Author Archives: Netcraft

RSA Conference 2024 – Where it all started and where to find our team 

Posted on by

On Monday 6th May, Netcraft will be heading to San Francisco along with thousands of other cyber security professionals for RSA Conference 2024. If you’re attending too, we thought we’d share a few insights into how it all started. Use them in line for coffee or at an evening event to show off your extensive knowledge of asymmetric cryptography algorithms (that’s a mouth full). If you’re at the event and would like to say hello, visit us at booth 362 in the South Expo Hall or register here and we’ll reach out.

RSA is one of the oldest encryption algorithms that is still widely used today for secure data transmission. It was originally published in 1977 and is classed as a public-key or asymmetric cryptography algorithm meaning it has two separate keys, one to encrypt data and a different one to decrypt. If two parties want to talk, each party can send the other party a public encryption key that they can use to encrypt messages they wish to send. They can both keep their decryption key private, making it a secure way of sending secret messages.

A diagram showing the asymmetric cryptography technique used by the RSA algorithm.

RSA however, is a relatively slow algorithm and so is not commonly used to directly encrypt user data. Instead, it can be used to transmit keys for symmetric cryptography, a class of encryption algorithm where the same key is used to both encrypt and decrypt the data. The symmetric algorithm is usually much faster and used for bulk encryption and decryption of the data. This use of RSA is one of the methods that can be used in TLS which is widely known for authenticating and securing connections across the internet such as in browsers, mobile apps and even over-the-air updates …

Continue reading RSA Conference 2024 – Where it all started and where to find our team 

New Year, New Scams – Health product scam campaigns abusing cheap TLDs

Posted on by

In recent months, we’ve noticed an increased number of high-volume health product campaigns that exploit cheap top-level domains (TLDs), reaching up to 60% of a TLD’s daily domain registrations.

This blog looks at current trends around health product scams and examines some of the TLDs providing domain names for these large campaigns.  

Dragons’ Dens and Shark Tanks

Health product scams frequently take the form of fake news articles, often impersonating specific newspapers and featuring celebrity endorsements from well-known media figures who have supposedly used the products that are targeted. In this sense, they are similar to the cryptocurrency investment scams we’ve blogged about previously.

Recent scams impersonate organizations such as Fox News, the Daily Mail, The Today Show, and the New York Times, with the latest campaign of health product scams centered around products backed by the judges from the popular TV series Shark Tank (in the US) or Dragons’ Den (in the UK).

A screenshot of a website claiming to be supported by Shark Tank

These articles then use affiliate links to direct users to landing pages that sell products, especially weight loss gummies that purport to induce ketosis, but also other products such as skincare creams, erectile dysfunction supplements, and teeth whitening kits.  

The products (and even the landing pages selling them) may be legal. Still, fake news articles that lure victims to these sites frequently misrepresent the product with false claims and often profit from affiliate marketing. In fact, in the US, the Federal Trade Commission released a consumer warning following the Shark Tank campaigns, which leads with the headline ‘Did your favorite Shark Tank celebrity really endorse THAT? Probably not.’

We often see these types of scams advertised on social media platforms such as Facebook, where accounts have been compromised using credentials captured by a phishing website, similar to how LinusTechTips was

Continue reading New Year, New Scams – Health product scam campaigns abusing cheap TLDs

Phishing attacks already using the .zip TLD

Posted on by

On May 3rd, Google Registry launched eight new top-level domains (TLDs) “for dads, grads and techies”, including a .zip TLD. While these new TLDs come with benefits such as automatic inclusion on the HSTS preload list, the launch of new TLDs has always presented cyber criminals with the opportunity to register domains in bad faith.

Parts of the security community, such as the SANS ISC, have already identified the potential for fraud via the potential conflation of a universally known file extension (.zip) with a TLD. TLDs overlapping with file extensions is not a new problem: .com is also an executable format, .pl represents both Poland and Perl scripts, and .sh represents Saint Helena and Unix shell scripts.

Earlier this week, we investigated existing registrations using the .zip TLD and confirmed that there is already evidence of fraudulent activity.

Continue reading Phishing attacks already using the .zip TLD

Netcraft among the UK’s 100 fastest growing technology companies

Posted on by

According to a list compiled by E2E and published in partnership with the Independent newspaper, Netcraft is amongst the 100 fastest growing technology companies in the UK.
The E2E Tech 100 showcases companies that are excelling, experiencing consistent growth, and creating an impact not just in their own sector, but also on a nationwide or global scale.
Netcraft appear in the Tech 100 table, based on independent research and data analysis by Experian. Continue reading Netcraft among the UK’s 100 fastest growing technology companies

April 2023 Web Server Survey

Posted on by

In the April 2023 survey we received responses from 1,115,422,029 sites across 272,511,659 domains and 12,089,407 web-facing computers. This reflects a gain of 3.2 million domains but a loss of 596,923 sites and 16,775 web-facing computers.

nginx experienced large growth for both sites and domains this month. In our April survey, we saw 292.5 million sites running nginx, an increase of 3.0 million since March (+1.04%), and 74.2 million domains, an increase of 1.6 million (+2.23%). It now accounts for 26.23% of sites (+0.28pp) and 27.25% of domains (+0.27pp).

LiteSpeed had the largest loss by sites, dropping down to 56.2 million sites (-5.43%). This takes its share of sites to 5.04% from 5.33% (-0.29pp). Despite this, its number of domains increased, reaching 9.4 million (+1.43%).

OpenResty also saw significant losses this month, totalling a loss of 1.8 million sites (-2.07%) and 232,493 domains (-0.60%). OpenResty now accounts for 7.78% of sites and 14.1% of domains seen by Netcraft, down by 0.16pp and 0.26pp respectively.

In contrast to its performance in recent months, Apache gained both sites and domains this month: its usage increased by 1.1 million sites (+0.47%) and 1.8 million domains (+3.07%). Apache now accounts for 20.7% of sites (+0.11p) and 21.8% of domains (+0.40pp). Apache continues to lead in our active sites metric – which only counts sites with distinct content – where it holds a 20.79% share, ahead of nginx’s 19.07%.

The market share within the top million sites was relatively stable this month. nginx had the biggest drop, losing 688 sites (-0.32%), and Cloudflare had the biggest increase, gaining 711 sites (+0.33%). Cloudflare continues to lead in the top million sites, holding a 21.69% market share, 0.32 percentage points ahead of nginx.

In terms of web-facing computers, nginx led this month with a 6,541 increase (+0.14%), whereas Microsoft saw the largest decrease with a 20,360 loss (-1.66%). The standings for market share by computer count are now: 38.88% nginx (+0.11pp), 27.02% Apache (+0.01pp) and 9.99% Microsoft (-0.15pp).

Vendor news

  • nginx 1.23.4 was released on 28th March 2023. It enables TLSv1.3 by default.
  • njs 0.7.2 was released on 10th April 2023. It includes a new compression module ‘zlib’, providing support for the DEFLATE compression algorithm.
  • Apache 2.4.57 was released on 6th April 2023, containing minor bug fixes.
  • LiteSpeed 6.1.1 was released on 12th April 2023.
Total number of websites
Web server market share
Developer March 2023 Percent April 2023 Percent Change
nginx 289,510,060 25.94% 292,527,297 26.23% 0.28
Apache 229,628,183 20.58% 230,706,481 20.68% 0.11
Cloudflare 113,533,078 10.17% 113,441,471 10.17% -0.00
OpenResty 88,587,110 7.94% 86,755,371 7.78% -0.16

Continue reading April 2023 Web Server Survey

LinusTechTips YouTube channels hacked to promote cryptoscams

Posted on by

The hijacking of YouTube accounts to promote bogus cryptocurrency schemes is nothing new. At Netcraft, we’ve previously blogged about the scale of cryptocurrency scams, and we saw attacks on at least 2,000 distinct IP addresses every month in the past year. Cryptocurrency-themed attacks remain popular with cybercriminals, but yesterday we had the opportunity to observe the recent high-profile attack on LinusTechTips as it unfolded.

This blog post explains what we saw, and how we protected our users from the scam sites hours before the compromised channels were taken down. All times in this post are GMT.

Continue reading LinusTechTips YouTube channels hacked to promote cryptoscams