Legitimate Sites Hacked

 Over 83% of Web-based threats are using exploited
 legitimate web sites

   Cisco Annual Security Report

 9 out of 10 web sites vulnerable to attack

   White Hat Security, Website Sec Statistics Report

Cisco Annual Security Report, January 2015            What is an iFrame attack?

                                                       1. Legitimate site is hacked (iFrame added)

                                                       2. User re-directed by the iFrame to an infected
                                                           website

                                                       3. Malware is automatically downloaded by
                                                           exploiting a vulnerability of the web browser