There has been a steady fall in the number of attacks based out of websites on the internet over the years as hackers have now moved to email as their primary source to infect systems, but there are still a huge number of websites hosting malicious content.
The malicious content is typically in the form of advertisements ridden with malware (or malvertisements) and software downloads with malicious codes written into them which once installed on a PC can infect all the files and potentially give the attacker access to them too.
There has been a 30 percent year-on-year drop in website-based attacks between 2015 and 2016 but that doesn’t mean that overall attack rates have dropped, attackers have just shifted to a different and easier tactic.
“Exploit kits require maintenance of a backend infrastructure and are simply more work for attackers than sending an email,” Symantec stated in their security report.
The 10 Most Frequently Exploited Website Types
According to data security company Symantec’s 2017 Internet Security Threat Report, ‘technology and business websites were the most popular for hosting malicious content and malvertising in 2016’.
- Technology (20.7%)
- Business (11.3%)
- Blogging (8.6%)
- Hosting (7.2%)
- Health (5.7%)
- Shopping (4.2%)
- Educational (4.1%)
- Entertainment (4%)
- Travel (3.6%)
- Gambling (2.8%)
The report also points out that attacks via malicious content hosted on website saw a continuous drop in 2016 with its lowest point in September.
The number of attacks increased in October and November but fell down again in December 2016.
Safety Tips for Website Owners
There are a number of ways to stay safe on the internet and protect your website as well as your reader/users from getting infected by malicious code. Here we list out five relevant ones.
- Regular assessment of website for vulnerabilities is a must.
- The website should be scanned regularly for protection against malware infection.
- Set up a secure flag for all session cookies and secure the website against man-in-the-middle (MITM) attacks.
- Don’t blindly go on installing plugins, rather scrutinise them before using them on your website.
- SSL certificates with extended validation to verify protection should be preferred.
Browser Vulnerabilities Have Fallen
Even though there have been an increase in the number of attacks as well as an increase in the way an attack is initiated, vulnerabilities found in web browsers such as Google Chrome, Mozilla Firefox, Opera, Apple Safari and Microsoft Edge have decreased.
The number of browser vulnerabilities found has declined from 1093 in 2015 to 888 in 2016. But this number is still higher than the 616 browser vulnerabilities reported in 2014.
The decrease in vulnerabilities can be attributed toward the implementation of bug bounty programmes by the companies, which sees a heavy participation of security researchers from around the globe.
Other than that, there has been a significant decline in vulnerabilities found with Microsoft’s browser as the company discontinued the Internet Explorer and its new Edge browser which is exclusive to Windows 10 users has a rich security architecture which isn’t easy to exploit.
With greater integration of internet technology into our lives, it’s vital that security on the web is enhanced just the way it’s in real lives.
This is all the more important since the cases of data breaches and identity theft are on a rise and an increasing number of people are vulnerable because the data stored online includes personally identifiable information, health information as well as financial information.