Trust-Hacking: Cyber Criminals are Exploiting Traditional Measures of Trust on the Web

MENLO PARK, CA – February 5, 2018 – In its third annual State of the Web Report, released today, Menlo Security reveals that many of the supposedly safest neighborhoods of the web are in fact risky places to visit. Forty-two percent of the top 100,000 sites on the web, as ranked by Alexa, are either using software that leaves them vulnerable to attack or have already been compromised in some way. One rarely discussed problem is that the average website connects to 25 background sites for content, such as video clips and online ads. Most enterprise security administrators don’t have tools in place to monitor these connections, leaving them vulnerable to backdoor attacks. Efforts to sort sites into “good” and “bad” categories are largely ineffectual. The “Business and Economy” category, for example, had more “known bad” sites that had been used to launch attacks or distribute malicious code than “Gambling.” And, email hackers are using trusted hosting services to set up phishing sites, giving them safe-looking URLs. The results underscore Menlo's belief that in a world where no detection-based security technology is foolproof, it’s time for a new approach.

“This report confirms what most CISO’s already know: that a false sense of security is a dangerous thing when using the web,” says Amir Ben-Efraim, CEO of Menlo Security. “Despite website operators' best efforts, cyber-criminals can now exploit widespread vulnerabilities to compromise even the most trusted brands on the web." 

The report highlights the futility of using categorization services provided by many security vendors as a proxy for safety. For example, 49 percent of “News and Media” sites met Menlo’s criteria as “risky,” as 39 percent of “Business and Economy” sites and 38 percent of “Shopping” sites. Phishing and typosquatting also regularly occurs on sites in widely-trusted categories.

To read Menlo Security’s 2017 State of the Web Report, click here.

More Resources


About Menlo Security

Menlo Security protects organizations from cyberattacks by seeking to eliminate the threat of malware from the web, documents and email. Menlo Security's cloud-based Isolation platform scales to provide comprehensive protection across enterprises of any size without requiring endpoint software or impacting the end user experience. Menlo Security is trusted by major global businesses, including Fortune 500 companies and financial services institutions, and backed by General Catalyst, Sutter Hill Ventures, Engineering Capital, Osage University Partners, American Express Ventures, Ericsson Ventures, HSBC, and JP Morgan Chase. Menlo Security is headquartered in Palo Alto, California.

For more information, visit or @menlosecurity.

Contact Us: 

Renee Newby Friedman

Nothing gets in. Let us prove it.

Let Menlo Security's team of isolation security experts answer your questions or provide a demo of our ground-breaking Isolation Platform.