If your organization has a website, its likelihood of being infected with malware is 1 in 3, recent reports using Alexa data indicate. Although Alexa is not deemed to be the most reliable source, malware is definitely a force to be reckoned with if your site should become infected.
Cloud Tweaks’ latest article outlines Menlo’s report with a grain of salt. However, there were some astounding results that can be used as a take-away:
Menlo study’s methodology was sound. They scanned 1.75 million URLs before checking each one against third party classification systems to see if it was reported as malicious, checking IP addresses against a reputation database, and issuing a web request to each URL so they could fingerprint the response and determine what software was in use.
The report found one in five sites are running software with known vulnerabilities, and one in twenty sites were identified by 3rd-party domain classification services as serving malware or spam, or are part of a botnet.
The report claims that its findings prove that the concept of a ‘trusted’ site is a fallacy – with a billion websites already online and an extra 100,000 being added every day, other sites that are out of their control are now threatening companies’ websites. For example, in the recent Forbes.com hacking, attackers exploited a WordPress vulnerability to insert malicious code into the site that was then delivered via the ‘trusted site’ for an unspecified amount of time.
More than $70 billion was spent on cyber security tools in 2014; somehow malware always manages to stay one step ahead. Menlo argues that the incidents like the Forbes hack will become increasingly common until someone addresses the source of the problem by developing a new tool that can completely stop all web attacks before they reach their target, rather than just investing in new tools that do a better job of detecting infected systems and limiting the impacts of security breaches.
For more report findings regarding malware-infected websites, see the full CloudTweaks article.
IT SECURITY SUPPORT: Blue Mountain Data Systems provides IT Security Support Services for Federal Civilian Agencies. Looking to find Vulnerability Scanning and Testing, Penetration Testing, Risk Assessment & FISMA Reporting for your Federal Agency? Call Paul Vesely at 703-502-3416.