kentoh - Fotolia
Cybercriminals have their pick of nearly half of the top websites in the world to exploit, according to a new study.
In its "State of the Web 2016: Quantifying Today's Internet Risk" report, Menlo Security classified 46% of the Alexa top 1 million websites as risky. The report focused not just on the top 1 million sites, but also factored in the 25 million background sites that deliver active content to the primary sites.
"By closely examining key characteristics of the background sites, including software version, release dates, CVE IDs and third-party risk intelligence, we were able to discern the impact of these background sites on the primary sites' risk," the report stated.
Of the 1 million sites analyzed, the study found more than 350,000 sites are running vulnerable software. This risk factor far outweighed the other two, with sites being "known-bad" coming in at more than 160,000 and sites with a security incident within the last year at approximately 32,000.
Menlo Security further categorized the vulnerable websites and came across more unexpected findings. More than 80,000 "Business & Economy" sites run vulnerable software, which, as the study pointed out, is more than three times as many as in the "Adult & Pornography" category. "Business & Economy" sites also topped the chart in recent security incidents with more than 5,600.
"The vast majority of recent incident categories are ones that an average person would visit while at work, as part of their daily routine," the report stated. "Whom amongst us doesn't check the news and weather each morning? Or get the latest updates on the rich and famous? Or catch up on our shopping, read our favorite blogs or watch a viral video? Risk is ever-present, even with the most trusted, 'legitimate' sites."
With so many major websites found to be risky, more people being infected or attacked more often should follow. However, the study indicated something else. "The fact is there are currently more vulnerable websites than attackers to exploit them." So, users don't have to panic just yet.
However, attackers exploiting vulnerable websites is still a common problem, and Menlo offered three reasons for it: At risk-sites are now easier to exploit than they have ever been; traditional security products don't offer strong enough protections; and phishing attacks now utilize legitimate sites.
The report offered recommendations for enterprises, website owners and end users to deal with the massive amount of risky websites, including isolation and remote browsing. Frequent patching and updates are also encouraged, as well as not downloading documents from untrusted sources.
In other news:
- The Belgium-based banking messaging service SWIFT confirmed hackers have successfully stolen more funds since the February 2016 theft of $81 million from Bangladesh's central bank at the Federal Reserve Bank of New York. In a letter to the banks that use the network, SWIFT warned of the evolving threat to their systems and disclosed there have been a "meaningful number" of attacks since February that resulted in stolen funds. The letter from SWIFT also addressed the more advanced techniques the hackers have been using, including one that uses software to pose as tech support to access systems. SWIFT hasn't yet detailed the attacks further, or named the victims or amount of stolen funds, but did clarify its own systems have not be compromised.
- The hacker group known as the Shadow Brokers is selling National Security Agency exploits to buyers one on one. The group has been quiet since it tried to auction off the exploits, but confirmed to Motherboard Dec. 15 it is running a site on ZeroNet. The site lists each exploit by name, type and price, which ranges from 10 to 1,000 bitcoins -- $780 to $780,000. This confirmation also follows the Shadow Broker's promise to sell more NSA hacking tools after publically releasing a cache of them in August. The site is a new format for selling these exploits and, unlike the public release and the auction, could make it more difficult to track what has been sold to hackers and, thus, make it harder to mitigate the threats.
- Amit Yoran is stepping down as president of RSA to head Tenable Network Security. Yoran is taking over for co-founder and former Tenable CEO Ron Gula starting Jan. 3. RSA has said it has already identified Yoran's successor, but has yet to announce the person's name. Yoran has been with RSA since 2011, when it acquired NetWitness, of which he was CEO. This leaves a vacancy in the keynote speaker lineup for the upcoming RSA Conference in February 2017. RSA was recently acquired by Dell when the computer maker purchased RSA parent company EMC for $67 billion.
- In an effort to bring more awareness around government surveillance of its users, Google published eight National Security Letters on Dec. 13. The National Security Letters were sent to Google between 2010 and 2015 from FBI offices in North Carolina, Florida, Arizona, New York and California. National Security Letters previously came with a gag order, but the 2015 USA Freedom Act now allows companies to disclose them. In a blog post, Google's Director of Law Enforcement and Information Security Richard Salgado wrote, "We are now making copies of [the National Security Letters] available. Our goal in doing so is to shed more light on the nature and scope of NSLs. We minimized redactions to protect privacy interests, but the content of the NSLs remain as they were when served."
Learn more about the Shadow Brokers' data dump
Find out why major websites aren't catching XSS flaws
Discover whether security seals are a worthwhile endeavor