Half of the world’s most popular sites are 'at-risk'

Popular domains are running on servers with software older than a decade

A user browsing the internet comes across a security alert

Almost half of the world's most popular websites have been declared 'risky' by new research, but the UK is among the least dangerous places in which to surf the web.

An analysis of the Alexa Top 100,000 websites for the first half of 2018 showed 42% were considering risky to web users, according to criteria outlined in Menlo Security's mid-year State of the Web report published this month.

Advertisement - Article continues below

Websites were deemed at risk if they were built on, or routinely connected to, sites that used vulnerable server software, if the site had been exploited to distribute malware or launch attacks in the past, or if the site had suffered a security breach in the previous 12 months.

But the UK is among the safest countries, of six nations analysed in greater detail, in terms of the various factors associated with risky web browsing, including the number of executable scripts and the amount of code downloaded.

"People in different countries prefer different websites, and the risks associated with using the most popular sites in those countries varies accordingly," the report said.

The researchers examined the top 50 websites in each country, analysing how much code was fetched and executed by the sites, as well as the type of code, its origin, and how many sites used vulnerable server software.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The UK had the second joint-lowest average number of scripts executed per website, 41, as well as the single website with the highest number of scripts executed from background domains, 156. Such scripts enhance the browsing experience, but can also be hijacked by malicious actors to launch attacks, the report said.

Meanwhile, the UK ranked third for the average amount of code downloaded from websites, 1.55MB - versus the first-placed US which downloads 1.83MB of code. Only 52% of websites in the UK downloaded more than 1MB of code onto a user's device, second-lowest of all, while 64% of sites in Australia downloaded more than a megabyte.

"The web remains a dangerous place for users to work and play," the Menlo Security concluded.

"Strong precautions are needed to ensure that users, their devices, and the networks, apps, and clouds used by organizations aren't infected and infiltrated by attackers."

Vulnerable web software was pinpointed as a particular weakness, with many of the world's most popular sites running on back-end servers that are outdated, including some that haven't been updated in years. Such websites, the report said, are extremely vulnerable to malware, and expose visitors to infections, or breaches, at a higher rate.

Advertisement - Article continues below

Menlo Security's analysis showed 7.6% of web domains that delivered malware, or were tied with phishing operations, are being hosted on vulnerable servers - including sites running on outdated versions of Apache, nginx, Microsoft IIS, and Drupal, among others. The oldest software being used among the top 50 websites in the US, for instance, was PHP version 5.2.3 - released more than a decade ago, in 2007.

"Active content downloads and scripts running in the background will continue to be essential to providing a great, dynamic web experience, but there is no excuse for popular websites to use vulnerable server software," the report continued. "Doing so creates a clear and present danger to the sites' visitors and to the websites to which it serves background content."

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Recommended

Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/cloud/355098/ibm-dedicates-supercomputing-power-to-coronavirus-researchers
high-performance computing (HPC)

IBM dedicates supercomputing power to coronavirus research

24 Mar 2020