- Jun 9, 2013
- 6,720
Looks can be deceiving: Many of the supposedly safest neighborhoods of the web are in fact risky places to visit.
Menlo Security’s third annual State of the Web report has found that 42% of the top 100,000 sites on the web, as ranked by Alexa, either are using software that leaves them vulnerable to attack or have already been compromised in some way.
Menlo deems a site risky if any one of three criteria is met: The site, either the homepage or associated background sites, is running vulnerable software; it has been used to distribute malware or launch attacks; or the site has suffered a security breach in the past 12 months.
One rarely discussed problem is that the average website connects to 25 background sites for content, such as video clips and online ads. Most enterprise security administrators don't have tools in place to monitor these connections, leaving them vulnerable to backdoor attacks.
Further, efforts to sort sites into "good" and "bad" simply by using categories are largely ineffectual. The business and economy category, for example, had more known bad sites (39% were found to be risky) and sites that had been used to launch attacks or distribute malicious code than did the gambling category – a counterintuitive finding at best.
Similarly, 49% of news and media sites met Menlo's criteria as "risky,” as did 38% of shopping sites.
Phishing and typosquatting also regularly occurs on sites in widely-trusted categories.
Source. 42% of the Web's Top Sites Are Compromised
Menlo Security’s third annual State of the Web report has found that 42% of the top 100,000 sites on the web, as ranked by Alexa, either are using software that leaves them vulnerable to attack or have already been compromised in some way.
Menlo deems a site risky if any one of three criteria is met: The site, either the homepage or associated background sites, is running vulnerable software; it has been used to distribute malware or launch attacks; or the site has suffered a security breach in the past 12 months.
One rarely discussed problem is that the average website connects to 25 background sites for content, such as video clips and online ads. Most enterprise security administrators don't have tools in place to monitor these connections, leaving them vulnerable to backdoor attacks.
Further, efforts to sort sites into "good" and "bad" simply by using categories are largely ineffectual. The business and economy category, for example, had more known bad sites (39% were found to be risky) and sites that had been used to launch attacks or distribute malicious code than did the gambling category – a counterintuitive finding at best.
Similarly, 49% of news and media sites met Menlo's criteria as "risky,” as did 38% of shopping sites.
Phishing and typosquatting also regularly occurs on sites in widely-trusted categories.
Source. 42% of the Web's Top Sites Are Compromised
