Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Google Analyzes Effectiveness of Website Hack Notifications

Google has teamed up with the University of California, Berkeley to conduct a study on the effectiveness of notifications sent out by the company to webmasters whose websites have been compromised.

Google has teamed up with the University of California, Berkeley to conduct a study on the effectiveness of notifications sent out by the company to webmasters whose websites have been compromised.

The company said it detected nearly 800,000 compromised websites over the last year, with 16,500 new sites getting hacked every week. When Google’s Safe Browsing and Search Quality systems detect an unsafe site, users are notified of the potential threat through warnings displayed in the web browser and search results labeled accordingly. In addition to browser and search warnings, webmasters are directly notified via Google Analytics and email (if they register on Search Console). In some cases, Google will also send an alert to the email address found in the compromised site’s WHOIS records.

It’s worth pointing out that websites flagged as malicious by Safe Browsing are re-scanned after 14 days, while Search Quality analyzes sites each time they are visited by Google’s crawler. Webmasters can appeal warnings tied to their website at any time.

The analysis conducted by researchers at Google and the University of California, Berkeley showed that nearly 60 percent of hijacking incidents were resolved by webmasters over the 11-month period of the study. Of these sites, 6.6 percent were cleaned up within a day, 27.9 percent within two weeks, and 41.2 percent within one month.

The websites that were still infected at the end of Google’s study remained in that state for a median of four months, with 10 percent of infections dating back over eight months.

Researchers determined that in cases where hacked websites were only flagged in Google Search, the cleanup rate was just over 43 percent. The cleanup rate increased to nearly 55 percent for cases where search and browser warnings were displayed and alerts had been sent to WHOIS email addresses.

For webmasters who signed up for the Search Console service and received a direct alert, remediation rates increased to 82.4 percent for Safe Browsing and 76.8 percent for Search Quality, which suggests that a direct line of communication is critical for remediation efforts.

The study also shows that webmasters who are notified directly clean their websites 62 percent faster (typically within 3 days), a result that has been attributed to the fact that the emails sent out by Google include remediation tips and information on the pages containing harmful content.

Advertisement. Scroll to continue reading.

While many webmasters manage to remedy infections, in some cases they fail to properly address the root cause and their websites are hijacked once again. Based on data from Google, 22.3 percent of Search Quality sites and 6 percent of Safe Browsing sites become reinfected within one month. More than 10 percent of Safe Browsing and over 20 percent of Search Quality websites are reinfected within one day.

Google has advised webmasters to sign up for Search Console to ensure that they’re quickly notified if their websites are compromised. As for hosting and other online services providers, the search giant recommends establishing a reliable communications channel.

“If you’re a hosting provider or building a service that needs to notify victims of compromise, understand that the entire process is distressing for users. Establish a reliable communication channel before a security incident occurs, make sure to provide victims with clear recovery steps, and promptly reply to inquiries so the process feels helpful, not punitive,” Kurt Thomas and Yuan Niu of Google Spam & Abuse Research wrote in a joint blog post.

Related: Google Study Compares Top Security Practices of Regular Users, Experts

Related: Google Blocked 780 Million “Bad Ads” in 2015

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.