More than half (55%) of malware infected sites were running on their latest core versions when they were attacked, according to a recent SiteLock report.
Websites fall victim to malware attacks an average of 58 times a day, which is a 16% increase from last quarter, according to SiteLock's Q2 2018 report. Some 55% of infected sites were up-to-date on their core versions at the time of attack, meaning websites are still being targeted after being properly patched, according to a press release for the report.
SEE: Malicious AI: A guide for IT leaders (Tech Pro Research)
A major problem, however, is 83% of infected website owners aren't alerted about the infection by search engines, said the report. This is because cybercriminals are burying attack kits deep within directories, causing them to be easily missed.
The report recommends using a file-based inside-out malware scanner that can automatically remove malware upon detection. Using a scanner is a more efficient and effective means of detection, as it would take a developer significantly longer to manually locate the attack, added the report.
This data reveals how attackers are becoming smarter and sneakier in their strategies. With two-thirds of customers not returning to a site after its been compromised, business owners need to take note, said the release. Specifically, small business owners need to recognize the destruction attacks not only have on their technology, but on their consumer base.
Cybercriminals are also using social media as weapons of attack. Companies that are connected to three or more platforms are three times more likely to get infected, said the report. This discovery is particularly concerning since almost all businesses use social media to connect, contact, and interact with customers.
Many of the social media attacks are entering via plugins that companies use to connect social media to their sites, said the report. Insecure connections and plugin vulnerabilities can lead to malware infections and stolen credentials, so always carefully review plugins before implementing them, said the report.
The big takeaways for tech leaders:
- Websites are attacked by malware an average of 58 times a day, a more than 10% increase from Q1. — SiteLock, 2018
- Cybercriminals are also targeting social media plugins for malware attacks, forcing businesses to carefully review plugins before installations. — SiteLock, 2018
- What is malware? Everything you need to know (TechRepublic)
- WordPress: Why we didn't tell you about a big zero-day we fixed last week (ZDNet)
- Phishing attacks: A guide for IT pros (free PDF) (TechRepublic)
- Cybercriminals start cashing in on vulnerable WordPress websites (ZDNet)
- Hackers can now hide cryptojacking scripts in Microsoft Word documents (TechRepublic)