media and publishing, agriculture and mining, food and beverage, insurance, automotive, and real estate and land management.

Not the kinds of sites you expected, are they?

When you think about it, however, it makes perfect sense. They’re the kinds of sites that you visit all the time. Unless you suffer from a pornography addiction, you’re probably not visiting shady porn streaming sites constantly. The same is likely true with illegal marketplaces on the Dark web, questionable movie and TV streaming sites, and torrents.

When you look at the worldwide report, the industries are similar, but they also include pharmaceutical, chemical, and legal sites as well. Again, sites that get a lot of traffic.

Of course, just because these are the most dangerous sites doesn’t mean they’re the only places you can get infected. Even though they aren’t the prime vector, adult sites are definitely sources of malware; downloading images from social networks can get you infected; search engines have been a notable vector for a while; and ads on any site can be compromised. These sites are simply where malware distributors are focusing their attention at the moment.
Just How Risky are These Sites?

Cisco’s report quantifies just how dangerous these sites are by using a magnitude measurement, where 1 represents the average likelihood of exposure to malware. So visiting a site from a sector with a risk rating of 2 would make you twice as likely to be exposed to malware as the average site on the Internet.

As you can see, it’s surprisingly risky to visit some of these sites. Aviation in the US has a risk factor of 5, and media and publishing come in at 2.8. In Asia, the insurance sector has a worryingly high 6, while real estate and land management, automotive, and transportation and shipping sites are all over three times as likely to infect users with malware as other sites.

Worldwide, pharmaceutical and chemical sites show an alarming risk rating of 4.78, with media and publishing following with 3.89.
How Are Users Getting Infected?

As we’ve been saying for a long time, Flash is a big security risk. Cisco’s results confirm that, and also point out that JavaScript is being used to conceal malware hidden in Flash, making it harder to find and analyze.

Attacks based on Java, which held a strong lead as the most widely used attack vector, have gone down significantly, and Silverlight attacks are on the rise. PDF files continue to be used to distribute malware, too, indicating that email-based phishing is still effective.

Scripts and iFrames are common methods of distribution across the world, with exploits and scams playing significant roles as well (especially in Asia, where scams are ranked first).

Another factor that’s become more significant in recent years is malvertising from browser add-ons, which are often bundled with other software. We’ve talked about the dangers of malicious browser add-ons before, and it looks like being careful about which extensions you use is becoming increasingly important. Stop downloading free software from crappy sites, and you’ll be in much better shape.
How to Stay Safe

All of this information points to one inescapable conclusion: hackers, cybercriminals, and malware distributors are smart about what they’re doing. They’re targeting the sites we visit often, they’re finding ways to better conceal malware, and they’re updating the strategies that work so they continue being effective. So you need to be one step ahead.

Fortunately, being one step ahead is really easy. In fact, we tell you how to do it all the time. Download a good anti-virus package. Make sure it gets updated automatically. Update your operating system as soon as you can. Keep your browsers updated. Don’t install add-ons or apps if you don’t know exactly what they do. Review your apps and add-ons on a regular basis to make sure there’s nothing new that you didn’t put there (it really only takes a moment).

And now, you can keep these facts in mind when you’re visiting aviation, pharmaceutical, insurance, and other sites that are common targets. While there isn’t necessarily anything you should be doing differently on those sites, it’s good to know where you might be a target so you can be extra vigilant and on the lookout for anything suspicious.