As the threat to IT operations by viruses and worms declines, browser-based attacks are increasing, according to a technology trade organization.
The Computing Technology Industry Association, or CompTIA, on Tuesday released its third annual report on IT security and the work force. The survey of nearly 500 organizations, found that 56.6 percent had been the victim of a browser-based attack, up from 36.8 percent a year ago and a quarter two years ago, CompTIA said.
Browser-based attacks often take advantage of security flaws in Web browsers and other components of the user's PC such as the operating system. The attacks' objective could be to sabotage a computer or steal private data and can be launched when a user visits a Web page that appears harmless but contains malicious code.
One of the ways to lure victims to a bad Web site is through spam e-mails that include a hyperlink. Phishing, a form of attack that typically includes e-mail and fraudulent Web sites resembling legitimate sites, is on the rise, CompTIA said.
A year ago, 18 percent of organizations said they had become victims of phishing, this year that is up to 25 percent, CompTIA said. Phishing is online fraud that attempts to steal sensitive information such as usernames, passwords and credit card numbers.
Still, viruses and worms continue to be the No. 1 IT security threat, though the number of these attacks has leveled off. Two-thirds of organizations reported they had experienced such attacks in the past year, down slightly from 68.6 percent a year ago.
New pests are also affecting users, CompTIA said. Pharming and threats to mobile devices are causing headaches, the organization said. In pharming attacks users are redirected to a malicious Web site after an attacker hijacks a domain-name system server--a computer that maps text-based Web site names to actual IP addresses.
CompTIA commissioned TNS Prognostics to conduct the study, which included interviews with 489 professionals from government, IT, financial, education and other sectors, the organization said.
