Malicious Websites: Google Finds 9,500 New Ones Daily
We already knew that malicious websites are all too common, and proliferating rapidly. Now Google has provided some sobering numbers to fill in this picture. According to Google, it finds 9,500 new malicious sites each day. Some are innocent sites that have been hijacked. Others are created specifically as platforms for distributing malware.
For the IT community, the sheer scale of these attacks may come as an eye-opener, or perhaps as confirmation that the spread of malicious sites is every bit as bad as you might have feared. And for IT managers at midsize firms it is a reminder that safe browsing cannot be taken for granted. As fast as Google works to block or limit access to such sites, new ones are popping up, only one employee's careless click away.
Keeping Search Safe
Google has every reason to be especially concerned about malicious websites. As the leading search engine by a wide margin, it is probably the single most common way people reach websites they have not visited before. It does not want to inadvertently lead search users into trouble.
And as Elinor Mills observes at CNET, there is plenty of trouble out there. According to a Google blog post, about 9,500 new malicious sites appear each day. And these trigger 12 to 14 million daily warnings to Google Search users. In all, some 600 million Chrome, Firefox, and Safari users receive warnings of sites that may be malicious.
Google also says it sends thousands of daily warnings to ISPs and webmasters advising them of malware that must be removed or blocked. On the upside, says Google, phishing sites are typically found and removed within an hour after they go up.
An Unending Task
The bad news, of course, is that even in that hour a phishing site may capture passwords, account numbers, or other critical information that can compromise an individual's or firm's sensitive data.
And perhaps the most sobering fact is that the incentives evidently favor hackers and cyber-criminals. If malicious sites were ineffectual at stealing information or doing other harm, fewer would be created. But cyber-attacks are effective enough that their authors are motivated to keep it up.
For IT managers at midsize firms the specific challenge is protecting their own organizations and networks from attacks. A major factor in such attacks is probably employee error--inadvertently opening malicious sites or clicking on malicious links. A combination of technical controls (e.g., browsing restrictions) and employee education are required to minimize the risks. And given the flood of new sites, these requirements will be ongoing ones.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.