From defacements to backdoor files, what kinds of malware should you be aware of?
Cybersecurity is at the forefront of many businesses’ strategies for 2018, as the breaches, malware incidents and disclosure of many vulnerabilities last year showed just how weak the defences of some of the world’s largest firms really are.
Website owners are at an elevated risk of compromise and, with nearly every business required to have an online presence, the dangers could affect everyone from SMEs to large corporations.
SiteLock is a global leader in website security and provides a suite of services to guard websites against vulnerabilities that could have staggering financial and reputational repercussions. Its recent Website Security Insider report for the third quarter of 2017 detailed the major risks website owners need to be aware of, as well as ways to mitigate these potential issues.
Threats come in all shapes and sizes
Malware comes in a deceptive amount of incarnations, from phishing kits to simpler, flat HTML files. SiteLock was able to examine its categorisation data to find that cyber-criminals are seeking out long-term access to targets in order to facilitate complex malware that steals traffic, spreads more malware and lines the pockets of additional malware.
General malware or unique encoded malware accounts for 44.04pc of all instances detected by SiteLock’s scanners. Although this type of content can be heavily obfuscated and is often generated at random, there are key indicators that give it away, such as the context of the file’s location based on how the website is structured, file behaviours and how exactly the file is obfuscated.
There are many backdoor files that can allow access to websites or server information, including eval injections, file hackers, shell scripts and backdoor mailers. File hackers are malicious files or scripts used to propagate malicious files throughout a site’s hosting environment.
These attacks harm the visitors to the infected site and were the most prominent payloads deployed by malware infections in the three-month period of SiteLock’s research for its report.
SEO spam attacks are the most prevalent and work by gaining access to a site and deploying hundreds or thousands of files containing SEO keywords and links to untrustworthy pharmaceutical websites.
Probably the most recognisable type of malware, defacements are where cyber-criminals attack a website to replace its content with their own. The hackers use this method to push their agenda to the masses, hence the often political motives behind such incidents.
What can you do to mitigate the risk?
The most effective way to combat malware is with a daily malware scanner that has automatic remediation capabilities.
Use strong passwords
Strong passwords made up of capital letters, lowercase letters, numbers, special characters and random structures avoiding dictionary words should be used on all website applications.
Review your file structure
Become familiar with your site’s file structure and review it periodically for changes or suspicious content.
Block suspicious requests
Use a web application firewall to identify and block malicious requests before they reach your site.
Update your applications and add-ons as soon as vendors make the patches available.
Maintain offsite backups of all website content.