Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Google Produces an Informal Web Threat Report, Shares Insights

As part of Google’s Safe Browsing initiative that launched five years ago, the search giant had the goal of protecting Internet users from malicious content of various types, including phishing sites, malware, and poisoned search results.

While most of the major security vendors produce their own threat reports on an ongoing basis, Google hasn’t always shared the numbers behind what its platform sees and blocks on an ongoing basis.

As part of Google’s Safe Browsing initiative that launched five years ago, the search giant had the goal of protecting Internet users from malicious content of various types, including phishing sites, malware, and poisoned search results.

While most of the major security vendors produce their own threat reports on an ongoing basis, Google hasn’t always shared the numbers behind what its platform sees and blocks on an ongoing basis.

Today, however, Google has shared some interesting Web threat statistics, and while the information was not published as an official “threat report”, the company has provided some great insight into the growth of malicious activity across the Web.

Through its massive infrastructrure and reach, Google has developed a platform that automatically detects malicious across the Internet, and distributes warnings to end users and even network administrators.

Through built-in protection for Chrome, Firefox, and Safari, Google said it protects approximately 600 million Internet users and issues several million warnings each day to those users.

Other key metrics and tidbits shared by Google include:

• The company provides a free and public Safe Browsing API that allows other organizations to keep their users safe by using the data Google has compiled.

• Google said it discovers about 9,500 new malicious websites every day – These sites could be either innocent sites that have been compromised by cybercriminals, or purpose-built sites designed for malware distribution or phishing.

Advertisement. Scroll to continue reading.

• Approximately 12-14 million Google Search queries per day show warnings in order to caution users from going to sites that may be compromised.

• Google provides malware warnings for about 300,000 downloads per day through its Chrome download protection service.

• Google also sends thousands of notifications daily to Internet Service Providers (ISPs) & CERTs to help them keep their networks clean.

While Google says it still sees some of the same techniques it did over five years ago, phishing attacks are also getting more creative, as well as faster and more diverse. In particular, Google noted that many phishing URLs remain online for less than an hour in an attempt to evade detection. A recent report from the Anti-Phishing Working Group (APWG) also showed plunging phishing times.

“The uptime of a phishing attack is an important factor in determining how damaging phishing attacks are and also can measure the success — or failure — of mitigation efforts,” noted Ram Mohan, EVP and CTO at Afilias, in a recent column analyzing a recent APWG Phishing report. “The longer a phishing attack remains active (“up”), the more severe the damage the victims and target institutions are likely to incur. Compared to an average up time of 73 hours in the second half of 2010, the average uptime for an attack in the same period a year later was 11 hours and 43 minutes.”

Additionally, Google along with most other security vendors, says that spear phishing (targeted) attacks have become increasingly common. When a legitimate website is compromised, it’s often modified to load content from a malicious third party site, or to redirect users to an attack site which often delivers “Drive by downloads” to visitors.

Growth in Malicious Websites

“Google is providing a good base-line for security and are definitely providing value to the Internet ecosystem,” Patrik Runald, Director of Websense Security Labs told SecurityWeek. “Their statistics for phishing and how long a phishing site stays up is in line with what Websense is seeing. The same goes for compromised sites which make up the majority of malicious sites we identify. We see a pattern of many compromised sites leading to a few number of malicious sites.”

“Our adversaries are highly motivated by making money from unsuspecting victims, and at great cost to everyone involved,” Niels Provos, a member of Google’s Security Team, wrote in a blog post. “Our tangible impact in making the web more secure and our ability to directly protect users from harm has been a great source of motivation for everyone on the Safe Browsing team. We are also happy that our free data feed has become the de facto base of comparison for academic research in this space.”

Action Items – What can you do?

Website owners can register their website with Google Webmaster Tools in order to be alerted if Google finds suspicious code on their website.

Internet Service Providers (ISPs) & CERTs can sign up to receive frequent alerts from Google in order to help them keep their networks clean. If you’re a network administrator and haven’t yet registered your AS, you can do so here.

“Phishing is here to stay,” Mohan concludes. “While techniques for fighting these criminals are necessarily evolving along with the criminal activity itself, the lack of aggressive takedown programs and effective metrics and service levels has created a situation where criminals can depend upon cheap and poorly administered TLDs to wreak havoc on unsuspecting Internet users. As in all things digital, it pays to be careful before you click!”

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.