Full Report
We explain what suspicious websites are and how to distinguish a safe site from a fraudulent one. A new category in Kaspersky solutions: we're sharing global statistics on untrusted site detection.
Analysis Summary
# Best Practices: Identifying and Mitigating Suspicious Websites
## Overview
These practices address the growing threat of "untrusted" or "suspicious" websites—sites that, while not yet confirmed as hosting malware or phishing, exhibit technical characteristics associated with fraudulent activity. These practices focus on proactive detection and the reduction of the attack surface by identifying indicators of risk before an actual exploit occurs.
## Key Recommendations
### Immediate Actions
1. **Deploy Threat Intelligence-aware DNS or Browsing Protection:** Use security solutions that categorize sites as "Suspicious" or "Untrusted" based on reputation rather than just known signatures.
2. **Verify Domain Aging:** Be extremely cautious with websites registered within the last 3–6 months, as fraudulent sites rarely have long-term histories.
3. **Visual and Technical Audit:** Check for HTTPS (SSL certificates are mandatory but not a guarantee of safety), typographical errors in the URL (typosquatting), and inconsistent branding.
### Short-term Improvements (1-3 months)
1. **Employee Awareness Training:** Implement regular training sessions focused on identifying "red flags" (e.g., unusual countdown timers, requests for sensitive info on non-banking sites, or dramatic discount offers).
2. **Browser Policy Enforcement:** Standardize browser configurations across the organization to block pop-ups, prevent auto-downloads, and enforce "Safe Browsing" modes.
### Long-term Strategy (3+ months)
1. **Zero-Trust Web Access:** Move toward a model where access to "Uncategorized" or "Suspicious" web categories is blocked by default or isolated in a virtual container.
2. **Automated Statistics Monitoring:** Integrate global untrusted site statistics into the internal Security Operations Center (SOC) dashboard to monitor trends in regional or sector-specific threats.
## Implementation Guidance
### For Small Organizations
- **Focus on Endpoint Security:** Use a reputable antivirus/security suite that includes web protection modules to handle the heavy lifting of site categorization.
- **Enable Browser Defaults:** Ensure all staff use browsers with built-in phishing protection (e.g., Chrome Safe Browsing) enabled.
### For Medium Organizations
- **Centralized Web Gateway:** Implement a Web Proxy or Secure Web Gateway (SWG) to filter traffic at the network level, preventing users from reaching high-risk TLDs (top-level domains).
- **Phishing Simulations:** Run quarterly simulations using domains that mimic "suspicious" characteristics to measure employee resilience.
### For Large Enterprises
- **Remote Browser Isolation (RBI):** Routine access to "untrusted" or "uncategorized" websites should be executed within an isolated browser environment to prevent local machine infection.
- **TI Feed Integration:** Subscribe to real-time Threat Intelligence (TI) feeds that provide granular data on newly registered domains (NRDs) and suspicious IP ranges.
## Configuration Examples
* **Content Filtering Policy:**
* *Action:* Block or Warn
* *Categories:* "Newly Registered Domains", "Uncategorized", "Suspicious/Untrusted".
* **SSL/TLS Inspection:**
* *Configuration:* Enable HTTPS inspection on the gateway to scan for hidden malicious payloads within encrypted traffic, ensuring exceptions are made for sensitive categories (e.g., Finance, Healthcare).
## Compliance Alignment
- **NIST SP 800-53:** Controls for Information Flow Enforcement (AC-4) and Malicious Code Protection (SI-3).
- **ISO/IEC 27001:** Specifically addressing Annex A.12.6 (Management of technical vulnerabilities).
- **CIS Controls:** Control 9 (Email and Web Browser Protection).
## Common Pitfalls to Avoid
- **Over-reliance on HTTPS:** Assuming a site is safe because it has a "Padlock" icon. Attackers frequently use free Let's Encrypt certificates.
- **Ignoring "Uncategorized" Sites:** These are often the staging grounds for new attacks that haven't been indexed by security vendors yet.
- **Manual Whitelisting:** Permitting sites based on user requests without a technical security review or domain age check.
## Resources
- **Kaspersky Securelist:** [securelist[.]com]
- **Google Safe Browsing Transparency Report:** [transparencyreport[.]google[.]com/safe-browsing]
- **NIST Cybersecurity Framework:** [nist[.]gov/cyberframework]
- **URLVoid (Domain Reputation Check):** [urlvoid[.]com]