A new Chrome update brings to light Google findings about malicious websites that have serious implications on detecting malicious links, spoofed brands and the use of legitimate web services.
This month, Google released a new feature to Google Safe Browsing, a feature that is used by over 5 million devices today and better protects Chrome browser users.
The new feature employs real-time checking of websites against Google’s server-side list to see if a site is suspicious or malicious before visiting it. Previously, a client-side list was updated every 30 to 60 minutes. With the new feature, the moment Google deems a website to be dangerous, it is no longer accessible by users of Google Safe Browsing.
What’s interesting is nestled deep in the middle of this announcement is a mention about why the “every 30 to 60 minutes” wasn’t good enough:
“We’ve found that the average malicious site actually exists for less than 10 minutes.”
That’s a huge piece of information that materially impacts cybersecurity efforts. Any security solution that checks websites against a database to see if they’re dangerous may fail their customer completely. Google goes on to say “By checking sites in real time, we expect to block 25% more phishing attempts.”
In other words, at the rate dangerous websites are spinning up and being torn down, a victim organization is more likely to allow access to “instant” websites, despite having solutions in place that are designed to spot this from happening.
The only last resort you have is the user. When properly educated via new-school security awareness training, the user can play a role in vigilantly seeing a malicious webpage for what it really is and choose to simply disengage. Or better yet, not fall for the phishing email that would have brought them there in the first place!
The “less than 10 minutes” state should both surprise you and not surprise you all at the same time; with so many malicious automation toolkits coming to the cybercrime market, this number may not materially drop from 10 minutes, but it certainly will stay where it is for a long time to come.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
