Why your website may be packed with malware

With potentially 1 out of every 100 sites infected with malware, could you be one of the unlucky few?
4 June 2020

1 in 100 sites are found to be infected with malware. Source: Unsplash

  • A rise in cyberthreats is pervasive in tandem with an ongoing pandemic
  • 1 out of 100 sites could be infected with malware, study found
  • SMEs are at risk as digital presence becomes more vital 

Earlier this year, White House officials announced plans to increase federal funding for the research and development of AI and quantum computing. 

The proposed budget of US$4.8 trillion is set to help the nation advance in these emerging technologies, and ultimately, strengthen national security with the integration of AI and quantum computing into the cyber realm. 

That declaration of war spoke the scale of the cyberthreat problem today, and it’s one that has continued to gather pace amid the pandemic. 

The hike has led both Interpol and Europol to release a report underlining the rise of pandemic-themed social engineering attacks and the increased exploitation of teleworking vulnerabilities.

Despite stringent lockdown measures being lifted, the number of cyberattacks shows little sign of dropping.

Sitelock, a global cybersecurity and protection firm, has revealed that sites face up to 94 attacks per day. This is an increase of 52% from last year.

The figure is based on an analysis of more than 7 million websites, with the firm aiming to gain more insights into the cyberthreat landscape. The report enables businesses to better understand the ‘invisible’ threats that their companies are up against. 

Joining TechHQ in an interview, Logan Kipp, Director at SiteLock shared insights on the current cyberthreat landscape, going in-depth with the kinds of pandemic-induced cybercrimes that are on the rise and suggestions SMEs can follow to defend their digital sites.

When asked about the surge in web-based attacks, Kipp explained, “a dramatic increase in attacks in the last year is that resources, such as powerful web servers, have grown increasingly accessible to the public.”

Reduced cost in operations and solutions that require less technical skills to operate means that there are more web environments than ever before, “making a green field of opportunity for adversaries.”

With an ever-expanding web environment, Sitelock estimates that nearly 12.8 million sites are infected with malware worldwide — that’s about one out of every 100 sites.

Approximately nine out of ten of these infected sites are still not blacklisted by search engines, with users unknowingly clicking on them.

Search engines are only capable of scanning websites externally for malware, which at times is not enough to reveal symptoms of being compromised – malware is increasingly intelligent and adept in disguise. It can be made to present itself as inactive to avoid detection.

Kipp added, “Search engines will also often err on the side of caution when blacklisting websites to avoid reporting errors that could potentially cause business disruption.”

Malware infiltrating or embedded in a system can remain hidden until real damage is done and the consequences visible, leading to mass monetary and productivity losses.

Beware these top cyberthreats

Sitelock’s report also listed top cyberthreats that were commonly found in infected sites, among those most prevalent were backdoor (65%), filehacker threats (48%), and malicious eval request (22%).

Backdoor cyberthreats remain a popular approach for cybercriminals to gain administrative access to a targeted system. Kipp elaborated that backdoors “are frequently left by attackers as a foothold after successfully breaching a website.” The most common variations of backdoors can also be found readily available on the regular internet and dark web.  

A subgroup of backdoor, filehacker threats aim to “propagate malware throughout a website’s hosting environment.” Kipp added that file hackers “focuses on modifying existing files or deploying brand new malware files.” Another form of attack includes creating thousands of spam files on the server through a simple PHP upload script. In the end, file hackers are capable of modifying or injecting code into existing files on a website as well.

Malicious eval requests are then used to inject or run malicious code. Kipp elaborated that “cybercriminals use this to unpack or decode other malicious software efficiently, often in a single line of code allowing an adversary to remotely execute arbitrary code on a breached site.”

Since this type of malware is more lightweight than other backdoor types, it can easily go unnoticed by the naked eye because of their minimalist approach. 

How can SMEs improve site security?

Recognizing the various modus operandi of malware threats, it is essential for businesses to not only be aware of these emerging cyberattacks but also translate insights into actionable plans.

Kipp shared with TechHQ some of the best cybersecurity practices SMEs can follow to strengthen their cybersecurity systems and empower their workforce amid a rise in pandemic-induced cyberthreats. 

It begins with training and educating employees with fundamental cybersecurity best practices such as “spotting phishing emails to utilizing two-factor authentication (2FA) along with a strong password.”

By ensuring employees are taking all the necessary steps internally to protect themselves can go a long way, especially at a time where remote working is enforced. Kipp added, businesses can take a step further by establishing “a standard operating procedure, or “SOP,” on how documents should be handled and how potential vulnerabilities should be reported when working remotely.”

Besides that, SMEs can consider utilizing a virtual private network (VPN) as it protects data by encryption. In other words, sensitive data such as SSNs, passwords, and credit card numbers are transmitted securely across shared or public networks. 

Even so, Kipp emphasized that SMEs should stay vigilant and careful when sharing data, such as inputting customer information into an online form or sending an email containing sensitive data. 

Kipp noted, “By being careful with sensitive information, businesses can limit the risk for catastrophic data leaks if they fall victim to a hack or breach.”

Alongside employing these best cybersecurity practices, businesses should adopt a more proactive mindset when in face of cyberthreats.

Kipp explained “SMEs should be routinely scanning their websites for malware and vulnerabilities. By being proactive with their cybersecurity hygiene, organizations can help to ensure that their customers and their data remain safe and secure.”