Thought leadership. threat analysis, news and alerts.
Nearly Half of the World’s Top Websites Are Risky to Visit, Study Finds
A new study from Menlo Security showed that almost half of the world’s top websites are risky to visit.
According to Menlo Security'sState of the Web (First Half 2018), 42% or nearly half of the Alexa top 100,000 websites are “risky”. The Menlo Security study considers a website as risky when it falls in one of these three criteria:
According to Menlo researchers, the practice of classifying the world’s websites into logical categories is no longer defendable as more than a third of all sites in categories including News and Media, Entertainment and Arts, Shopping and Travel are risky.
Even websites categorized as safe aren’t safe by deﬁnition, with 49% of “News and Media” sites falling within Menlo’s criteria as risky, as 45% of Entertainment and Arts, 41% Travel, 40% Personal Sites and Blogs, 39% Society, 39% Business and Economy and 38% Shopping.
3 Variables that Can Put A Website at Risk
Here are 3 variables that can make a website risky:
1. Risks Linked with Background Websites
Menlo researchers found that every time a visitor visits a website, the site calls on average 25 other sites – also as known as background sites – to fetch a content, for instance, a viral video from a content delivery network (CDN) or an advertisement display from an advertisement delivery network.
Every time you visit a website, therefore, you’re not just visiting one website, but 25 sites on average. Any of these background sites could be used by cyberattackers to compromise the main site and eventually website visitors.
An example of a background site which cybercriminals could compromise the main site is through malvertisement, short for malware advertisement. In malvertisement, the advertisement being displayed on the main site could be infected by a malware. If a visitor clicks on a malvertisement, the visitor's computer then becomes infected with a malware.
2. Risks Linked with Use of Active Content
Active content refers to a software that web developers use to produce personalized and dynamic websites. By using software like Flash, active content allows stock tickers to continuously update, and animated images, maps or drop-down boxes to function.
The trade-off with these active contents is that while these contents make websites personalized and dynamic, web developers lose the control in securing the sites as similar to malvertisements, these contents have to be fetched from background sites. These background sites could be compromised and used to deliver a malware.
Adobe Flash, one of the software used for active content, is known to be packed with security loopholes, making this software the favorite tool by cyberattackers. While Adobe tries to make Flash more secure, the product is simply unfortunate enough to rank as one of the most frequently exploited software by cybercriminals.
3. Risk Linked with Use of Vulnerable Web Software
According to Menlo Security, many of today’s top websites and their accompanying background sites run on vulnerable web software.
"Many of the world’s most popular websites run on back-end web servers that are outdated, including some that have not been updated for years or even decades,” Menlo Security said. “This leaves those websites extremely vulnerable to web-borne malware, exposing site visitors to possible infections, incursions, or breaches. Use of outdated server software also threatens any site to which it serves as a ‘background website.’ Simply put, the older the software, the higher the risk.”
Vulnerable web software refers to a software that has been repeatedly attacked over the years. It also refers to a software that has reached its end of mainstream support, including the end of security updates or patches from the software vendor.
Menlo researchers found that many Business and Economy websites still use Microsoft’s IIS version 5 web server, a software that Microsoft stopped providing updates or patches more than 12 years ago.
Microsoft’s IIS version 5 web server has been exploited by cybercriminals in the past. An example of a malware that exploited the security vulnerability in Microsoft’s IIS version 5 web server is the infamous Code Red, a malware that appeared in three versions from July 2001 to August 2001. The first version of this malware defaced webpages and launched a denial of service attack against www.whitehouse.gov.
Code Red, also known as ISS Buffer Overflow vulnerability, allows an attacker to gain full system level access to any server that’s using the Microsoft Internet Information Services (IIS) Web server software. An attacker that exploits the Code Red or ISS Buffer Overflow vulnerability can perform any system level action, including installing malware, adding, changing or deleting files, and manipulating web server content.
Here are some of the best practices to the lower the odds of being victimized from risky websites:
If you’re a website owner, make sure that your server runs up-to-date software. Running your company website on Microsoft’s IIS 5 web server, a software that Microsoft no longer supports, is a big security risk for your company. Attackers have been known to exploit computer programs that no longer receive security updates or patches from vendors. To keep your website safe, it’s also important to use technologies that prevent the introduction of malicious code via background sites.
As a website visitor, you can lower your odds of being victimized by a risky website by making sure that your computer programs are up-to-date. It’s also important to avoid vulnerable software like Adobe Flash.
Steve E. Driz, I.S.P., ITCP