Thousands of shop, bank, and government websites shut down by EV revocation
13th July, 2020
More than two thousand sites using Extended Validation certificates stopped working this weekend and remain inaccessible today (Monday), including those run by banks, governments, and online shops. The EV certificates used by these sites were revoked on Saturday, and have yet to be replaced. Most visitors using modern web browsers are completely locked out: this certificate error cannot be bypassed in Chrome, Firefox, Safari, or Microsoft Edge.
Chrome’s unbypassable revoked certificate interstitial on online.anz.com. ANZ is one of the"big four" Australian banks.
The first batch of revocations happened this weekend. While most of the certificates revoked on Saturday 11th July have been correctly replaced and reinstalled, many have not.
On Monday morning, Netcraft found 3,800 sites still using EV certificates issued by the affected sub-CAs. Of these 3,800, more than 2,300 were still using a revoked EV certificate, completely disabling the sites for users in modern browsers, which handle EV revocation more robustly than other types of certificate. The remainder are yet to be revoked.
Many organisations appear to have been caught unawares, continuing to use revoked EV certificates, including The State Bank of India, Rackspace, Authorize.net, ANZ Bank, and Telegram.
Authorize.net using a revoked EV certificate
The New Zealand government using a revoked EV certificate
Wirecard, the beleaguered German payment processor, briefly had its main site, www.wirecard.com, displaying a certificate warning early on Monday, but the certificate has since been replaced with a working non-EV certificate. There are still a number of Wirecard domains with revoked certificate warnings.
Protect against Shopping Site Skimmers and Fake Shops with the Netcraft Extension
12th July, 2020
The current coronavirus pandemic has resulted in the closure of many pubs, restaurants, and brick-and-mortar retail stores. Many purchases that would previously have been made in person now take place online. In research commissioned by Visa, 89% of Britons have shopped online since the UK’s lockdown restrictions began, with 31% buying items online for the first time during this period. This increase in online shopping activity benefits criminal groups in that: smaller businesses newly reliant on online transactions provide attackers with a stream of inadequately-defended shopping sites to exploit, and buyers are far more likely to be driven to these compromised shops or to fake shops compared to before the pandemic.
JavaScript skimmers run on compromised shopping sites. When shoppers enter their payment details, the skimmer secretly sends a copy to the attacker - potentially even if the customer does not complete the transaction. Even the most careful of users can be victims of these attacks, as they appear on compromised but otherwise well-intentioned shops with no visual indication of their presence.
Fake shops are another threat. Shoppers seeking bargains may unknowingly find themselves on a fake shop which claims to offers the products they want at a highly discounted price, but the victim will subsequently only receive counterfeit goods, no goods at all, or have the transaction aborted after entering credentials which is equivalent to a phishing attack.
Fake shops also take advantage of the pandemic by offering goods in high demand due to coronavirus, such as N95 masks. The FBI has released a Public Service Announcement about an increase in online shopping scams involving the sale of counterfeit healthcare products such as Personal Protective Equipment (PPE). To date, Netcraft has blocked over a thousand such coronavirus-themed fake shops, 80,000 other fake shops selling all sorts of counterfeit goods, and around 3,500 compromised shops hosting JavaScript skimmers.
The Netcraft browser extension and mobile apps provide protection against fake shops as well as legitimate shopping sites that have been compromised with JavaScript skimmers. When an extension or app user visits one of these dangerous shops, Netcraft will block access to the shop and alert them:
Visiting a fake shop without the Netcraft extension
Visiting a fake shop with the Netcraft extension
Most Reliable Hosting Company Sites in June 2020
2nd July, 2020
| Rank | Performance Graph | OS | Outage hh:mm:ss |
Failed Req% |
DNS | Connect | First byte |
Total |
|---|---|---|---|---|---|---|---|---|
| 1 | www.choopa.com | Linux | 0:00:00 | 0.000 | 0.238 | 0.004 | 0.020 | 0.020 |
| 2 | Webair | Linux | 0:00:00 | 0.000 | 0.314 | 0.070 | 0.141 | 0.141 |
| 3 | ServerStack | Linux | 0:00:00 | 0.000 | 0.234 | 0.085 | 0.169 | 0.169 |
| 4 | Pair Networks | Linux | 0:00:00 | 0.000 | 0.348 | 0.096 | 0.192 | 0.192 |
| 5 | www.flexential.com | Linux | 0:00:00 | 0.005 | 0.273 | 0.088 | 0.175 | 0.175 |
| 6 | Rackspace | Linux | 0:00:00 | 0.010 | 0.466 | 0.013 | 0.029 | 0.030 |
| 7 | Hyve Managed Hosting | Linux | 0:00:00 | 0.010 | 0.176 | 0.075 | 0.150 | 0.150 |
| 8 | Swishmail | Linux | 0:00:00 | 0.010 | 0.239 | 0.082 | 0.164 | 0.164 |
| 9 | www.dinahosting.com | Linux | 0:00:00 | 0.010 | 0.304 | 0.094 | 0.188 | 0.188 |
| 10 | EveryCity | SmartOS | 0:00:00 | 0.015 | 0.239 | 0.077 | 0.155 | 0.155 |
The most reliable hosting company site in June 2020 belonged to Choopa.com, with no failed requests and the fastest average connection time. Choopa.com offers cloud hosting, dedicated hosting and colocation in its own primary facility in Piscataway, New Jersey as well as smaller facilities in Los Angeles, Amsterdam, and Tokyo.
The top four sites each responded to all of Netcraft's requests in June and were separated by average connection time. Webair, ServerStack and Pair Networks complete the top four. Webair provides colocation as well as managed cloud services from its data centres in New York, Los Angeles, Montreal, and Amsterdam. ServerStack has now appeared in the top 10 for the past five consecutive months.
Fake shops are making a killing from counterfeit trainers
29th June, 2020
Online shopping has surged since lockdown started in March. Many of us, looking to be healthier, have headed online for sports equipment and a number of sportswear retailers have reported booming online sales. John Lewis recorded a 72% increase in total sports shoe sales, while Adidas and Puma have both seen an increase in ecommerce revenue.
Shoppers browsing online for the best deals, however, need to take care, as many people would be surprised at the scale of fake shops. Each day we find new fake shops designed to entice shoppers away from bona fide outlets, as many brands have yet to find effective countermeasures.
Counterfeit shoes, clothing and other accessories are estimated to lose the industry more than €26 billion each year in the EU alone, while the loss due to all online counterfeiting is estimated at $323 billion a year. The OECD estimated that over 3% of all imports worldwide are counterfeit.
Traditionally fake shops claim to sell luxury consumer goods at highly discounted prices. We have seen fake shops using at least three different models:
- Payment is accepted, but no goods are delivered.
- At the end of the checkout process, an error message is displayed such as “Out of Stock” and no transaction occurs. This is equivalent to a phishing attack, as the fake shop has the consumer’s credentials.
- Payment is accepted, and goods are delivered. The quality of goods varies between junk and identical to the bona fide item.
Trainers are the most counterfeited goods
We currently block around 75,000 fake shops in our extension and apps. Of these, roughly half target a specific brand, such as Nike or Adidas. About 70% of the fake shops selling branded goods sell shoes, predominantly trainers.
Corroborating this, European customs authorities handle more cases of counterfeit sports shoes than any other type of product.
Fake shops by type of goods sold
June 2020 Web Server Survey
25th June, 2020
In the June 2020 survey we received responses from 1,224,760,416 sites across 262,406,750 unique domains and 10,042,047 web-facing computers. This reflects a gain of 1.21 million domains and 149,000 computers, but a loss of 13.3 million sites.
Microsoft lost the largest number of sites – more than 20 million – taking its total down by 13% to 135 million. This has decreased its market share by 1.51 percentage points to 11.0%. Apache also suffered a sizable loss of 10.7 million sites, decreasing its total to 304 million and taking its share down by 0.60 points to 24.8%.
nginx continues to lead with a total of 449 million sites, an increase of 2.95 million since last month. Coupled with the other major vendors' losses, this has increased nginx's market share by 0.63 points to 36.6%.
nginx also showed the largest computer growth, with 115,000 more computers taking its total up to 3.35 million and putting it only 76,000 computers away from Apache's leading total.
While nginx looks set to soon become the largest vendor in terms of computers – possibly even by next month – celebrations by F5 Networks are likely to be marred by the latest developments in the dispute over the ownership of the nginx web server source code: it is now being sued by Lynwood Investments, who claim it owns the software.
The latest move comes after police raids on the offices of nginx and the home of one of its co-founders, Igor Sysoev, in December 2019. Russian search engine and e-commerce service provider, Rambler, alleged the webserver was developed while Igor Sysoev was a Rambler employee. Rambler transferred the rights to pursue the dispute to Lynwood Investments.
Meanwhile, nginx has also extended its recent new lead in the domains metric, with it now being used to host sites across 1.82 million more domains than last month.
Google was the only major vendor to gain active sites this month – a 2.12% increase to 19.3 million – and LiteSpeed was the only one to increase its presence among the top million websites, where it now has a share of 1.92%.
New vendor releases
nginx 1.19.0 mainline was announced on 26 May. This first release in the 1.19.* stream adds client certificate validation with OCSP, as well as a few bug fixes. The latest stable version is still 1.18.0, which was released in April. The difference between these two release streams is that the mainline branch is where new features are added, while the stable branches receive only security and bug fixes. This gives the stable releases a fixed feature set, which increases compatibility with third-party modules.
| Developer | May 2020 | Percent | June 2020 | Percent | Change |
|---|---|---|---|---|---|
| nginx | 445,724,550 | 36.00% | 448,673,487 | 36.63% | 0.63 |
| Apache | 315,019,262 | 25.45% | 304,288,405 | 24.84% | -0.60 |
| Microsoft | 155,042,311 | 12.52% | 134,874,928 | 11.01% | -1.51 |
| 44,304,867 | 3.58% | 43,449,240 | 3.55% | -0.03 |
Most Reliable Hosting Company Sites in May 2020
2nd June, 2020
| Rank | Performance Graph | OS | Outage hh:mm:ss |
Failed Req% |
DNS | Connect | First byte |
Total |
|---|---|---|---|---|---|---|---|---|
| 1 | EveryCity | SmartOS | 0:00:00 | 0.000 | 0.208 | 0.083 | 0.165 | 0.165 |
| 2 | www.flexential.com | Linux | 0:00:00 | 0.000 | 0.237 | 0.090 | 0.179 | 0.179 |
| 3 | Webair | Linux | 0:00:00 | 0.005 | 0.281 | 0.073 | 0.147 | 0.147 |
| 4 | ServerStack | Linux | 0:00:00 | 0.005 | 0.201 | 0.086 | 0.171 | 0.171 |
| 5 | www.choopa.com | Linux | 0:00:00 | 0.010 | 0.203 | 0.004 | 0.021 | 0.021 |
| 6 | Hyve Managed Hosting | Linux | 0:00:00 | 0.010 | 0.139 | 0.074 | 0.148 | 0.148 |
| 7 | CWCS Managed Hosting | Linux | 0:00:00 | 0.010 | 0.280 | 0.080 | 0.163 | 0.163 |
| 8 | GoDaddy.com Inc | Linux | 0:00:00 | 0.014 | 0.371 | 0.006 | 0.033 | 0.035 |
| 9 | Rackspace | Linux | 0:00:00 | 0.014 | 0.430 | 0.013 | 0.027 | 0.028 |
| 10 | Pair Networks | Linux | 0:00:00 | 0.014 | 0.320 | 0.101 | 0.201 | 0.201 |
In May 2020 EveryCity had the most reliable hosting company site, responding to all of Netcraft's requests with an average connection time of 83ms. For the past nine months EveryCity has appeared in the top 10 most reliable hosting company sites. EveryCity offers cloud hosting solutions and managed third-party services, with its primary data centre located in the heart of London.