A security firm name Menlo Security has published a report which says one in three domains of the world’s top websites are either vulnerable to hackers or they had been hacked. The report was released this week and it further says that even your most trusted websites are vulnerable to hackers. Most of those top websites had no idea about this vulnerability prior to this report. Which brings us to the possibility that many of these sites are already been hacked.
The security firm has scanned the Alexa’s top 1 Million websites and found 33 percent of them with different vulnerabilities. The report further says that one-fifth of these 1million websites run software with known vulnerabilities. While more than one in twenty sites serve malware, spam or are part of a botnet.
The report doesn’t named the vulnerable sites but the shocking thing is this that these vulnerable websites are the most trusted sites among the visitors. which are related to Business,Health and medical, tech, government and many more which are putting their visitors to damaging malware.
Although the use of the Alexa data might be questionable, the Menlo study’s methodology was sound. They scanned 1.75 million URLs before checking each one against third party classification systems to see if it was reported as malicious, checking IP addresses against a reputation database, and issuing a web request to each URL so they could fingerprint the response and determine what software was in use. The results are astounding – the report found one in five sites are running software with known vulnerabilities, and one in twenty sites were identified by 3rd-party domain classification services as serving malware or spam, or are part of a botnet.
Key Findings of report
- One in three of the top one million Alexa domains are “risky” – meaning thatthey’re either already compromised or running vulnerable software and therefore at risk of compromise by groups or individuals planning the next attack.
- More than one in twenty sites, or six percent, were identified by 3rd-party domain classification services as serving malware, spam or are part of a botnet.
- Over one-fifth (21%) of sites were running software with known vulnerabilities.
- Of the 2.5 percent of sites that were “uncategorized,” a significant proportion (16%) were running vulnerable services.
Last month the world get to know that the Forbes.com has been hacked. The duration was unknown and the visitors of the site are infected by just going there with even clicking anywhere. Those visitors include some of the world’s top government and private organizations. Researchers noted that “watering hole attacks are insidious because it wouldn’t occur to anyone that these sites could be infected.”
WordPress is the world’s most used software for publishing, its Vulnerability was the key to hack Forbes, because the publishing software used by Forbes is WordPress. The vulnerability was detected last month eventually and malicious code was removed from the site.But this is just a overview for us that if trusted site like Forbes can be hacked then others are not safe either. It was the matter of time when they know they have been hacked. It can be after a day, a week or even a month.
Even through the organization are spending big on their cyber security programs to protect them from any possible breach. But spending big is not the answer for the problem because even after spending a staggering amount of $70 Billion on cyber security tools last year, we seen some very high profile security breaches last year.