Half of the world’s most popular sites are 'at-risk'

Popular domains are running on servers with software older than a decade

A user browsing the internet comes across a security alert

Almost half of the world's most popular websites have been declared 'risky' by new research, but the UK is among the least dangerous places in which to surf the web.

An analysis of the Alexa Top 100,000 websites for the first half of 2018 showed 42% were considering risky to web users, according to criteria outlined in Menlo Security's mid-year State of the Web report published this month.

Websites were deemed at risk if they were built on, or routinely connected to, sites that used vulnerable server software, if the site had been exploited to distribute malware or launch attacks in the past, or if the site had suffered a security breach in the previous 12 months.

But the UK is among the safest countries, of six nations analysed in greater detail, in terms of the various factors associated with risky web browsing, including the number of executable scripts and the amount of code downloaded.

"People in different countries prefer different websites, and the risks associated with using the most popular sites in those countries varies accordingly," the report said.

The researchers examined the top 50 websites in each country, analysing how much code was fetched and executed by the sites, as well as the type of code, its origin, and how many sites used vulnerable server software.

The UK had the second joint-lowest average number of scripts executed per website, 41, as well as the single website with the highest number of scripts executed from background domains, 156. Such scripts enhance the browsing experience, but can also be hijacked by malicious actors to launch attacks, the report said.

Meanwhile, the UK ranked third for the average amount of code downloaded from websites, 1.55MB - versus the first-placed US which downloads 1.83MB of code. Only 52% of websites in the UK downloaded more than 1MB of code onto a user's device, second-lowest of all, while 64% of sites in Australia downloaded more than a megabyte.

"The web remains a dangerous place for users to work and play," the Menlo Security concluded.

"Strong precautions are needed to ensure that users, their devices, and the networks, apps, and clouds used by organizations aren't infected and infiltrated by attackers."

Vulnerable web software was pinpointed as a particular weakness, with many of the world's most popular sites running on back-end servers that are outdated, including some that haven't been updated in years. Such websites, the report said, are extremely vulnerable to malware, and expose visitors to infections, or breaches, at a higher rate.

Menlo Security's analysis showed 7.6% of web domains that delivered malware, or were tied with phishing operations, are being hosted on vulnerable servers - including sites running on outdated versions of Apache, nginx, Microsoft IIS, and Drupal, among others. The oldest software being used among the top 50 websites in the US, for instance, was PHP version 5.2.3 - released more than a decade ago, in 2007.

"Active content downloads and scripts running in the background will continue to be essential to providing a great, dynamic web experience, but there is no excuse for popular websites to use vulnerable server software," the report continued. "Doing so creates a clear and present danger to the sites' visitors and to the websites to which it serves background content."

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
8 most secure web browsers
web browser

8 most secure web browsers

25 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020

Most Popular

Windows XP source code allegedly leaked online
Microsoft Windows

Windows XP source code allegedly leaked online

25 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020