Hackers Exploit Old Software, Trusted Websites, Menlo Security Reports

1 of 9

Hackers Exploit Old Software, Trusted Websites, Menlo Security Reports

Software often has a finite lifespan, with older applications no longer receiving security and bug fix updates. However, that doesn’t mean such applications are not still in use. According to the Menlo Security 2017 State of the Web report, Microsoft's Internet Information Services (IIS) 7.5, which was released in 2009, is still widely used, exposing organizations to vulnerabilities and the risk of exploits. The 18-page Menlo Security report was released on Feb. 5, providing insight based on an analysis of the top 100,000 websites. The top category of known bad websites that are used to make attacks or deliver malware, according to Menlo Security, are adult and pornography-related sites. The most vulnerable sites, however, are those in the business and economy category. In this slide show, eWEEK looks at highlights from the Menlo Security 2017 State of the Web report.

2 of 9

Old Software Is Widely Used

Menlo Security found that old, vulnerable software continues to be widely used among the top internet websites. Among the worst offenders is Microsoft Internet Information Services (IIS) version 7.5, which was first released in 2009 and remains widely used.

3 of 9

Adult Sites Are Often Used to Deliver Malware

While malware can come from any category of website, Menlo Security found that the worst category for known bad websites was adult and pornography.

4 of 9

Business Sites Are Often the Most Vulnerable

While adult sites have the highest number of known bad sites that deliver malware, when it comes to the most vulnerable category of website, business and economy is at the top of the list.

5 of 9

Business Sites Are the Most Hacked

Not surprisingly since business and economy sites were found to be the most vulnerable by Menlo Security, they were also the most attacked category of website as well.

6 of 9

Phishing From Safe Harbors

Menlo Security found that 4,600 phishing sites it found were using legitimate hosting services to base their operations.

7 of 9

Typosquatters Take Aim at Trusted Categories

Typosquatting, the process of using a misspelled domain name to trick a user into clicking a link, remains an active form of attack. Menlo Security found that 19 percent of typosquatting domains were in trusted categories, including financial services.

8 of 9

Background Radiation Leads to Risk

Menlo Security found that most sites make background requests to other external sites to execute user requests. According to Menlo Security, every time a user visits a website, an average of 25 background requests for content are made.

9 of 9

Improving Cyber-Security Hygiene: Nine Methods to Fight Off Intruders

Breaches caused by compromised passwords continue to wreak havoc on businesses. But there are a number of steps organizations can take to help prevent cyber-intrusions.
Top White Papers and Webcasts