Report: Four in 10 Top Websites Are Dangerous

Four in 10 of the top websites pose dangers to visitors. According to cybersecurity vendor Menlo Security, out of the top 100,000 websites as ranked by Alexa, 42 percent are "risky." A risky website is any site that fits one of these criteria:

  • Either the homepage or an associated background site is running vulnerable software;
  • It's known to distribute malware or launch attacks; or
  • It has already suffered a security breach in the past 12 months.

The use of background services is especially troubling, according to Menlo, which published its findings in a "State of the Web 2017" report.

While the security industry puts a lot of attention on the behavior of website visitors, the report noted, "much of the damage wrought by cybercriminals happens behind the scenes, as websites connect with so-called 'background sites.'" Menlo's researchers found that websites rely on an average of 25 other background sites to produce content, such as displaying a video from a media server or serving an ad from an advertising network. Many antivirus and web-filtering programs focus on the primary domain while ignoring the calls to those background sites, the report stated.

Although the report didn't list problematic websites, it did categorize them by type of content. For example, 49 percent of news and media sites "satisfied" at least one of three criteria of riskiness, as did 45 percent of entertainment and arts sites and 40 percent of personal sites and blogs.

While the adult and pornography category had the highest number of risky sites, business and economy sites led the way in the "trusted" category.

Another source of problems is the reliance on "aging software technology," programs that have been around long enough to be "repeatedly compromised" through the years, Menlo researchers asserted. For example, 32,000 sites that were part of the study used Microsoft IIS 7.5, a version released with Windows 7 and Windows Server 2008 R2. Here, business and economy sites led the way, with 51,045 websites relying on software classified as "vulnerable." Also, 9,452 websites for educational institutions made the list of vulnerable sites.

The Menlo report highlighted the problem of websites being identified as unsafe by web security firms, only to transition to a trusted category temporarily and then back again. One unnamed security company, for example, assigned a website to a "Phishing and Other Frauds" category and then briefly reassigned it to a "benign-sounding" category for a couple of days, before yanking it back to the untrusted side.

Menlo advised website owners to run the latest software for their websites and to try programs such as "content-security-policy," to minimize access to malware through background sites. It also encouraged users to "download software updates religiously," stay away from Adobe Flash and use the Chrome browser "when possible." A final bit of advice was to use isolation techniques for web surfing, such as moving the execution of web content to the cloud, preventing malicious code from reaching the user's device.

The report is available on the Menlo Security site (registration required).

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • three silhouetted education technology leaders with thought bubbles containing AI-related icons

    Ed Tech Leaders Rank Generative AI as Top Tech Priority

    In a recent CoSN survey, an overwhelming majority of ed tech leaders (94%) said they see AI as having a positive impact on education. Respondents ranked generative AI as their top tech priority, with 80% reporting their districts have gen AI initiatives underway, or plan to in the current school year.

  • computer monitor with a bold AI search bar on the screen

    Google Rolls Out AI Mode in Search

    About a year after introducing AI Overviews for its flagship search offering, Google has announced broad availability of AI Mode in Search.

  • glowing shield hovers above a digital cloud platform with abstract data streams and cloud icons in the background

    Google to Acquire Cloud Security Firm Wiz in $32 Billion Deal

    Google has announced it will acquire cloud security startup Wiz for $32 billion. If completed, the acquisition — an all-cash deal — would mark the largest in Google's history.

  • students using digital devices, surrounded by abstract AI motifs and soft geometric design

    Ed Tech Startup Kira Launches AI-Native Learning Platform

    A new K-12 learning platform aims to bring personalized education to every student. Kira, one of the latest ed tech ventures from Andrew Ng, former director of Stanford's AI Lab and co-founder of Coursera and DeepLearning.AI, "integrates artificial intelligence directly into every educational workflow — from lesson planning and instruction to grading, intervention, and reporting," according to a news announcement.