Cyber security company Commtouch teamed up with anti-malware nonprofit StopBadware recently to survey over 600 owners and administrators of previously compromised websites. The survey discovered a variety of surprising factoids, from the fact that WordPress is a favorite content management target of cybercriminals, that 36% of site owners don't know why their site was hacked, and a whopping 63 percent don't know how their site was compromised. (More than one response was allowed on this question.)
The survey describes the process of compromising a website, its benefits to the hacker, and some of the consequences of attacks. It attempts to answer the following questions:
- What website software is targeted?
- How are the websites compromised?
- What are the compromised websites used for?
- How do website owners become aware of the compromise?
- How do website owners regain control of their sites?
- Did the hosting providers assist affected website owners?
- How did the experience change website owners’ attitudes toward their hosting providers?
Here are some highlights from the survey's revelations:
How was the site compromised?
Sixty-three percent of respondents had no idea how their site was compromised.
What are compromised sites used for?
The survey found "a range of illicit activities," including:
- Hosting Malware
- URL redirect
- Hosting phishing, spam pages, pornography, etc.
- Other content or activity
How did owners become aware of the compromise?
The most visible form of compromise is the one where hackers leave a calling card, intentionally defacing the host's homepage. But this is the least common type of attack to occur, as most attacks owe their success to the site retaining its good reputation. Nearly half learned of the compromise via a browser warning when they attempted to access their own sites. Many others were told of the compromise by a third party. Only 6% of respondents were able to discover the breach themselves based on suspicious or increased activity.
How do website owners regain control of their sites?
A majority of webmasters took the DIY approach. 46% consulted online resources and were able to resolve the issue, and an additional 13% reported also fixing the problem by restoring from backups, reinstalling plugins, or manually deleting malicious script. Over a quarter of respondents said their sites were still compromised, and 7% reported either doing nothing or abandoning their site.
What's the big takeaway from the survey?
Here's the long and short of it: most cyber attacks owe their success to remaining undetected for as long as possible. Forget the iconic defacement attacks of rivals and hacktivists: if your site's been defaced, then the hackers have probably already gotten whatever else they wanted from your site. And just because you don't notice anything unusual doesn't mean your site hasn't been compromised.
As TED speaker Misha Glenny, quoting a friend in the security industry, put it: "There are two types of companies in the world: those that know they’ve been hacked, and those that don’t."
To help prevent your site from being compromised, Commtouch and StopBadware offer these tips:
- Keep software and all plug-ins updated.
- Use strong, varied passwords.
- Regularly scan your PC for malware
- Use appropriate file permissions on your web server.
- Research your options and make security a priority when choosing a web hosting provider.
That's the rundown. You can view the whole thing here. Or you can have a look at the accompanying infographic, which includes a few more juicy details.