IT pros likely understand that websites featuring illegal downloads and other seedy items aren’t necessarily the parts of the Internet most likely to get a computer infected with a virus. But users may not know that, and that could impact their online behavior.
That’s the message in a recent IT security report published by networking vendor Cisco.
Despite many users’ perceptions, they’re actually much more likely to be hit with an online security attack while visiting the types of websites most average people visit every day, instead of pornography sites or those distributing illegal materials.
Major search engines, in fact, are 27 times more likely than a counterfeit software site to lead to a malware infection, according to Cisco. Online retail stores are 21 times more likely.
According to the report, nearly any site on the web can be an effective way for hackers to spread malware, thanks to the prevalence of malicious website ads. Online advertising is 182 times more likely than a porn site to infect a PC with a virus, according to Cisco. Various types of third-party web content make it easier for any site to carry malware without its administrator being aware.
The common notion that malware attacks are more common on sites in certain countries (China, Russia, etc.) was also debunked in the report — 33% of all web malware came from sites hosted in the United States, making American websites the most dangerous out of any countries’.
Russia nabbed the second spot, and China was number six, but the top 10 list also included unexpected countries such as Denmark, Germany and the UK.
Where online security threats lurk
The bottom line: Hackers are aware of where web users go and they’ll do whatever they can to spread their malware to the greatest number of people possible. Often that means compromising otherwise legitimate sites.
Therefore, the most dangerous types of websites also tend to be the most popular. These are the site categories that most often led to malware infections last year, according to Cisco:
- Dynamic content, including web analytics services and other non-advertising related third-party content (18.3% of all web-based malware attacks came from this category)
- Advertisements (16.8%)
- Business and industry (8.1%)
- Games (6.5%)
- Web hosting (4.9%)
- Search engines and portals (4.5%)
- Tech-related sites (3.5%)
- Online retail stores (3.5%)
- Travel sites (3%)
- Social networks and other online communities (2.6%)
What does this mean for IT? Primarily, it shows that relying on software to blacklist certain websites won’t go very far toward protecting the company’s network.
Organizations must also make sure their antivirus software is up to date and keep browsers and other software patched, as well train users on the realities of online security threats.