Every marketer will tell you that getting to the coveted top position on Google search results page doesn’t just happen overnight. But how long then does it really take to rank in Google? The short answer is that it depends, while the long answer involves taking a closer look at what it depends on. This is exactly what a study carried by SEO tool provider Ahrefs has done.
The Ahrefs study first took a look at the average age of top-ranking pages in Google. After analyzing data on the Top 10 ranking pages for each of the 2 million randomly selected keywords, the team at Ahrefs calculated that the average Top 10 ranking page is over 2 years old, while those ranked at No.1 position are almost 3 years old, on average.
As it turned out, just 22% of pages that currently rank in Top 10 were created within 1 year. In other words, the study clearly showed that the Google search results page is dominated by “old” pages.
In order to answer the question of how long it takes for a page to rank in Google, Ahrefs tracked the position history of 2 million random pages that were first seen by their crawler a year ago. If you want to learn what conclusions the Ahrefs team made, check out the comprehensive infographic below by The Website Group.
Phone-breaking Android hole revealed
If Android’s December 2019 Security Update isn’t coming to your phone, it might be time for a new device. A massive denial of service attack could “brick” Android phones up to version 10.
Google has revealed a vulnerability that can allow an attacker to control the built-in camera app on device, as well as take recordings and photos. The warning comes in the Android Security Bulletin for December 2019, which shows the usual patches to vulnerabilities and security holes the company can find in Android. It relies on an in-house cybersecurity team that performs penetration tests, as well as academics in computer science, who provide the team with potential security risks.
Not all vulnerabilities are the same, with some that are relatively harmless to the device. This ranges up to the very severe “critical” rating, which could potentially leak user data or stop the device from functioning. Three of these critical vulnerabilities have been found and patched for the December 2019 Security Update.
The most worrying bug, from a privacy standpoint, is the vulnerability that can allow an attacker to control the built-in camera app on device, as well as take recordings and photos.
The most severe of them all is a permanent denial of service attack that stops a user’s smartphone from functioning. The scariest thing about this exploit is that “user interaction is not needed for exploitation” and “no additional execution privileges” are needed. This means, technically, a line of code hidden within an app could be triggered remotely to “brick” a phone.
So how does protect themselves from having a phone remotely bricked? That depends on who makes it.
Google’s own Pixel phones will have received the update already via settings. Samsung, on the other hand, is still sending out its monthly Security Maintenance Releases. However, the non-flagships can expect to wait longer than those with flagships. On a Samsung Galaxy A6+, the latest security update remains October 2019.
This pattern continues through to other manufacturers like Huawei and LG, who have to test the new security patches against the myriad of devices they have on the market. This point makes security tricky.
Nevertheless, the best thing one can do now is ensure automatic updates over Wi-Fi is enabled. On most Android devices, one can head over to Settings, then to Software Updates (which is sometimes under About Phone). After the phone checks for an update, it will show which version it is using, as well as the security patch level.
A rule of thumb for those who store sensitive data on their smartphones: as soon as your phone stops receiving security patches, it’s time to get another one.
Ransomware hits 174 cities
2019 has been the “year of ransomware attacks on municipalities” according to Kaspersky security experts. This comes after the company’s researchers observed that at least 174 municipal institutions, with more than 3,000 subset organisations, have been targeted by ransomware during the last year. This represents a 60% increase at least, from the figure in 2018. While threat actors’ demands would sometimes reach up to $5,000,000, actual costs and damages sustained during attacks are estimated to be larger. These are among the main findings of Kaspersky’s Security Bulletin: Story of the Year 2019.
Ransomware is a notorious headache for the corporate sector, affecting businesses around the world for a number of years. As if that wasn’t enough, 2019 has seen the rapid development of an earlier trend, where malware distributors have targeted municipal organisations. Researchers note that while these targets might be less capable of paying a large ransom, they are more likely to agree to cybercriminals’ demands. Blocking any municipal services directly affects the welfare of citizens and results, not only in financial losses but other socially significant and sensitive consequences.
Judging by publicly available information, the ransom amounts varied greatly, reaching up to $5,300,000 and $1,032,460 on average. The researchers noted that these figures do not accurately represent the final costs of an attack, as the long-term consequences are far more devastating.
“One must always keep in mind that paying extortionists is a short-term solution which only encourages criminals and keeps them funded to quite possibly return. In addition, once the city has been attacked, the whole infrastructure is compromised and requires an incident investigation and a thorough audit. This inevitably results in costs that are additional to ransom. At the same time, based on our observations cities might be sometimes inclined to pay because they usually cover the cyber risks with help of insurance and allocating budgets for incident response. However the better approach would be also investing in proactive measures like proven security and backup solutions as well as regular security audit,” comments Fedor Sinitsyn, a security researcher at Kaspersky. “While the trend of attacks on municipalities is only growing, it can be stifled and nipped in the bud by adjusting the approach to cybersecurity and what is more important by the refusal to pay ransoms and broadcasting this decision as an official statement.”
The malware that was most often cited as a culprit varies too, yet three families were named as the most notorious, by Kaspersky researchers: Ryuk, Purga and Stop. Ryuk appeared on the threat landscape more than a year ago and has since been active all over the world, both in public and in the private sector. Its distribution model usually involves delivery via backdoor malware which in turn spreads by the means of phishing with a malicious attachment disguised as a financial document. Purga malware has been known since 2016, yet only recently municipalities have been discovered to fall victims to this trojan, having various attack vectors – from phishing to brute force attacks. Stop cryptor is a relative novice as it is only one year old. It propagates by hiding inside software installers. This malware has been popular, number seven in the top 10 most popular cryptors ranking of Q3 2019.
To avoid such malware infiltrating organisations, Kaspersky has the following recommendations:
- It is essential to install all security updates as soon as they appear. Most cyberattacks are possible by exploiting vulnerabilities that have already been reported and addressed, so installing the latest security updates lowers the chances of an attack
- Protect remote access to corporate networks by VPN and use secure passwords for domain accounts
- Always update your operating system to eliminate recent vulnerabilities and use a robust security solution with updated databases
- Always have fresh back-up copies of your files so you can replace them in case they are lost (e.g. due to malware or a broken device) and store them not only on the physical object but also in cloud storage for greater reliability
- Remember that ransomware is a criminal offence. You shouldn’t pay a ransom. If you become a victim, report it to your local law enforcement agency. Try to find a decryptor on the internet first – some of them are available for free here:https://noransom.kaspersky.com
- Educating the staff in cybersecurity hygiene is necessary to prevent attacks from happening. Kaspersky Interactive Protection Simulation Games offer a special scenario for local public administration that is focused on threats relevant for them
- Use a security solution for organisation to protect business data from ransomware such as Kaspersky Endpoint Security for Business. The product has behaviour detection, anomaly control and exploit prevention capabilities that detect known and unknown threats and prevent malicious activity
- One can enhance their preferred third-party security solution with free KasperskyAnti-Ransomware Tool
Read the whole story of the year atSecurelist.com.
The full list of Kaspersky Security Bulletin stories with results from 2019 and predictions for 2020 is available by following this link.