85% of Infected Websites Are NOT Blacklisted

Website attacks increased by 59% in 2018, according to the 2019 Website Security Report recently published by Scottsdale, AZ-based SiteLock, a provider of business website security solutions. Most of the attacks were automated, the company reports, with 330 bots staging on average 62 attacks per day.

So far, so not surprising - just wait, there’s more. Let’s look next at a significant aspect of the SiteLock findings. It illustrates how much the attackers behind such malware campaigns can rely on the inherent vulnerability of traditional browsers.

When someone visits an infected site, the regular browser dutifully executes the malicious code from the web on the local machine. From there, ransomware, spyware or cryptojackers can spread through the user’s corporate or home network. Game over.

“Not so fast,” you may object. “Our IT security team has many ways to prevent such exploits. AV/EPP/ATP, CASB, VPN, SWG/URL Filters …” Which brings up that other finding in the report - the one that should give us more pause.

Sourc: SiteLock

“Only 15% of malware-infected websites were blacklisted in 2018, which is a 4% decrease from the start of the year to the end,” according to the security researchers. This result is based on a total sample size of 6,056,969 sites, of which about 0.78% were found infected.

In other words, 85% of infected websites were not blacklisted. Mind you, many organizations today rely on a Secure Web Gateway (SGW) or URL filtering for blacklisting or whitelisting of some sort.

So what does this result mean for them?

URL Filtering: No Fix for Bad Browsers

It essentially means they are paying for a false sense of security. Roughly 42,200 of the sampled websites were ready to drop their nasty surprise gifts anyway, on any visitor unlucky enough to use a locally installed browser.

SiteLock extrapolates from the sample and concludes that 17.6 million websites worldwide were infected with malware “at any given time” in 2018.

With 85% of infected sites not blacklisted, we’re looking at almost 15 million exploit-infested sites (14,960,000 to be exact) that are ready to blast right through your perimeter defenses.

What should be the takeaway from the SiteLock report?

False Sense of Security and Control

In organizations that rely on URL filtering to regulate web use and compensate for the security weaknesses of regular browsers, we think it may help open a few eyes to the bigger picture:

• Point solutions such as blacklisting/whitelisting sites add a false sense of control.
  
  Trusting web filters to keep users safe and secure on the web - what we’ve called the Blacklist/Whitelist Fallacy [PDF] - is emblematic for the overreliance on point solutions in the IT security stack, which are often interdependent.
  
  Most data breaches and compliance violations online are browser-related. Consequently, most of these tools are designed to defend against the risks associated with, and cleaning up after, “free” and “secure” browsers.
  
  So when URL filtering fails, we still have backstops like antivirus tools or VPN, right? Maybe in theory. In real life, some of these solutions actually introduce additional problems.
  
  For a reality check, read the post The Long Con: Antivirus and Your Data by Authentic8 co-founder and CEO Scott Petry on this blog, or check out this examination of widely used AV tools by Canadian IT security researchers.
• Website infections and app exploits put the organization that owns the site at as much risk as the public.
  
  Equally under threat are those who maintain, manage, and update the site and its content and access a content management system (CMS) such as WordPress, Drupal or Joomla through a regular browser.
  
  The SiteLock researchers focus on this group in their report. In their words, “too many businesses rely on search engines to flag their sites for malware when they should be proactively monitoring with their own tools.” In fact, search engines flagged only 15% of malware-infected websites, reports SiteLock.
   
• Web-borne attacks almost always target the browser.

  Question: Does this mean if you take away the gateway for exploits - locally installed browsers - the threat of website infections, inbound or outbound, becomes a non-issue?

  Answer: Yes.

You don’t have to take my word for it. Customers who use Silo Cloud Browser, developed by Authentic8 and based on that approach, confirm it. They also report significant savings (more on that below).

Web isolation with Silo moves the browser offsite, outside your IT perimeter. All web content is processed in an isolated cloud container and transmitted back to the user through an encrypted connection as visual information. No code from the web can touch the endpoint.

Web Isolation with Silo Cloud Browser

This makes it impossible for malware or spyware from infected websites to make its way onto your computer or corporate network. For each web session, a new browser instance is built from scratch in the cloud, which eliminates exploits and tracking based on persistent code. Websites can only see the IP address of Authentic8’s server. This ensures privacy, prevents de-anonymization, and eliminates the risk of targeted watering hole attacks through infected websites.

About those savings... - here’s a glimpse at what our customers say they save with Silo Cloud Browser over the tradional approach (read the complete overview here):

Web isolation with Silo enables our customers to stop spending on procurement and maintenance of pointless point solutions such as slow and vulnerable VPN services, ineffective AV tools - or useless URL filters that don’t catch 85% of infected sites.