Ray Schultz at MediaPost had a great summary of some troublesome news:
"Some of the world’s most popular websites are also the most dangerous when in comes to phishing attacks, according to Trust Hacking, a new study by Menlo Security.
Of the top 100,000 sites, as ranked by Alexa, 42% are risky: They use software that leaves them vulnerable to attack or have been compromised, Menlo reports. And many sites fall prey to one of the three ways that cybercriminals weaponize consumer trust. They take advantage of the fact that:
- Trusted websites may not be as safe as you think
- Phishing sites leverage new tricks to win your trust
- Typosquatting lives on
Menlo identified 80,000 phishing sites in 2017 and found that almost 20% were in “supposedly trustworthy” categories such as News and Media and Training and Tools.
Phishing occurs more often in untrusted categories such as Adult and Pornography. However, the sector that housed the most phishing sites was Business and Economy.
Menlo also found that 4,600 phishing sites used legitimate hosting services.
Here are the categories that satisfied at least one of Menlo’s three ways of weaponizing trust:
- News and media — 49%
- Entertainment and arts — 45%
- Travel — 41%
- Personal sites and blogs — 40%
- Shopping — 38%
- Computer and internet info — 38%
However, the following are ranked as known bad sites that were used most often to deliver malware:
- Adult and pornography
- Uncategorized
- Parked sites
- Business and economy
- Shopping
- Gambling
- Society
- Personal Sites and blogs
- Entertainment and Arts
- News and media
The following categories that rely on vulnerable software, such as Microsoft's IIS S web server that the company topped supporting 12 years.
- Business and economy
- Society
- Personal sites and blogs
- News and media
- Adult and pornography
- Entertainment and arts
- Shopping
- Computer and internet info
- Travel
- Educational institutions
Finally, here are the categories with the worst threat histories last year:
- Business and economy
- Society
- Shopping
- Computer and internet info
- News and media
- Personal sites and blogs
- Entertainment
- Travel
- Adult and pornography
- Sports
To analyze the risk of the Alexa-listed websites, Menlo 'developed a distributed Chrome-based browser farm to load the homepage of each of the Alexa listed websites.'” This story was cross-posted with grateful acknowledgement.
Free Phishing Security Test
Do your users know how to hover over a link and determine is the URL is potentially malicious?
Cyber-attacks are rapidly getting more sophisticated. We help you train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now. Find out what percentage of your employees are Phish-prone™ with our free test. Did you know that KnowBe4 also supports "Vishing" where you can actually send your users simulated voice mail attacks?
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: