CyberWisdom found most popular websites are vulnerable to cyberattacks by 42%
In 2017, cyber criminals successfully exploited long-held measures of trust, such as site reputation or category, to avoid detection and increase the effectiveness of their attacks. Bottom-line: no website is totally safe.
For this year’s State of the Web findings that websites are vulnerable, our researchers analyzed the top 100,000 domains as ranked by Alexa, to truly understand the risks presented by the most heavily used websites and uncovered:
- 42% of the 100,000 sites on the network are using software that is vulnerable or has been attacked in some way. – Menlo Security, 2018
- 4,600 phishing sites use legitimate hosting services to avoid detection. – Menlo Security, 2018
- 19% of categorized typosquatting sites were in trusted categories
According to the latest Menlo Security report, many of the places we think are the safest places on the Internet are actually quite dangerous to business people and consumers and most popular websites are vulnerable. The report found that about 42% of the sites in the top 100,000 sites use software that turns them on or has been attacked in some way.
Cybercriminals use long-term confidence trust measures, including the reputation or category of certain websites, to avoid being detected and to increase the effectiveness of the attacks. This means that businesses must be vigilant and ensure that cyber health measures are in place, including employee education and multilayered protection.
The report notes that ordinary websites connect to 25 content background sites, such as video clips or advertisements. Most enterprise security administrators lack the necessary resources to monitor these back-office connections, leaving organizations vulnerable to backdoor attacks.
The report also found that efforts to categorize locations into different categories were largely ineffective. For example, websites belonging to the “Business and Economics” category have had the highest number of security incidents in the past year and have hosted more phishing websites and more sites that run vulnerable software (such as PHP 5.3.3) , But not any other category “gambling.”
The report found that about 49% of “News & Media” websites are vulnerable and are considered risky, with 45% of “Entertainment & Arts” websites and 41% of “Travel” websites considered as at-risk.
Increasingly sophisticated phishing attacks: The report found that some 4,600 phishing sites use legitimate hosting services to avoid detection. Instead of using other alternatives, attackers can more easily set up subdomains on legitimate hosting services, which are often whitelisted by the company.
The report found that domain name registrations or the existence of fake domain names that contain misspelled words for phishing and malware delivery still exist. About 19% of the domain names are found in trusted categories such as financial services, news and media.
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Articles. Home » Attack » Cyber Threats »