In a gangbusters year for hackers, 75 percent of legitimate websites have vulnerabilities that potentially expose them — and anyone who visits their sites — to cybercriminals, according to a report released Tuesday.
With new unique pieces of malware up 36 percent year over year in 2015, website administrators have failed to "patch" the codes leading to cyberattacks, according to Symantec, a maker of data security software like Norton Antivirus. Symantec used data collected in 2015 from its products and third parties to compile a database of more than 74,000 vulnerabilities, it said in its 21st Internet Security Threat Report, published Tuesday.
Getting less spam, visiting reputable sites or switching to an iPhone may have helped consumers evade cyberthreats five years ago, but today, hackers have found ways around all those safeguards, the report details.
For one, attacks tend to come through widely used platforms like Internet Explore the report said. Indeed, 80 percent of the most-exploited vulnerabilities missed by vendors were in Adobe Flash, according to Symantec. Another common hack in 2015 involved customer service pop-up bots, prompting users to call an 800 number where they were sold worthless services, a scheme that popped up 100 million times last year.
While more legitimate businesses draw the attention of hackers — the average large business saw 3.6 successful attacks last year — it's increasingly hard for consumers to know whether they're at risk. There was an 85 percent climb in companies choosing not to report the number of records lost in an attack, the report said. That could tally to more than half a billion records, by Symantec's estimates.
"It's time for website administrators to step up and address the risks more aggressively," the report said.