hackers exploit porous defenses 3your trust · traditional measures of trust. trust hacking makes...

HOW CYBERCRIMINALS ARE EXPLOITING TRADITIONAL MEASURES OF TRUST.

TRUST HACKING MAKES DETECTION INCREASINGLY DIFFICULTMRG Effitas, a U.K.-based security research company, found that traditional detection/reputation-based security solutions are vulnerable when trusted sites deliver state-of-the-art threats, such as:

HTML exploitsdelivered through fonts,

images, and CSS

Document-based exploits, such as MS Office

and Adobe Reader

Browser plug-in-basedexploits, such as Adobe Flash,

Silverlight, and Visual Basic

WAYS CYBERCRIMINALSCAN WEAPONIZEYOUR TRUST3

OF ALEXA’S TOP 100,000 SITES WERE RISKY

42%

Hackers Exploit Porous Defenses of Widely Trusted Websites

PHISHING SITES USED LEGITIMATE HOSTING SERVICES

4,600

Phishing Sites Take Coverin Legitimate Hosting Services

OF CATEGORIZED TYPOSQUATTING SITES WERE IN TRUSTED CATEGORIES

19%

Typosquatters Play the Categorization Game

Get the full Menlo State of the Web 2017 Report at www.menlosecurity.com/sow2017.

www.menlosecurity.com | info@menlosecurity.com

The Menlo Security Solution completely preserves the user experience, while providing the strongest web security available today.

BEST PRACTICES

WEBSITE OWNERS

Install the latest software updates.

Utilize ContentSecurity Policy (CSP).

CONSUMERS

Download software updates religiously.

Use the Chrome browser.

BUSINESSES

Rethink websecurity policies.

Consider new technologies such as isolation.

HOW CYBERCRIMINALS ARE EXPLOITING TRADITIONAL MEASURES OF TRUST.

TRUST HACKING MAKES DETECTION INCREASINGLY DIFFICULTMRG Effitas, a U.K.-based security research company, found that traditional detection/reputation-based security solutions are vulnerable when trusted sites deliver state-of-the-art threats, such as:

HTML exploitsdelivered through fonts,

images, and CSS

Document-based exploits, such as MS Office

and Adobe Reader

Browser plug-in-basedexploits, such as Adobe Flash,

Silverlight, and Visual Basic

Get the full Menlo State of the Web 2017 Report at www.menlosecurity.com/sow2017.

www.menlosecurity.com | info@menlosecurity.com

The Menlo Security Solution completely preserves the user experience, while providing the strongest web security available today.

BEST PRACTICES

WEBSITE OWNERS

Install the latest software updates.

Utilize ContentSecurity Policy (CSP).

CONSUMERS

Download software updates religiously.

Use the Chrome browser.

BUSINESSES

Rethink websecurity policies.

Consider new technologies such as isolation.

WAYS CYBERCRIMINALSCAN WEAPONIZEYOUR TRUST3

OF ALEXA’S TOP 100,000 SITES WERE RISKY

42%

Hackers Exploit Porous Defenses of Widely Trusted Websites

PHISHING SITES USED LEGITIMATE HOSTING SERVICES

4,600

Phishing Sites Take Coverin Legitimate Hosting Services

OF CATEGORIZED TYPOSQUATTING SITES WERE IN TRUSTED CATEGORIES

19%

Typosquatters Play the Categorization Game

WEB RISK VARIES ACROSS THE GLOBE

FRANCE

38%

UK

24%

NETHERLANDS

18%

UAE

16%

AUSTRALIA

16%