Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:50 PM
Connect Directly

Website Attacks Become Quieter & More Persistent

Threat actors have pivoted from noisy attacks to intrusions where stealth and ROI are primary goals, new report says.

Threat actors are pivoting away from noisy website attacks to campaigns that are quieter and designed to remain undetected for as long as possible.

From website defacements and SEO spam, attackers are increasingly targeting websites to install backdoors and other stealthy malware, according to a new study by SiteLock.

The security vendor analyzed some 7 million websites worldwide and discovered that adversaries have sharply ramped up attacks on websites over the past year. The company found that typical websites experience about one attack every 15 minutes, or 94 attacks per day on average.  Each website was visited by as many as 2,608 automated bots per week on average. Attacks on websites jumped 52% over the previous year, according to SiteLock.

Sixty-five percent of websites that were infected with malware contained a backdoor, 48% contained filehacker malware, and 22% contained a malicious eval function for executing malware. Other common indicators of malicious activity on websites included the presence of shell scripts in 22% of sites and functions for injecting malicious code in 21% of the sites.

In contrast, SiteLock discovered evidence of noisier attacks, such as cryptomining software, on less than 1% of the sites it analyzed, SEO spam on 5% of them, and signs of defacement on 6% of the sites in the study.

"The main takeaway from our '2020 Annual Security Review' is hackers are becoming increasingly sophisticated and are turning to methods that can go undetected and deliver the biggest payout," says Neill Feather, chief innovation officer and co-founder at SiteLock. For organizations, the trend highlights the need for regular website updates, strong passwords, and multifactor authentication as well as the need to uninstall unused plug-ins, he says.

SiteLock found that sites using WordPress were three times more likely to have malware on them than all other sites. Eighteen percent of WordPress sites were found to contain at least one vulnerability; the most common among them are SQL injection flaws, cross-site scripting (XSS), and cross-site request forgery (CSRF).

Plug-in Perils
The number of WordPress plug-ins that a site used had a direct impact on its security posture. Sites that used 6–10 plug-ins had a three times higher risk of getting compromised than sites that did not use a WordPress plug-in. Sites with 20 or more plug-ins were seven times more likely to get compromised.

"The more plug-ins or extensions a website has, the more potential entry points for hackers," Feather says. This is especially true when plug-ins are out of date and have new vulnerabilities discovered in them. "Each old plug-in on a website increases the chances of [it] being hacked," he says. "For every five plug-ins you add to your site, you nearly double the risk of getting compromised."

Extrapolating from the data from its survey, SiteLock estimated that about one out of 100 websites (12.8 million sites) worldwide is infected with at least one malware sample. SiteLock discovered that sites it deemed as being high risk were 24 times more likely to have malware than low-risk sites.

According to Feather, SiteLock classifies websites as being low, medium, or high risk based on three main factors. The first is website complexity, such as the size of the website and whether it uses a database to store customer data. The second factor is website popularity, which includes site traffic and social media presence. The third factor is site composition, such as the software used to create a website. "The best way for website owners to protect their sites is to regularly run a Web vulnerability scanner and ensure that security is kept up to date, ideally through automated patching," Feather says.

A newly released Risk Based Security report on data breaches during the first quarter of 2020 showed that Web-related breaches represented only a relatively small proportion of the overall number of data breaches in that period. Even so, Web breaches accounted for a substantially higher number of records compromised compared with hacking-related breaches and other intrusions.

Approximately 90% of the staggering 8.4 billion records that were exposed in the first quarter resulted from Web breaches. Records exposed included everything from email address and passwords to financial data, bank account data, health information, and Social Security numbers.

Related Content:


Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really  bad day" in cybersecurity. Click for more information and to register

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...