Mimecast: what are malicious websites?

Cybercriminals work hard to exploit vulnerabilities and trick people into divulging personal information. One of the methods they use – creating malicious websites – has become widespread. In January 2021, for example, Google had over 2 million phishing websites.[1] Understanding how to protect your business from these websites is critical to keeping devices, networks, and data secure.


What is a malicious website?

If an employee is tricked by a malicious website, it could expose your business to crimes such as data theft or ransomware. Cybercriminals design malicious websites to collect information and install malware on a visitor’s device when that person performs an action, such as clicking a link or downloading software. In some cases, no action is needed, and a “drive-by” download can be planted on anyone simply visiting the site.

These fake websites often impersonate legitimate sites and use phishing emails to lure visitors. An employee may be asked to enter login credentials, for example, which could then be used to break into your company’s network to steal valuable information. Or a staff member may inadvertently download a file or software that could launch a ransomware attack, shutting down access to your company’s systems until a ransom is paid.


Examples of malicious websites

Cybercriminals have become increasingly sophisticated in their abilities to render malicious websites harmless, resulting in many successful phishing and malware campaigns. These three examples illustrate the opportunistic ways in which people have been tricked into disclosing sensitive information.

  • The cybercrime syndicate BAHMUT developed illegitimate news websites that copied the headlines of genuine news sources in order to target consumers, government officials and businesses with phishing campaigns.[2] Links on these malicious websites redirected visitors to phishing sites that requested user login credentials for Google, Yahoo, Microsoft and others.

  • In 2017, a data breach at a leading credit bureau exposed the personal information of nearly 150 million people. Two years later, when the bureau’s settlement claims website was launched, cybercriminals began launching copycat websites in an attempt to steal personally identifiable information.[3]

  • Cybercriminals attempted to capitalize on the COVID-19 pandemic by launching fake websites that appeared to be legitimate coronavirus dashboards.[4] These websites allegedly trick visitors into downloading an app to help them keep up to date with the pandemic, infecting the visitor’s computer with malware called AZORult. This malware is used to steal browsing history, cookies, passwords, cryptocurrency and more.


How to identify a malicious website

Some fake sites can be very difficult to spot. Other malicious websites are more obvious, and they have telltale signs. For example, a malicious website can:

  • Ask a visitor to download software, save a file, or run a program when it seems unnecessary.

  • Alert a visitor that their device is infected with malware or that their software is outdated.

  • Claiming that a visitor has won a prize, while requiring personal information to claim it.

  • Use HTTP as the web address prefix instead of the secure HTTPS protocol. HTTPS uses encryption to increase the security of data transfers while HTTP does not.

  • Contain errors, such as misspellings in the body of the website or in the URL, or graphic design that does not match that of a legitimate brand.


How to protect against malicious websites

Not only is it important for employees to know how to identify malicious websites, but it’s also important for security teams to take proactive steps to protect against them. For organizations, these steps include:

  • Block access to malicious websites.

  • Install and maintain anti-virus software, which detects and prevents potential infections.

  • Enable pop-up blockers, to disable windows that might contain malicious code.

  • Installing or enabling a firewall, which prevents certain types of infections by blocking malicious traffic before it enters a device.

  • Monitoring accounts for unauthorized use or activity.

  • Keep computer software and operating systems up to date.

  • Educate employees to identify malicious websites and report them to the corporate security team.

Tools that protect against email-borne threats like URL Phishing come with varying degrees of security. Some email systems only inspect URLs during initial delivery, which attackers can circumvent by using a benign site that later turns into a malicious site. Similarly, endpoint-based email security controls are generally ineffective in protecting organizations against URL-based email attacks.

Services like those of Mimecast Use proprietary threat intelligence and analytics to detect and block malicious URLs. They include techniques such as pre-click URL discovery, browser isolation, which opens suspicious websites in a separate container, and other safeguards.


The essential

Malicious websites can seriously harm the safety and security of an organization’s data and systems. Protecting against them requires a combination of education and good browsing hygiene, as well as having the right tools and technologies in place.

[1]Phishing 101: How it works and what to look for,” Safety Blvd.

[2]BlackBerry uncovers huge hack-for-hire group,” Blackberry

[3]Beware of Fake Settlement Websites,” U.S. Federal Trade Commission

[4]COVID-19, Info Stealer and the threat map,” Reason Laboratories

About Stuart M. McFarland

Check Also

How to check score on karesults.nic.in

Karnataka PUC II Results 2022 Date, Time and Websites: The Department of Pre-University Education (EUPD) …