Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 29 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Half of the Web is Vulnerable to Malware

by The Gurus
December 14, 2016
in Editor's News
Share on FacebookShare on Twitter

Menlo Security, a pioneer of malware isolation, today announced the availability of its State of The Web 2016 report. The surprising results reveal that nearly half (46%) of the Internet’s top 1 million web sites, as ranked by Alexa, are risky.  This is largely due to vulnerable software running on web servers and on underlying ad network domains. The results are significant because risky sites have never been easier to exploit, and traditional security products fail to provide adequate protection. Attackers have their veritable choice of half the web to exploit, allowing them to launch phishing attacks from legitimate sites.
Menlo Security considers a site risky if either the homepage or associated background sites: is running vulnerable software, is known-bad, or has had a security incident in the last 12 months. Vulnerable software was the leading factor in classifying a site as risky. Of the 1 million sites, 355,804 were either running vulnerable software or accessing background domains running vulnerable software; 166,853 fell into known bad categories; while 31,938 experienced a recent security incident.
Another key finding was that background requests sending content to web browsers outnumber user requests at a ratio of 25:1. The culprit sites found in the study include destinations that are widely unknown by name, however these large ad service networks are found hidden behind the world’s most visited media sites and include sites for 24-hour news, weather sites and major metro newspapers.
“Browsing the web is a leap into the unknown. We already knew that ad networks present risk to the public and businesses, but the extreme levels reached in 2016, affecting 46% of the most visited web sites, mean that enterprises must address the problem,” said Kowsik Guruswamy, CTO at Menlo Security.
Risky Sites Have Never Been Easier to Exploit
Today, exploit kits are readily available to anyone, as are the instructional videos that provide step-by-step execution instructions. The expertise requirement has all but vanished. Underscoring this point, the average age of suspected cyber-attackers dropped from 24 to 17[1].
Traditional Security Products Fail to Provide Adequate Protection
Compounding the issue, the vast majority of malware prevention products attempt to prevent attacks by distinguishing between “good” and “bad” elements, and then implement policies intended to allow “good” content and block the “bad.” In every case, the detection is never perfect, and thus the policy choice involves a level of risk that the wrong decision is being made. Additionally, enterprises regularly allow access to popular websites for the sake of productivity. Given the risk associated with nearly half of popular sites, a Web security strategy based on categorization is effectively useless.
Phishing Attacks Can Now Utilize Legitimate Sites
Although traditional phishing attacks involve the creation of a new imposter, or “spoofed,” site, the sheer volume of vulnerable trusted sites makes it very easy for attackers to compromise a legitimate site and send that link as part of a phishing campaign. With this approach, attackers no longer need to worry that URL filtering will thwart their efforts, and they avoid anomalies in the link address, such as misspellings, special characters, or numbers that might raise suspicions. Clicking on what is a perfectly legitimate link within such a phishing email can expose a user to a drive-by malware exploit that could deliver ransomware, or mark the beginning of a larger breach.
“Menlo’s analysis confirms the Internet conundrum—use by businesses and consumers is essential but risky,” states Michael Suby, Stratecast VP of Research at Frost & Sullivan. “Furthermore, malware creators have historically demonstrated that they can evade detection techniques. While detection is important in reducing exposure, there is no guarantee of 100% detection. We believe that isolation, engaging the Internet at arm’s length, is an up-and-coming approach to reducing the malware risk inherent in Web browsing and click-able links in email.”
The 2016 Web vulnerability report can be downloaded here:  https://www.menlosecurity.com/state-of-the-web-ig-lp-2016
[1] The Guardian https://www.theguardian.com/technology/2015/dec/08/average-age-of-cyber-attack-suspects-drops-to-17

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Preparing for a year of unknown, unknowns in cyber security

Next Post

New Cybersecurity Book Highlights Growing Threat of Social Engineering

Recent News

Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information