SecurityWeek reports that the imminent shutdown of the Alexa Top Sites and Web Information Service APIs on Dec. 15 following the retirement of Alexa.com at the beginning of the month is a major hit for cybersecurity.
Many cybersecurity experts have been using the Alexa Top 1 Million list to examine popular websites' security practices and postures and while DomainTools announced last month that it will be creating its own list, security researchers will have to determine Alexa list dependencies in the short-term, according to Victor Le Pochat of the imec-DistriNet research group at KU Leuven.
"In the longer term, these researchers should consider for what purposes they use popularity rankings, and whether they fully understand the implications. For example, we showed in our 2019 paper that these rankings contain known malicious domains. This need not be surprising if a malicious campaign is widespread, any domain name it abuses does technically become 'popular'," Le Pochat said.
Meanwhile, LARES Consulting Chief Operating Officer Andrew Hay emphasized the impact of the Alexa shutdown on algorithms used by security vendors for analytics and baseline heuristics.
"The loss of the Alexa repository will find security vendors scrambling to find a new external source of traffic data - a potential monetization opportunity for the large Internet Service Providers," Hay added.