More people are doing business and sharing information online than ever before, but the security of our information is also increasingly at risk.
According to a recent study by Menlo Security, 42 percent of the top 100,000 websites ranked by Alexa are potentially compromised, making them risky for users, especially when many sites have sign-up forms and other ways of collecting personal information. Even more concerning is that 4,600 phishing sites use legitimate hosting services, making them difficult to track and identify.
The report found 49 percent of news and media sites, 45 percent of entertainment and arts sites, 41 percent of travel sites, 40 percent of personal sites and blogs, 39 percent of society sites, and 39 percent business and economy were at risk of being a phishing site or a typosquatting site.
Typosquatting is a major concern, according to the study. This involves “URL hijacking,” or creating a fake URL that is close to a company’s website but with a common typo. This means that customers who type the wrong URL are unknowingly directed to a hacker site that is owned by a cybersquatter.
The study also found that typical measures companies use to secure their websites, such as software to identify and weed out bad actors, make little difference when it comes to their overall security.
Hackers are using reputable online companies to launch their attacks, many of which are at risk because they are using vulnerable or outdated software. Bugs and vulnerabilities are targets for hackers, who are expert at identifying and exploiting weaknesses, so software security needs to be updated often. This goes for both companies running the website and consumers who are browsing online. Software updates must be done quickly and regularly in order for all parties to be protected.
Part of the problem is transparency, the study noted, because companies don’t understand all of the potential security vulnerabilities, especially when problems come from content for online and video advertising, delivered by a third party. If they don’t know what is happening, it’s difficult to prevent.
Companies with trusted reputations have also become complacent, especially when they haven’t yet been targeted by hackers. Researchers noted that business and economy sites experienced the most security problems and that they contained more sites running vulnerable software, such as PHP 5.3.3, than any other category.
According to Menlo Security CEO Amir Ben-Efraim, the company’s recent study “confirms what most CISOs already know: that a false sense of security is a dangerous thing when using the web.”