Website Attacks Surge
The number of attacks aimed at websites has increased considerably in the past months, according to a new report published on Monday by SiteLock.
SiteLock’s Website Security Insider report, which is based on the analysis of more than 6.3 million sites, shows that there were, on average, 63 attack attempts per day on websites in the second quarter of the year. In comparison, the company saw only 22 attacks per day in 2016.
According to the company, 87% of these attacks involved malicious bots, including ones operated by cybercriminals, spammers and data scrapers. As for attacks that did not involve bots, more than 57% of requests were blocked by SiteLock due to the fact that they came from countries blacklisted by its customers, and 36% were illegal resource access attempts, including command injections, directory traversals and file system access.
When it comes to content management systems (CMS), SiteLock says the risk of attacks on WordPress websites is twice as high as in the case of the “average site.” The security firm discovered that 69% of compromised WordPress websites had the latest WordPress core security patches installed, which indicates that the attack was likely carried out via a vulnerable theme or plugin.
The higher the number of plugins, the more likely it is for a WordPress website to get hacked, and researchers found that 44% of the plugins in the official WordPress repository have not been updated in more than a year. This includes over 120 plugins that have at least 50,000 active installs.
Joomla and Drupal are also at elevated risk of attacks, especially since they haven’t always offered reverse compatibility with legacy features, making their administrators less likely to install updates. In the case of Joomla, SiteLock found that 19% of the sites it observed had been using version 1.5, for which support ended in September 2012.
An analysis of the malicious code planted on compromised websites showed that 62% of threats were related to spam, while nearly a quarter were backdoors.
Worryingly, many websites don’t have adequate protections in place and their administrators are often alerted to malicious activity by web browser warnings such as the ones displayed in Firefox via Phishing Protection and in Chrome via Safe Browsing.
“Browser warnings about compromised websites are usually driven by blacklists maintained by search engines, where search engine crawlers have recognized that malicious code is present on the website they’re attempting to index,” SiteLock explained in its report. “For many website owners this practice creates an assumption that if there are no warnings, then there isn’t an issue. Unfortunately, this incorrect assumption puts both the website and its visitors in danger. In three out of four cases, infected websites were not flagged by search engines”