Google has trumpeted its Safe Browsing alerts as a key component in redirecting victims away from potentially malicious websites.
An offshoot of that work is that apparently webmasters heed those warnings too and remediate vulnerabilities and bugs quicker.
A co-branded study between Google and the University of California-Berkeley looked at more than 760,000 website hijackings between July 2014 and June 2015 as flagged by Google Safe Browsing and its Search Quality cousin.
Google determined that Safe Browsing warnings correlate with quicker remediation times, though not as quick as direct contact with webmasters who have registered with Google Search Console.
“We observe that direct communication with webmasters increases the likelihood of cleanup by over 50 percent and reduces infection lengths by at least 62 percent,” researchers wrote in a report called “Remedying Web Hijacking: Notification Effectiveness and Webmaster Comprehension.” “Absent this open channel for communication, we find browser interstitials—while intended to alert visitors to potentially harmful content—correlate with faster remediation.”
While webmasters and IT teams may clean up vulnerabilities in short order, the Google-Berkeley study determined that the root cause of incidents is also highly likely to be ignored.
“Based on appeal logs where webmasters alert Google that their site is no longer compromised, we find 80 percent of operators successfully clean up symptoms on their first appeal,” the researchers wrote. “However, a sizeable fraction of site owners do not address the root cause of compromise, with over 12% of sites falling victim to a new attack within 30 days.”
It’s difficult to recall a time when website security was more of a paramount concern. Exploit kits, for example, continue to target vulnerabilities online and once they have a grip on a website, they’re being used to push malware—ransomware in particular of late—at epidemic rates.
Google estimates that it detected 16,500 new sites on a weekly basis that are compromised. Most of the flaws being targeted are old and patches are available. To better help webmasters address root cause issues, Google said direct contact with webmasters is key. Those who register with Search Console, a collection of webmaster resources maintained by Google, get help locking down their sites 75 percent of the time, compared to instances where Google did not have a webmaster email address and instead relied on browser warnings (54 percent success rate) and search warnings (43 percent).
Emails to webmaster, Google said, can also include tips about pages that include malicious content and facilitate clean up within three days on average.
“By empowering small website operators—the largest victims of hijacking today—with better security tools and practices, we can prevent miscreants from siphoning traffic and resources that fuel even larger Internet threats,” the researchers wrote.