Currently Tracking: WordPress Plugin Vulnerabilities Causing Malicious Redirects

SiteLock research and remediation teams have become aware of several vulnerable WordPress plugins that are affecting our customers. The symptoms most commonly associated with these vulnerabilities are malicious redirects. Essentially, visitors are being sent to another website than the one they are attempting to access. We are still gathering information on these vulnerabilities, and how they are being used. As soon as we have completed our review, we will release more information.

The affected WordPress plugins are:

At this time, the Live Chat with Facebook Messenger plugin has been updated, but the Smart Google Code Inserter has not been updated in a year, and the WP Live Chat Support is currently not available from the WordPress plugin archives. If you are using any of the affected plugins, be sure to update immediately to the patched version, or disable them until a patch is released.

Using a web application firewall (WAF) to filter malicious and suspicious traffic can help protect your site against vulnerabilities. Automatic vulnerability scanners and bots used by attackers can lead to compromises. Using a WAF helps stop that threat before it reaches your site.

Consequences of Website Malware for Small Businesses

Did you know websites experience almost 60 attacks per day? Small businesses are often at the greatest risk. Without an allocated budget for protection and recovery, 60% of small to midsize businesses end up closing their doors within six months of a cyberattack. Small business owners shouldn’t assume that it won’t happen to them.

Be aware of the potential consequences of malware for your business and know how to adequately address them if you find yourself dealing with a malware attack.

What Problems Can Malware Cause?

A few of the particularly tough consequences of malware come from defacement, backdoor, redirect, and SEO spam attacks.

Defacements occur when attackers change the appearance of your site. They might add explicit images or offensive text to your homepage in order to erode trust in your brand. Defacement attacks require manual intervention from security experts. Although the matter is usually a quick fix, it can result in a loss of traffic or damage to your reputation that can cause lingering problems for your business.

Backdoors are often more difficult to spot than defacements, as they’re built to blend in with the website’s code. Backdoors allow cybercriminals regular access to your site — likely without your knowledge. These attacks may expose customer data, be used to alter the appearance of your website, etc. Ultimately, they can cause customers to lose trust in your business and impact your overall profits.

Redirects, while also hard to spot, will likely have more short-term consequences. This type of malware redirects visitors from your site and onto other malicious ones. These account for 17% of malware infections and can result in a brief decrease in traffic.

Finally, SEO spam attacks are particularly damaging for small business websites. This is when cybercriminals flood your site with hundreds (or even thousands) of malicious backlinks or unnecessary keywords. Popular search engines can ban sites for SEO spam, decreasing your rankings in the process. This can take months to recover. Having your website banned could cost your company valuable traffic and visitors until you get it back up and running.

Even issues that are quick fixes can have lasting effects on your small business, especially if you’re slow to nail down and address problems. Even without considering the damages to your business’s reputation, downtime from a cyberattack can cost small businesses as much as $427 per minute.

Getting a Malware Attack Under Control

The longer a threat actor has undetected access to your network, the worse the outcomes will be. With enough time, hackers can steal valuable company and customer data, exploit vulnerabilities, and move laterally in your network in order to gain access to other entryways.

The time it takes to identify and take control of an attack is called “dwell time.” The data breach that landed Marriott International in the headlines in 2018 had a dwell time of four years. With such a massive window of opportunity, it’s no surprise that hackers stole the data of as many as 500 million customers.

The best lesson small businesses can learn from such an event is the importance of minimizing dwell time. The following three steps can help you prevent malware attacks and reduce dwell time should an attack occur.

1. Lean on automation. Performing regular manual website security audits can be time-consuming — especially in a small business environment, where information technology workers have to wear multiple hats. To protect yourself from the effects of malware attacks, rely on automated tools such as website scanners. They can operate on their own and identify threats in real time.

2. Patch vulnerabilities. Update software — including all plug-ins and your core content management system files — on a regular basis. Software developers are constantly releasing patches and updates for a reason: to protect against vulnerabilities. They’ll also include reports about the vulnerabilities each patch addresses. By failing to update your software, you’re exposing yourself to cybercriminals who know how to pinpoint the weak spots in previous versions of software. Don’t put off updates; perform them as soon as possible.

3. Create a response plan. Creating a company wide response plan is a great way to ensure your employees are all on the same page, and it even provides a certain degree of cybersecurity training. The main benefits, however, come to light when the incident occurs. When there’s a documented process in place, your business will respond to a cyberattack with greater efficiency, reducing dwell time and minimizing the consequences of malware.

While malware can be damaging and costly to a small business, it doesn’t have to be. Practicing proper “cyber hygiene” can help you prepare for and even prevent a malware attack.

Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 12 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.

SiteLock 2019 Website Security Report: Protecting Websites in the Age of Stealth Attacks

Among the cryptojacking-buzz, Facebook’s data breach saga, and nation-state attacks on companies like Nissan, you likely noticed a trend of high-profile cybercrime in 2018.

However, after studying website attacks that plagued 2018, a new trend arises. Cybercriminals swept the web with secrecy, focusing on stealthy attacks to compromise websites rather than taking a more conspicuous approach.

Read More


Why You Need to Pay Attention to Small Business Data Breaches

When it comes to data breaches, we tend to hear only about the “big ones” — from Target to Equifax to, most recently, Wipro. S­o it’s easy to see why people assume these kinds of events exclusively happen to large corporations. After all, who would want to go after the minnows when there are so many whales up for grabs?

Being lulled into this false sense of security is dangerous for small to midsize businesses. SMBs are just as likely to be hit by cyberattacks as their larger counterparts, and when cyberattacks do land, they’re less likely to bounce back. Even a cursory glance at some small business data breach statistics makes that clear: Following a cyberattack, 60% of SMBs end up going out of business. And every minute of downtime following a small business data breach costs $427.

Read More

Increasing Your Business’s Cyber Threat Intelligence

Authored by Sam Bocetta – Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cyberdefense, and cryptography.

With more consumers and B2B enterprises conducting business in the cyber world, security threats are an increasing concern. While most business owners and website administrators are aware of the problem, too few have the information or resources they need to combat it. Winning the ongoing battle against cybercrime and criminals starts with understanding the nature of the threats and how to combat them.

How high is your business’ cyber threat intelligence?

Read More

SiteLock Website Security

How to Detect Malware on Your Website and What to Do Next

The average website is attacked over 55 times every day — and almost half of all sites on the web have high security vulnerabilities. With this, it’s no surprise that website malware is becoming more and more common.

Because the signs of an attack aren’t always clear, many victims don’t even know they’ve been targeted. It’s crucial to know the signs and to stop malware in its tracks as early as you can. In this post, we’ll share insight on how to detect malware on your website and what steps to take after confirming an attack.

Read More

check website for malware

Protect Your WordPress, Joomla, or Drupal Site From Security Threats

More than half of all websites are built on some sort of open-source content management system, according to data from W3Techs. It makes sense. CMS sites are highly accessible to businesses of all sizes — from multinational enterprises to small mom-and-pop shops. They also offer multiple advantages. For one thing, you don’t have to be a website developer to build, maintain, and cultivate a powerful web presence. The tools are right there for you, with thousands of design and feature-rich plug-ins available to users at all times.

Read More

How to remove malware

How to Identify and Remove Malware From Your Website

The extent of the damage a malware attack can have on your website typically depends on a number of variables, not the least of which is your response time. The longer it takes to detect and remove malware, the more expensive the recovery process becomes. Unfortunately, many types of malware are deliberately designed to keep themselves concealed for as long as possible. Eventually, however, the symptoms of a malware-infected website can become hard to miss.

Read More

Types of malware

Breaking Down 5 Different Types of Malware Every Small Business Should Know

Modern malicious software — or malware for short — has reached unprecedented levels of sophistication, and as the attack landscape continues to evolve, new threats will undoubtedly emerge. Malware affecting websites poses a special danger to businesses. Even some of the world’s largest corporations have fallen victim to attacks.

Read More


What Is Malware? Understanding the Basics of Website Malware

Malware has infected roughly a third of the world’s computers, costing companies across the globe trillions of dollars each year. Yet in a recent report by Nationwide, only 13% of small business owners said they’d been targeted by a cyberattack, but when they saw specific examples of cybercrime — from phishing to ransomware — that number shot up to 58%. Malicious code isn’t confined to operating systems, either. Millions of websites across the internet also contain vulnerabilities that make them easy targets.

Read More

Page 1 of 64

Powered by WordPress & Theme by Anders Norén