Browser-based attacks increase as viruses dip

The Computing Technology Industry Association, or CompTIA, on Tuesday released its third annual report on IT security and the work force. The survey of nearly 500 organizations, found that 56.6 percent had been the victim of a browser-based attack, up from 36.8 percent a year ago and a quarter two years ago, CompTIA said.

Browser-based attacks often take advantage of security flaws in Web browsers and other components of the user's PC such as the operating system. The attackers' objective can be to sabotage a computer or steal private data, and the attacks can be launched when a person visits a Web page that appears harmless but contains malicious code.

One of the ways to lure victims to a bad Web site is through spam e-mail that include a hyperlink. Phishing, a form of attack that typically includes e-mail and fraudulent Web sites resembling legitimate ones, is on the rise, CompTIA said. Phishing is usually an attempt to steal sensitive information such as usernames, passwords and credit card numbers.

A year ago, 18 percent of organizations said they had become victims of phishing. This year the figure has grown to 25 percent, CompTIA said.

Still, viruses and worms continue to be the No. 1 IT security threat, though the number of these attacks has dipped slightly. Two-thirds of organizations reported they had experienced such attacks in the past year, down slightly from 68.6 percent a year ago.

New pests are also affecting users, CompTIA said. Pharming and threats to mobile devices are causing headaches, the organization said. In pharming attacks, people are redirected to a malicious Web site after an attacker hijacks a domain-name system server--a computer that maps text-based Web site names to actual IP addresses.

CompTIA commissioned TNS Prognostics to conduct the study, which included interviews with 489 professionals from government, IT, financial, education and other sectors.