Four in 10 Top Websites Are Dangerous

Four in 10 of the top websites pose dangers to their visitors. According to cybersecurity vendor Menlo Security, out of the top 100,000 websites as ranked by Alexa, 42 percent are "risky." A risky website is any site that fits one of these criteria:

  • Either the homepage or an associated background site is running vulnerable software;
  • It's known to distribute malware or launch attacks; or
  • It has already suffered a security breach in the past 12 months.

The use of background services is especially troubling, according to Menlo, which published its findings in a "State of the Web 2017" report.

While the security industry puts a lot of attention on the behavior of website visitors, the report noted, "much of the damage wrought by cybercriminals happens behind the scenes, as websites connect with so-called 'background sites.'" Menlo's researchers found that websites rely on an average of 25 other background sites to produce content, such as displaying a video from a media server or serving an ad from an advertising network. Many antivirus and web-filtering programs focus on the primary domain while ignoring the calls to those background sites, the report stated.

Although the report didn't list problematic websites, it did categorize them by type of content. For example, 49 percent of news and media sites "satisfied" at least one of three criteria of riskiness, as did 45 percent of entertainment and arts sites and 40 percent of personal sites and blogs.

While the adult and pornography category had the highest number of risky sites, business and economy sites led the way in the "trusted" category.

Another source of problems is the reliance on "aging software technology," programs that have been around long enough to be "repeatedly compromised" through the years, Menlo researchers asserted. For example, 32,000 sites that were part of the study used Microsoft IIS 7.5, a version released with Windows 7 and Windows Server 2008 R2. Here, business and economy sites led the way, with 51,045 websites relying on software classified as "vulnerable." Also, 9,452 websites for educational institutions made the list of vulnerable sites.

The Menlo report highlighted the problem of websites being identified as unsafe by web security firms, only to transition to a trusted category temporarily and then back again. One unnamed security company, for example, assigned a website to a "Phishing and Other Frauds" category and then briefly reassigned it to a "benign-sounding" category for a couple of days, before yanking it back to the untrusted side.

Menlo advised website owners to run the latest software for their websites and to try programs such as "content-security-policy," to minimize access to malware through background sites. It also encouraged users to "download software updates religiously," stay away from Adobe Flash and use the Chrome browser "when possible." A final bit of advice was to use isolation techniques for web surfing, such as moving the execution of web content to the cloud, preventing malicious code from reaching the user's device.

The report is available with registration on the Menlo Security site.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  •  black graduation cap with a glowing blue AI brain circuit symbol on top

    Report: AI Is a Must for Modern Learners

    A new report from VitalSource identifies a growing demand among learners for AI tools, declaring that "AI isn't just a nice-to-have; it's a must."

  • young man in a denim jacket scans his phone at a card reader outside a modern glass building

    Colleges Roll Out Mobile Credential Technology

    Allegion US has announced a partnership with Florida Institute of Technology (FIT) and Denison College, in conjunction with Transact + CBORD, to install mobile credential technologies campuswide. Implementing Mobile Student ID into Apple Wallet and Google Wallet will allow students access to campus facilities, amenities, and residence halls using just their phones.

  • cybersecurity analyst in a modern operations center monitors multiple digital screens showing padlock icons, graphs, and a global map with security markers

    Louisiana State University Doubles Down on Larger Student-Run SOC

    In an effort to provide students with increased access to real-world cybersecurity experience, Louisiana State University has expanded its relationship with cybersecurity solutions provider TekStream to launch TigerSOC, a new student-run security operations center.

  • laptop with AI symbol on screen

    Google Launches Lightweight Gemma 3n, Expanding Edge AI Efforts

    Google DeepMind has officially launched Gemma 3n, the latest version of its lightweight generative AI model designed specifically for mobile and edge devices — a move that reinforces the company's emphasis on on-device computing.