A new report found nearly half of the 1 million most popular websites pose cyber security risk threats, including making use of legitimate sites to carry out cyber attacks. Menlo Security’s “State of the Web 2016” classified websites as risky if their home pages or associated background sites were running software known to be vulnerable, has been identified as “bad,” or had a security incident in the previous 12 months.
Vulnerable software was the most commonly found risk factor — 355,804 websites were either running vulnerable software of accessing domains in the background that were, Menlo Security highlights in a Dec. 13 press release.
Another 166,853 websites fell into the “known bad” category, while 31,938 reported experiencing a security incident in the previous 12 months.
So-called exploit kits — which may even come with instructional videos — make it easier than ever for novice or aspiring hackers to build and carry out cyber attacks, Menlo Security points out, adding that the average age of suspected culprits has dropped from 24 to 17 in recent years.
Websites Pose Cyber Security Risk
Also worth noting, Menlo Security highlights that background requests that send content to Web browsers outnumbered those from users by a ratio of 25:1. Many originated from sites whose names were unknown, but thought to be background requests from ad service networks.
Unfortunately, traditional cyber security products aren’t up to the task of adequately preventing attacks, according to the cyber security consultancy
“Browsing the web is a leap into the unknown. We already knew that ad networks present risk to the public and businesses, but the extreme levels reached in 2016, affecting 46% of the most visited web sites, mean that enterprises must address the problem,” said Menlo Security CTO Kowsik Guruswamy.
The traditional phishing attack, for instance, entails building a spoof website impostor loaded with malware. Visitors are lured in via email messages with links to the spoof site, as well as other means.
Those carrying out phishing scams can also make use of legitimate sites, and nearly half of the 1 million most popular websites are at risk, Menlo Security elaborates. They merely exploit the vulnerabilities to install and hide their malware within them.
“Menlo’s analysis confirms the Internet conundrum—use by businesses and consumers is essential but risky,” commented Michael Suby, Stratecast VP of Research at Frost & Sullivan.
“Furthermore, malware creators have historically demonstrated that they can evade detection techniques. While detection is important in reducing exposure, there is no guarantee of 100% detection. We believe that isolation, engaging the Internet at arm’s length, is an up-and-coming approach to reducing the malware risk inherent in Web browsing and click-able links in email.”