Website attacks turn to stealth to boost their success
The story of website attacks in 2018 was one of high profile cybercrime, targeted at cryptocurrency, business, elections and more.
A new report from website security specialist SiteLock reveals that attackers are now taking a stealthier approach.
Websites experienced 62 attacks per day on average in 2018 from more than 330 bots. Despite the high volume of attacks though the number of infected websites remained constant at one percent throughout 2018, equating to 17.6 million websites worldwide at any given time.
How likely a site is to be compromised is down to its risk factors. SiteLock uses a proprietary Risk Assessment, which analyzes more than 500 variables, to determine the factors that make a site susceptible to a breach. A high risk site is 26 times more likely to be infected than a low risk one. Risk factors include the complexity and size of the site and whether it takes payments or collects visitor data.
The findings also show that content management systems are often putting sites at risk. The report reveals 20 percent of WordPress sites, 15 percent of Joomla sites and two percent of Drupal sites had at least one cross-site scripting, SQL injection, or cross-site request forgery (CSRF) vulnerability.
JavaScript files attempting to hijack site visitors remain common too, accounting for a third of attacks caught by SiteLock's filters. But attackers are turning to subtler methods that allow them to view, modify, or steal content and data from victims’ websites. These include backdoor, shell and filehacker (file modification) attacks that were found on more than 50 percent of all infected websites and accounted for more than 10 percent of files cleaned.
The report's authors conclude:
As cybercriminals use more stealthy attacks, search engines will continue to err on the side of caution when blacklisting websites for fear of false-positives. Attackers will act on this opportunity, becoming sneakier and making malware more difficult for search engine scanners to detect. More than ever, it's crucial to rely on a defined website security strategy -- rather than a search engine -- to call out potential infections on your site.
You can find out more along with tips on keeping your website safe in the full report, available from the SiteLock website.
Image credit: lightkeeper/depositphotos.com