sb-au logo
Story image

42% of Alexa-ranked websites are open invites for attackers

07 Feb 2018

Many of the internet’s supposedly safe websites could actually be a breeding ground for risk – or at least that’s what Menlo Security’s third annual State of the Web report says.

Of the 100,000 top websites on the web as ranked by Alexa, 42% of those either use software that leaves them wide open to attack, or they are already compromised.

Many of those vulnerabilities are due to background sites that present online media such as video clips and online ads. The average website connects to 25 background sites for this content, Menlo Security says.

The company believes that most security administrators don’t have the resources or tools to monitor these connections, which leaves them vulnerable to backdoor attacks.

“This report confirms what most CISOs already know: that a false sense of security is a dangerous thing when using the web,” comments Menlo Security CEO Amir Ben-Efraim.

 “Despite website operators' best efforts, cyber-criminals can now exploit widespread vulnerabilities to compromise even the most trusted brands on the web." 

Sorting sites into ‘good’ or ‘bad’ sites doesn’t necessarily work, particularly as hackers are using trusted hosting services to set up genuine-looking phishing sites with safe-looking URLs.

The report found that 4600 phishing sites used legitimate hosting services and many ‘typosquatters’ formed in trusted categories such as financial services.

Typosquatting is the method of setting up fake domains that look similar to a company’s actual website, for example yaoo.com appears to look like yahoo.com.

“To prepare this report, we tracked the web activity of our users over a 30-day period. During that time, we saw traffic to 78 malicious sites that had been misspelled to deceive people trying to visit Alexa’s top 1,000 domains,” the report says.

It also says that business and economy sites received more than their fair share of risky activity last year. They hosted more phishing sites than any other category and experienced the most security incidents in the last 12 months. 12,307 business and economy sites had been used as attack vectors or malware delivery systems.

Menlo Security also analysed the script origin servers for both primary and background sites, and correlate known CVE vulnerabilities. The company found that more than 32,649 sites use Microsoft IIS 7.5, which was released in 2009.

Those results suggest that organisations are using aging software technologies to run their websites – technologies that may have been compromised multiple times since they were released.

“Many sites use software that is no longer fully supported. Microsoft’s Internet Information Services (IIS) 5 was released in 2000, and reached mainstream support end” in 2005, the report indicates.

Menlo Security says organisations must have a ‘healthy distrust' for the web.

“Website owners need to make sure their servers run the latest software updates, and should investigate technologies such as Content-Security-Policy (CSP), which can reduce introduction of malicious code via background sites.”

Story image
Fortinet’s ‘zero trust’ approach redefining security
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, explains why taking a ‘zero trust network access’ approach to cybersecurity requires fully-integrated and comprehensive security services and policies.More
Link image
How to better protect your organisation's most valuable asset - its data.
Data resilience strategies are becoming increasingly critical in relation to the skyrocketing value of data and the proliferation of malicious entities wishing to steal it.More
Story image
The SASE triangle: How a CASB protects managed apps
Enterprises that fail to adapt to the modern business world when it comes to security are likely to fall prey to data breaches and experience a host of other problems, writes Bitglass product marketing manager Will Houcheime.More
Story image
Jamf extends Microsoft collaboration with iOS Device Compliance
Organisations will soon be able to use Jamf for Apple ecosystem management while using Azure Active Directory and Microsoft Endpoint manager to maintain conditional access.More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More