cloud security issues

New Report Finds 1 Out Of 3 Sites Are Vulnerable To Malware

1 Out Of 3 Sites Are Vulnerable To Malware

A new report published this morning by Menlo Security has alarmingly suggested that at least a third of the top 1,000,000 websites in the world are at risk of being infected by malware. While it’s worth prefacing the findings with the fact Menlo used Alexa to compile the list of the top million – a ranking site which is notoriously flawed with spammers and companies paying to have their own numbers inflated – it is still a worrying trend.

Although the use of the Alexa data might be questionable, the Menlo study’s methodology was sound. They scanned 1.75 million URLs before checking each one against third party classification systems to see if it was reported as malicious, checking IP addresses against a reputation database, and issuing a web request to each URL so they could fingerprint the response and determine what software was in use. The results are astounding – the report found one in five sites are running software with known vulnerabilities, and one in twenty sites were identified by 3rd-party domain classification services as serving malware or spam, or are part of a botnet.

risks-alexa-security

The report claims that its findings prove that the concept of a ‘trusted’ site is a fallacy – with a billion websites already online and an extra 100,000 being added every day, companies’ websites are now being threatened by other sites that are out of their control. They use the example of the recent Forbes.com hacking, which saw attackers exploit a WordPress vulnerability to insert malicious code into the site that was then delivered via the ‘trusted site’ for an unspecified amount of time – possibly months.

Menlo Security’s CTO, Kowsik Guruswamy, had the following to say: “Vulnerable servers (like in Forbes, James Oliver, etc.) are being exploited by cyber criminals as a launching pad for delivering malware to unsuspecting end users. If anything, this act is trending higher. As SSL on the Internet becomes more prevalent, enterprises are going to face a much higher risk. This is partly because most enterprises, for privacy reasons, don’t inspect SSL traffic and this is an easy channel for malware to ride on without getting noticed.

The Worst Offenders

So which sites and sectors can you trust? Unsurprisingly, the worst offenders in the report were sites labelled as “Hate and Intolerance”, with sites that promoted content about violence and child abuse showing vulnerability rates of almost 35 percent. In the regular web, the report noted concern about the number of sites in typically trusted sectors that showed vulnerabilities; for example transport, health, and medicine sites had a rate of 20 percent, while tech sites and business sites both exhibited around 18 percent rates.

What is the solution? We’ve already see more than $70 billion spent on cyber security tools in 2014, yet somehow malware always manages to stay one step ahead. Menlo argue that the incident similar to the Forbes hack will become increasingly common until someone addresses the source of the problem by developing a new tool that can completely stop all web attacks before they reach their target, rather than just investing in new tools that do a better job of detecting infected systems and limiting the impacts of security breaches.

What do you think? Is Menlo’s report accurate? How do you envisage the future of cybersecurity? Let us know in the comments below.

By Daniel Price

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information, resources and thought leadership services.

Contact us for a list of our leading programs.

Technology Cloud Contributor

The Competitive Cloud Data Center

The Competitive Cloud The corporate data center was long the defacto vehicle for all application deployment across an enterprise. Whether ...
The Importance of Cloud Backups: Guarding Your Data Against Hackers

The Importance of Cloud Backups: Guarding Your Data Against Hackers

The Importance of Cloud Backups Cloud platforms have become a necessary part of modern business with the benefits far outweighing ...
Global Public Cloud Spending To Double By 2020

Global Public Cloud Spending To Double By 2020

The Cloud and Endpoint Modeling The worldwide migration of IT resources to the public cloud continues, at a head-spinning pace ...
How Machine Learning Quantifies Trust & Improves Employee Experiences

How Machine Learning Quantifies Trust & Improves Employee Experiences

Machine Learning Quantifies Trust Bottom Line: By enabling enterprises to scale security with user behavior-based, contextual intelligence, Next-Gen Access strategies are ...
How Leading Organizations are Leveraging Big Data

How Leading Organizations are Leveraging Big Data

Seeing The Big Data Picture “Data will talk to you if you’re willing to listen”— Jim Bergeson. Few can dispute ...
Will 2018 Be the Year Augmented Reality Moves Outside ‘Pokémon Go’?

Will 2018 Be the Year Augmented Reality Moves Outside ‘Pokémon Go’?

2018 Augmented Reality If you’ve never heard of “Pokémon Go” — or at least never had the concept explained to ...
NVIDIA Opening AI Research Lab in Toronto, Following Move in Seattle

NVIDIA Opening AI Research Lab in Toronto, Following Move in Seattle

Toronto is a thriving hub for AI experts, thanks in part to foundational work out of the University of Toronto and government-supported research organizations like the Vector Institute. We’re tapping further into this expertise by investing ...
Cisco Announces Intent to Acquire July Systems

Cisco Announces Intent to Acquire July Systems

Today we are announcing our intent to acquire July Systems, a privately-held company headquartered in Burlingame, California with offices in Bangalore, India. We are excited to welcome July Systems and its cloud-based mobile experience and ...
New Oracle Autonomous Cloud Services Ease Mobile Development, Data Integration

New Oracle Autonomous Cloud Services Ease Mobile Development, Data Integration

AI-based PaaS services cut costs and speed development of chatbots, data integration, and API management Oracle (NYSE: ORCL) today announced the availability of its next-generation Oracle Cloud Platform services featuring built-in autonomous capabilities, including Oracle Mobile ...