Half of the world’s most popular sites are 'at-risk'

Popular domains are running on servers with software older than a decade

A user browsing the internet comes across a security alert

Almost half of the world's most popular websites have been declared 'risky' by new research, but the UK is among the least dangerous places in which to surf the web.

An analysis of the Alexa Top 100,000 websites for the first half of 2018 showed 42% were considering risky to web users, according to criteria outlined in Menlo Security's mid-year State of the Web report published this month.

Websites were deemed at risk if they were built on, or routinely connected to, sites that used vulnerable server software, if the site had been exploited to distribute malware or launch attacks in the past, or if the site had suffered a security breach in the previous 12 months.

But the UK is among the safest countries, of six nations analysed in greater detail, in terms of the various factors associated with risky web browsing, including the number of executable scripts and the amount of code downloaded.

"People in different countries prefer different websites, and the risks associated with using the most popular sites in those countries varies accordingly," the report said.

The researchers examined the top 50 websites in each country, analysing how much code was fetched and executed by the sites, as well as the type of code, its origin, and how many sites used vulnerable server software.

The UK had the second joint-lowest average number of scripts executed per website, 41, as well as the single website with the highest number of scripts executed from background domains, 156. Such scripts enhance the browsing experience, but can also be hijacked by malicious actors to launch attacks, the report said.

Meanwhile, the UK ranked third for the average amount of code downloaded from websites, 1.55MB - versus the first-placed US which downloads 1.83MB of code. Only 52% of websites in the UK downloaded more than 1MB of code onto a user's device, second-lowest of all, while 64% of sites in Australia downloaded more than a megabyte.

"The web remains a dangerous place for users to work and play," the Menlo Security concluded.

"Strong precautions are needed to ensure that users, their devices, and the networks, apps, and clouds used by organizations aren't infected and infiltrated by attackers."

Vulnerable web software was pinpointed as a particular weakness, with many of the world's most popular sites running on back-end servers that are outdated, including some that haven't been updated in years. Such websites, the report said, are extremely vulnerable to malware, and expose visitors to infections, or breaches, at a higher rate.

Menlo Security's analysis showed 7.6% of web domains that delivered malware, or were tied with phishing operations, are being hosted on vulnerable servers - including sites running on outdated versions of Apache, nginx, Microsoft IIS, and Drupal, among others. The oldest software being used among the top 50 websites in the US, for instance, was PHP version 5.2.3 - released more than a decade ago, in 2007.

"Active content downloads and scripts running in the background will continue to be essential to providing a great, dynamic web experience, but there is no excuse for popular websites to use vulnerable server software," the report continued. "Doing so creates a clear and present danger to the sites' visitors and to the websites to which it serves background content."

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Your essential guide to internet security
Security

Your essential guide to internet security

27 Jan 2021
1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
PowerShell threats increased over 200% last year
cyber security

PowerShell threats increased over 200% last year

14 Apr 2021
Russia launched over a million cyber attacks in three months
hacking

Russia launched over a million cyber attacks in three months

13 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget
Mobile Phones

Xiaomi Redmi Note 10 Pro review: Champagne tastes on a lemonade budget

13 Apr 2021