Threat actors are pivoting away from noisy website attacks to campaigns that are quieter and designed to remain undetected for as long as possible.
From website defacements and SEO spam, attackers are increasingly targeting websites to install backdoors and other stealthy malware, according to a new study by SiteLock.
The security vendor analyzed some 7 million websites worldwide and discovered that adversaries have sharply ramped up attacks on websites over the past year. The company found that average websites experience as many as one attack every 15 minutes, or 96 attacks per day. On average, each website was visited by as many as 2,608 automated bots per week. Attacks on websites jumped 52% over the previous year, according to SiteLock.
Sixty-five percent of websites that were infected with malware contained a backdoor, 48% contained filehacker malware, and 22% contained a malicious eval function for executing malware. Other common indicators of malicious activity on websites included the presence of shell scripts in 22% of sites and functions for injecting malicious code in 21% of the sites.
In contrast, SiteLock discovered evidence of noisier attacks, such as cryptomining software, on less than 1% of the sites it analyzed, SEO spam on 5% of them, and signs of defacement on 6% of the sites in the study.
"The main takeaway from our '2020 Annual Security Review' is hackers are becoming increasingly sophisticated and are turning to methods that can go undetected and deliver the biggest payout," says Neill Feather, chief innovation officer and co-founder at SiteLock. For organizations, the trend highlights the need for regular website updates, strong passwords, and multifactor authentication ..
Support the originator by clicking the read the rest link below.
