Web Security Research Analyst, SiteLock
On an average, websites are attacked 58 times per day. A single successful attack can have devastating consequences for an online business. We spoke to Jessica Ortega, Web Security Research Analyst, SiteLock, to understand the malware trends that are currently in play and which websites are more prone to security infringements.
Tell us about your role at SiteLock and the part you played in curating the report — The SiteLock Website Security Insider Q2 2018.
I’m a Website Security Research Analyst and technical writer at SiteLock. My primary focus is writing about malware and SiteLock products. I am the sole author on the SiteLock Website Security Insider each quarter, and I gather and analyze all the data used within the report.
Tell us more about the malware trends that are currently in play. How do vulnerabilities in content management systems increase the risks further?
A unique feature about malware is that as many as 1 million new strains of malware are created daily, which can make pinning down trends associated with malware very difficult. However, a distinct trend in Q2 was that “noisier” attacks requiring large numbers of files or with obvious symptoms visible on the website decreased. Files associated with attacks such as phishing and search engine spam (SEO spam) also decreased in Q2. These attacks are often associated with large numbers of files, or attack kits, that make them easier to detect than smaller attacks such as backdoor files, which require only 1 or 2 files to function. Conversely, the number of cryptocurrency mining attacks (cryptojacking) doubled from Q1 2018 to Q2 2018. As a new strain of malware, cryptojacking attacks are difficult to detect because they are often symptomless to the naked eye and require only one piece of malicious code often injected into an otherwise legitimate file.
Open source applications such as Joomla!, Drupal, and WordPress are on average 3 times more likely to be infected with malware than non-CMS websites. This is in large part due to vulnerabilities found in out-of-date core applications, or vulnerabilities found in themes and plugins used to enhance websites built on these platforms. These vulnerabilities are often very easy to exploit making them easy targets for trending malware. Often, trending malware like cryptojacking scripts are sold as “attack kits” on the dark web, with easy-to-use instructions allowing even the most novice attackers to deploy them. This combined with documented and well-known application vulnerabilities puts smaller open-source application websites at higher risk for attack.
Why should online businesses enhance their website security?
On an average, websites are attacked 58 times per day. A single successful attack can have devastating consequences for an online business. When surveyed, 66% of online shoppers said they would not return to a website where their personal information was breached, meaning a single successful cyber attack could cost a small business two-thirds of its recurring customers. The fact is, no website is too small to hack and automated attack bots do not discriminate when searching for vulnerabilities. As cyber threats continue to increase and evolve, it’s imperative that businesses employ a proactive website security strategy in order to protect their customers, reputation and revenue stream.
What are the various forms that website attacks can take today?
The cyber-attack landscape is a constantly evolving battlefield. Some of the newer types of cyber attacks include ransomware and cryptojacking, which are both attacks designed to extort cryptocurrency out of website owners. Cryptojacking hijacks website visitors’ computer resources to mine for cryptocurrency such as Bitcoin and Monero. Ransomware is a type of virus that infects websites, servers, or computers and encrypts all information stored on them. This is then followed up by a ransom note demanding payment, usually in the form of Bitcoin. However, there are also tried and true attack types such as malware infections and DDoS attacks. While these are not the only types of website attacks, they are some of the most common. Websites may also be subject to malvertising without ever realizing it because the malicious ads often reside on otherwise legitimate ad networks.
Which websites are more prone to security infringements?
In general, websites built with open-source applications are at increased risk for malware infections. This is largely because their ease of use makes them accessible to even the most novice website owner and many don’t realize that after a website build is complete, ongoing maintenance is still required. Often website owners do not update applications as security patches are released, resulting in vulnerabilities on their websites that allow easy access to cyber criminals. These issues can be easily remedied with routine updates to application-based websites, and some updates can even be automated.
How do you segment and warn high-risk websites about security weaknesses?
There are a variety of risk factors that make some websites more likely to be infected with malicious content than others. When reviewing how at-risk a website may be, SiteLock looks at three components — composition, popularity, and complexity.
Composition refers to how a website is built, such as the type of application software on a website. Open-source applications, for example, are more likely to be infected than custom-coded websites. Popularity refers to traits such as website traffic and connections to social media platforms. Sites connected to any social media platform in Q2 2018 were twice as likely to be infected as those not connected to social media. Complexity refers to how feature-rich a website is including traits such as page count, plugin features, and theme features.
According to our research, high-risk websites were 27 times more likely to be compromised than the average website in Q2 2018. The SiteLock Risk Assessment was designed to help warn high-risk websites about security weaknesses. The risk assessment reviews sites using over 500 variables and then offers actionable suggestions for securing websites found to be ranked as high risk. These warnings and suggestions are available for users on demand in their SiteLock dashboard.
What proactive steps would you suggest taking as protection from cyber attacks?
Website owners need to employ a comprehensive, holistic, proactive security strategy to effectively protect themselves from cyber attacks. Security suites should include malware scanners that automatically remove any malicious content detected, a website application firewall (WAF) to stop malicious traffic before it ever accesses your site, and frequent software updates. When using an open-source application such as WordPress or Drupal, regularly reviewing and updating all themes and plugins is an absolute necessity. This prevents your application from becoming vulnerable to attacks.
Do you think emerging technologies such as AI/ML and blockchain could prevent or alert companies to these cyber attacks? How do you work with AI at SiteLock?
As AI and Machine Learning become more powerful, it is highly likely that they’ll be used to prevent and/or detect cyber attacks. SiteLock’s malware scanners use this type of automation to detect and remove malware. However, it is important to remember that tools such as AI and Machine Learning will be accessible to bad actors too, and in all likelihood, will be used to continue further automating cyber attacks. The bad guys aren’t going to become complacent, and neither should website owners.
Thanks for chatting with us, Jessica.
Stay tuned for more insights on marketing technologies. To participate in our Tech Bytes program, email us at firstname.lastname@example.org