Websites that seem to be trustworthy are not always safe. In recent years, cyberattacks have been perpetrated through what people believe to be safe websites. According to Menlo Security’s State of the Web 2017, of the top 100,000 websites, 42% were deemed “risky” due to the following reasons: the use of vulnerable software, a history of distributing malware, and experiencing a security breach within the last year. In general, news and media sites was the category with the largest risk factor with 49%. In 2017, Business and Economy sites were hit with the most security risks incidents with 23,819.
When you visit a website, that website uses information from 25 other background websites to populate their own. It easy for any of these background sites to be to be breached, thus affecting the larger domain. Most antivirus programs are intended to catch any suspicious activity on the main website, and do not always catch any on the background sites. There are many experts working to protect the servers from breaches, but the ads coming from different networks might not always have the same protection.
Older software can be an open door for possible attacks. Some programs are old enough that they were breached several times. Menlo found more than 51,000 business and economy websites using vulnerable software. The older the software is, the higher the risk is for it to be compromised.
For hackers, it is much easier to create a subdomain on a real hosting service, than hack a main website, or having to create their own. Companies trust legitimate websites, never suspecting that they could be a security risk. Researchers found that there were several phishing malwares hosted on some of the worlds most visited websites. Now, hackers are using sites used in email like Dropbox to spread their malware. People open these emails, never thinking something harmful could be attached. Typosquatting is another way attackers try to trick people into visiting malicious sites. They set up domains with intentional typos, so when someone misspells a URL, they are taken to the harmful websites instead.
It’s important to know that any website can be compromised and potentially pose a risk to your device.