More than 12 percent of Web sites that have been compromised by a hack or malicious software are successfully attacked a second time within 30 days due to failures by webmasters to address the root causes behind the initial attacks, according to a new security study from Google researchers.
In addition, 20 percent of webmasters incorrectly addressed the problem on their first attempts, requiring multiple contacts with Google’s security team to eventually fix the issues, according to the researchers. The study, which included researchers from Google and the University of California, Berkeley, was based on an analysis of more than 760,000 hijacking cases between July 2014 and June 2015.
The hijacking cases examined by the researchers included sites that featured low-quality scam content or that tried to infect visitors’ machines with malware via drive-by downloading. The study was the first large-scale attempt to measure the effectiveness of different ways to alert webmasters that their sites had been infiltrated, including via browser, search, and direct webmaster notifications.
One type of intervention the researchers studied involved presenting warnings to visitors of potentially hijacked Web sites that steered them to different sites. Google’s Safe Browsing feature, which integrates with browsers such as Chrome, Safari, and Firefox, alerts more than 10 million users a week using this technique.
Although this type of warning can protect users, it does nothing to address the underlying problem. “While effective at reducing traffic to malicious pages, this user-centric prioritization ignores long-term webmaster cleanup, relegating infected pages to a dark corner of the Internet until site operators notice and take action,” according to the report.
Unfortunately, many webmasters of compromised sites may be not even be aware that there are problems. To ensure that Web sites are fixed, security services need to communicate with the webmasters of the sites directly. That can include e-mail notifications to webmasters or notifications to servers that may be vulnerable to certain exploits.
Remediation Best Practices
But even after webmasters have been alerted that their sites have been compromised, they may lack the security expertise to take action and address the root causes of the issues. To overcome that challenge, the study looked at efforts by Google to help webmasters respond to security breaches.
According to the study, 75 percent of webmasters were able to re-secure their content over a median of three days when contacted directly by Google via e-mail and working together with the company. Browser warnings, on the other hand, only led to remediation in 54 percent of cases, while search warnings resulted in remediation of 43 percent of the compromised sites.
Another effective remediation measure the study noted was to include security tips and samples of which pages included harmful content when e-mailing webmasters. The practice led webmasters to re-secure their sites 64 percent faster than if they hadn’t received the tips in their e-mail messages, usually within three days.
Source: Top Tech News