Heartbleed affected around 17 percent of all TLS-enabled websites
McAfee Labs today released its Threats Report for August 2014. The lead topic for the last quarter concerns the Heartbleed vulnerability, which McAfee Labs says was the most significant security event since the Target data breach in 2013. Heartbleed affected more than 600,000 websites, and in its aftermath, the cost for repair is likely to be hundreds of millions of dollars, McAfee Labs said.
"Due to its prevalence, many consider this the worst vulnerability ever disclosed," McAfee Labs states in its report (PDF). "Because of the popularity of OpenSSL on commercial servers, Heartbleed affected a significant portion of the Internet, estimated to be around 17 percent of websites using TLS. This estimate includes some of the most often visited websites on the net as well as many smaller, less well-known sites."
While Heartbleed was an eye-opener, phishing is still a major problem. McAfee Labs said it collected more than 250,000 new phishing URLs since its last report, thereby bringing the total to one million new sites in the last year. Phishing isn't just becoming more widespread, it's also becoming more sophisticated.
McAfee Labs asked business users to take a phishing quiz that consisted of 10 email messages presented in emulated email clients. Respondants were asked to identify which of those samples were real and which were phishing scams. Out of the 16,000 business users who took the quiz, 80 percent fell for at least one phishing email.
"We find this figure shockingly high," McAfee Labs said. "It takes only one successful delivery of malware to a vulnerable system to establish a foothold in almost any business."
Even worse, McAfee found that the departments holding the most sensitive data performed far worse in identifying phishing scams.