Bot Malware Attacks Rise, As Search Engines Blacklist Fewer…


There are good bots such as search engines, and bad bots such as malware attacks. But the rate at which search engines blacklist infected websites continues to decline. Many who search the internet
for information put their trust in Google, Bing and others to blacklist unsafe sites.

A study titled SiteLock Website Security Insider: Q2 2018 found that the number of infected websites
remains steady, but search engines fail to flag about 83%, meaning that consumers are one click away from vulnerabilities.

In the second quarter of 2018, SiteLock estimates that just 17% of
infected websites were blacklisted by search engines —  down 6% from the previous year. 

Overlooking a spam attack kit can wreak havoc on the search engine results of
those sites, causing the site to lose customer trust and revenue — all without the site owner ever being alerted.

For the study, SiteLock analyzed more than 6 million websites protected
by malware scanners. The study revealed that cybercriminals are continuing to carry out new and traditional malware attacks.

advertisement

advertisement

Cryptojacking doubled in the second quarter of 2018 compared with
the first quarter, and there was a 16% increase in the prevalence of malicious Javascript files. This new trend is not surprising, because many cryptojacking scripts use Javascript kits to deploy and
collect the mined cryptocurrency.

And counter to the increase in silent symptomless attacks, decreases in the number of traditionally noisier attacks containing a large number of files were
detected. For example, SEO spam, which traditionally contains many files, has shown significant declines. The amount of SEO spam cleaned this quarter dropped 58% from the year before, down 4% compared
with the prior quarter.

Some 60% of website traffic comes from internet bots, not humans. And while there are good bots in the mix such as search engine crawlers for indexing websites, far
more bot traffic is malicious.

Of the 75,000 websites analyzed, the study found that websites are targeted by an average of 58 attacks per day, up 16% compared with the first quarter of the
year.

Malicious bots represent 87% of all traffic filtered by SiteLock’s technology. About 9% of sampled sites had a least one vulnerability. Globally, up to 171.3 million websites have
a vulnerability.

Vulnerabilities are often found in open-source applications, such as the three largest CMS applications — Joomla, WordPress, and Drupal — and their associated plugins and
themes.

During the second quarter of 2018, SiteLock reviewed 4 million open-source content management system (CMS) websites that use vulnerability patching services. Across Joomla, WordPress,
and Drupal, 61 individual vulnerabilities were discovered — up 48% from the prior quarter, requiring 1,099 individual patches to address them.

The report describes several ways that companies
can protect CMS platforms from potential attackers. Use a strong passphrase that includes mixed case letters, numbers, and special characters, and it is important to only enter that password over
secured networks. Change the URL associated with the dashboard from the default using custom plugins. Doing so makes it more difficult for attackers to gain access to the administration of a site and
cause damage.

Based on the data, SiteLock predicts a continued rise in symptomless attacks, such as cryptojacking. The number of attacks daily will fluctuate, but they will continue.

 

Swiftype News

Be the first to comment

Leave a Reply

Your email address will not be published.


*