by Jessica Ortega, SiteLock
Throughout 2017, cybercriminals became increasingly sophisticated, expanding their craft to more complex and sneakier malware. In deploying more attacks that flew under the radar of unsuspecting website owners, they achieved their goal of maintaining access to infected sites for longer periods of time.
This isn’t good news for business owners as we move into 2018. Cyber threats are only going to increase in sophistication, so it’s imperative businesses understand today’s cybersecurity landscape and current website security trends in order to avoid falling victim to a breach.
Attack effectiveness is on the rise
According to the SiteLock Website Security Insider Q4 2017, which analyzed more than 6 million websites, there was a 25 percent decrease in website attack volume from Q3 to Q4 2017. That should be good news, right? Wrong. Despite the decrease in attacks, sites still experienced an average of 44 attacks per day or a whopping 16,000 attacks per year.
A decrease in attacks might make business owners think their website is more secure and their security efforts are paying off. However, this couldn’t be further from the truth. Cybercriminals are constantly refining old tactics while exploring new ways to break into websites. As our research shows, this means cyber criminals are getting more effective and increasing their attack success rates. Now more than ever, businesses need to evaluate their current security practices and ensure they have both the right technology and a response plan in place should an infection occur.
Starting with the basics, like updating plugins and patching site vulnerabilities, is a solid first step to reducing the chances of a successful attack. However, updates alone aren’t enough. Using more advanced tools, like a web application firewall, can help prevent attacks in real time.
Don’t rely on search engines to catch malware infections
Malware is one of the biggest threats to websites, and too often business owners leave their fate in the hands of search engines to find the malware for them. While popular search engines perform basic website scans to protect users from malware-infected websites, the scans fail to flag most instances of malware. This is no fault of search engines, as the scan is done as a courtesy for website owners. Without knowing that search engines err on the side of caution when blacklisting websites, many website owners assume search engines will alert them if malware is found. Unfortunately, if a search engine finds malware on your site before the owner does, it means the site has been blacklisted and removed from search results.
According to our latest report, search engines only notified and blacklisted 19 percent of infected websites in Q4 2017, down three percent from the previous quarter. The report also found that 1 percent of the sites sampled were infected with malware each week. While this might seem like a small number, globally this means roughly 18.5 million websites are likely infected with malicious content at any given moment.
The ongoing challenge facing today’s small businesses, is cybercriminals are using a variety of new and increasingly complex methods to infect websites. In Q4 2017, 51 percent of malware was encoded or randomly generated, which means these files were difficult to decode but still detectable. Additionally, file manager and administrative shell scripts made up 6 percent of malware found, backdoor files accounted for 13 percent of cleaned files, and phishing kits accounted for 3 percent of malware during Q4. As websites continue to be targeted from virtually every angle, business owners need to be prepared on all fronts to protect their website and their visitors. This means investing in the right tools to prevent and detect when an attack occurs.
No matter the size of the business or website, cyberattacks can happen to anyone. You might not think your website is a valuable target to cybercriminals, but even the smallest website can be targeted for its traffic, data, or to further the spread of malware. As the cybersecurity landscape continues to evolve with increasingly more complex, sophisticated and effective attacks, website owners need to be proactive and take the necessary security precautions.
About the Author
Jessica Ortega is a Product Marketing Specialist and Technical Writer at SiteLock. She has over 10 years of experience in the website hosting and security fields, including two years as a SiteLock Security Analyst where she was responsible for cleaning malware infections and writing malware detection tools. She also co-hosts the cybersecurity podcast, Decoding Security.