Report analyzes infection risks for top 50 Singapore websites
Menlo Security has announced its latest report on levels of infection risk among Singapore’s Top 50 websites. Following last week’s shock Interpol report that uncovered hundreds of malware-infected websites – including government portals – across Southeast Asia, Menlo Security’s Top 50 Report for Singapore provides more detail regarding the amount of “active content” being fetched and executed by the simple act of visiting the country’s most popular websites.
“When you open a website, the browser will load active content – like Flash and JavaScript – from several other sources” explains Stephanie Boo, Managing Director, Asia Pacific Menlo Security. “These background initiated requests are designed to deliver a richer web experience, but they can also conceal scripts from dubious or malicious sources of the sort that Interpol recently disclosed. Menlo Security’s report highlights the number of scripts and the amount of code downloaded for the top 50 sites, and it fingerprints the web server headers and the software versions of their backend code against the National Vulnerability Database. The older the version, the higher the risk of infection.”
Report Highlights:
- Singapore’s Top 50 sites were dominated by Computer and Internet Information, Online Shopping and Business and Economy.
- 12 of these top sites were serving active code from risky “background sites” marked as Adult and Pornography, Gambling, Uncategorized Business and Economy or Content Delivery Networks.
- Visiting these top 50 sites resulted in active code from no less than 233 different background domains.
“If you knew that an employee visiting a top 50 Singapore website could be exposing your browser to nearly a hundred hidden scripts, would it make you think twice?” asks Boo. “The recent ‘Lazarus Group’ investigation showed how they could target banking, crypto-currency and casino networks by infecting their users’ most trusted websites – the so-called industry ‘watering holes’ – to gain a toe hold for deeper penetration. So this report is a real eye-opener.”
Menlo Security, a pioneer of cloud-based security isolation technology, was recently named to CRN’s annual Security 100 for 2017 and designated as one of the 20 Coolest Web, Email and Application Security Vendors. It will also be issuing regular reports for other national Top 50 websites.
About Menlo Security
Menlo Security protects organizations from cyber-attack by eliminating the threat of malware from Web, documents and email. Menlo Security’s cloud based Isolation Platform easily scales to provide comprehensive protection across organizations of any size without requiring endpoint software or impacting end user experience. Menlo Security is trusted by some of the world’s largest enterprises, including Fortune 500 companies and financial services institutions. Backed by General Catalyst, Sutter Hill Ventures, JPMorgan Chase and Osage University Partners, Menlo Security is headquartered in Menlo Park, California. For more information, visit http://www.menlosecurity.com or @menlosecurity
