One in Three Websites Are Compromised or at Risk, Says Stealth Cybersecurity Vendor

Stealth cyber security vendor Menlo Security in January this year scanned the Alexa top 1 million sites to see which sites were vulnerable and/or compromised. According to the company, one out of every three websites are either hacked or vulnerable to hacking.

The cybersecurity company on Tuesday released its State of the Web 2015: Vulnerability Report, a documentation of what it uncovered after scanning more than 1.75 million URLs representing over 750,000 unique domains. Key findings in the report include:

• More than one in 20 sites (6 percent) were identified by third-party domain classification services as serving malware, spam or botnets.
• Over one in five (21 percent) sites were running software with known vulnerabilities.
• Sites in categories that are typically 'trusted' -- including Computers and Technology, Business, and Shopping -- were the top three sources of vulnerable sites.
• Of the 2.5 percent of sites that were 'uncategorized,' a significant proportion (16 percent) was running vulnerable software.

Kowsik Guruswamy, CTO of Menlo Security, told eWEEK : "The home page of each of the 750,000 domains in the Alexa 1 million [Alexa's top 1 million Websites] was visited once. This was not an active scan against a single site to crawl the various pages; it was a single page load through a browser that also fetched all of the assets from CDNs [content delivery networks], iframes ad networks, etc."  Looking into the data, he said that the breakdown of vulnerable software shows that 10 percent of scanned sites were running a vulnerable version of PHP, an open-source language that is commonly deployed on Web server infrastructure and used by many content management systems (CMSes), including WordPress, Drupal and Joomla. Vulnerable Web server software was also common, with 4 percent of sites running a vulnerable version of Apache HTTP and 4 percent running a vulnerable version of Microsoft Internet Information Services (IIS).

Menlo Security found that 4 percent of the scanned sites were serving malware, while 1 percent were involved in phishing and botnet activity. Guruswamy said that his company made use of multiple third-party domain classification services, including Google Safe Search, Cyren, AlienVault and Malware Domain Blocklist, to identify if the sites were part of a botnet.

As noted in the report by Guruswamy: "Respected and trusted websites like Forbes.com and jamieoliver.com have been used to deliver zero-day malware to unsuspecting visitors. These kinds of attacks are happening with increasing frequency because so many sites are running vulnerable software but are routinely classified as 'safe.' The current generation of security tools is falling behind in the race to stop attacks. Today's security challenges call for an entirely new approach to preventing malware from infecting user's systems."