Cybercriminals are hacking trusted sites using stolen access credentials in order to launch attacks that are out in the open, but also veiled from reputation filters and commonly blocked web categories. Here are three reasons researchers say you need to be wary -- even on sites you count as safe:

Cybercriminals are patient and willing to put in the work

Patience delivers payoffs, according to Blue Coat researchers, who note criminals will often wait months to establish legitimate web site infrastructure that will get past reputation-based software filtering. The most common example of this type of exploitation is (malware advertising) attacks.

"For example, a relatively new ad domain that had existed for approximately six months had been checked several times for malware with clean ratings when it picked a day in early November to selectively target and deliver its cloaked malware payload," the report states. "The next day it was gone."

See also: