Category: Malware Page 4 of 5

content delivery network

Three Ways to Boost Website Security and SEO at the Same Time

Seo Key On Computer KeyboardSEO (Search Engine Optimization) is the process of improving your website’s ranking among search engines like Google and Bing. Over the past few years, SEO has greatly evolved. Keywords and backlinks (other websites linking back to yours) used to have a huge impact on SEO rankings, but have since been taken over by new and improved algorithms such as Google’s Penguin and Hummingbird, which aim to decrease black-hat (negative) SEO techniques such as link spam.

With cyber attacks on the rise, search engines have been increasingly factoring spam injections, malware infections, and website speed into their SEO algorithms. Properly securing your website can provide a large boost to your SEO rankings. Below are 3 ways you can improve the SEO ranking of your website by securing your website.

1. Moderate comment spam

Malicious links hosted on your website can negatively impact your SEO and, worst case, can flag your website as malware or spam, preventing users access to it.

One of the easiest ways for hackers to place malicious or irrelevant links on your site is through comments on your blog. These links damage your site’s authority and credibility so managing them is critical. Fortunately, there are several things you can do to automate the moderation process of comments:

  • If you’re using a Content Management System (CMS) like WordPress, look into one of their comment system plugins
  • Enable CAPTCHAs when possible, as an extra layer of security
  • Disable anonymous posting, and only allow registered users to post comments
  • If you have an active moderator, require that comments be approved before they are posted on your website
  • Enable a web application firewall (similar to our TrueShield WAF) which will block malicious bots from accessing your site to begin with
  • If you’re still having trouble with comment spam, you should disallow hyperlinks in comments altogether

2. Regularly scan your website for malware

Often times, malware and malicious links can be injected into the code of your website without notice, negatively affecting your SEO, and potentially harming your visitors. Reversing the whole process is both difficult and time consuming, since injected malware is usually hidden and made to look like regular code, and your hard-won SEO rankings may be lost in the meantime.

A website malware scanning tool can scan your code each day for malware (and suspected malware) and in some cases automatically remove the threats or point you directly to the suspected malware. This means  you don’t have to search line-by-line  through code in the event that your website is compromised. The SiteLock Website Scanning and Malware Removal product provides automated alerts to help you avoid search engine blacklisting, saving your business’s reputation and SEO positions.

3. Cache website data with a CDN

Malware can dramatically increase the time it takes a website to load, if it allows it to load at all. But even a  malware-free website can improve its SEO, performance, and security at the same time. A CDN (Content Delivery Network) is a website optimization infrastructure that works by caching website’s content across data centers around the globe. This results in quicker  website load times since content is served locally to visitors. It also improves website security since, as is the case of the SiteLock CDN, data is fully encrypted both in transit, and at rest.

Major search engines like Google factor load times into their SEO algorithms (time to first byte – TTFB), so by using a CDN, your website can experience a boost in SEO while improving security at the same time.

Want to see how your SEO stacks up? Many online tools can scan your website and provide suggestions to improve your SEO. Contact a SiteLock Security Consultant today to learn what solutions are the right fit for your site.

 

malware

5 Ways to Protect Your Website From Malware

protect website from malwareThere are over 1 million new strains of malware created every day. One identified infection can get your website blacklisted by Google, who currently blacklists over 10,000 websites each day. Mind you, the malware need not even be on your site.

SMEs (Small to medium-sized enterprises) are unfortunately one of the largest targets of cyber attacks. On average, over 30,000 SME websites are targeted each day, and to make matters worse, nearly 60% of their IT professionals think they aren’t at any real risk of being attacked.

Don’t allow your business to suffer expensive cyber attack damages (which average around $50K per attack) — instead, be proactive in your web security efforts to prevent security threats, protecting you and your customer’s private data. Here are 5 tips to help you protect your website from malware and other cyber threats:

1. Updates and Patches

Is your website running off of a Content Management System (CMS) such as WordPress? A CMS can be an easy and cost-effective way to manage your business’ website, but they’re also large targets for cyber attacks.

Why? Many CMS platforms and plugins are often easy targets for hackers and allow backdoor access to your server and data (a recent example of this vulnerability was the SoakSoak attack that occurred last month). Make sure your system, plugins and themes are always up to date, strengthening your web security. Many CMS solutions will even automatically update files for you, if you choose.

2. Website Scanning

Many web viruses and other malware go unnoticed until it’s too late, due to their elusive nature. They can often be implemented with a simple one-line script, injected into the code of your website – made to look like normal code.

Website security scanning software can scan your website for existing malware and other harmful code that doesn’t belong, and notify you immediately of any threats. Our SMART (Secure Malware Alert & Removal Tool) software takes it a step further by automatically removing anything harmful – similar to what a virus removal software does for your PC.

3. Web Application Firewalls

Removing existing website threats is one issue, but keeping them from coming back is another. With over 1 million new malware strains created each week, your business’s website can potentially to be infected by a new virus every day.

Web Application Firewalls (WAF) can help prevent attackers from even visiting your site. How do they work? Let’s take our TrueShield WAF, for instance – it evaluates traffic based on where it’s coming from, how it’s behaving, and what information it’s requesting. Based on these and other criteria, the firewall will allow “legitimate” traffic (e.g. customers and search engines) access while blocking “malicious” traffic (e.g. spam bots and hackers).

Used in conjunction with a website scanning solution, a WAF can help provide around-the-clock, hands-free security for your business’s website.

4. PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS), or PCI for short, is a security standard that businesses must adhere to if they accept major credit cards. This compliance helps ensure that your business and customers are protected from cyber attacks and fraud by providing a documented, baseline security posture for your site. Failure to comply with PCI standards can result in direct financial damages, lawsuits, government fines and ultimately ruin brand reputation in the event of a data breach.

Fortunately, it’s not difficult to become PCI compliant. There are many solutions that walk you through the steps to help create your own customized PCI policy. Our SiteLock® PCI Compliance program takes it even a step further by scanning your site and network, and you can also add on our PCI-certified TrueShield firewall.

5. Strengthen Passwords

Even now the world is still using weak passwords. A strong password is one that contains over 8 characters, no dictionary words, has a mixture of uppercase and lowercase letters, and includes digits and/or special characters. Unfortunately, many of those boxes aren’t checked – allowing brute-force hacking techniques (repeated attempts to login to your website) to become effective.

It’s extremely important that you create a strong password for your website’s back end, since it can often times be an easy way into your private data. You should also advise your customers who have online accounts to do the same, to help protect them from future attacks. After all, it only takes seconds for a computer to crack a poorly created password.

Want to stay up to date on the latest malware trends and ways to protect against them? Follow SiteLock on Twitter!

Prepare for Trends in Website Malware Growth

As we approach the first anniversary of the massive Target data breach that opened the floodgates for thousands of other attacks, we look at whether security measures are better or worse than last year. Are we better prepared to defend against the malware that took out Target, Home Depot and thousands of smaller firms, or is the malware used in these attacks simply outrunning us?

The news is not encouraging. PandaLabs, the research arm of security firm Panda, has been tracking new malware for years. According to the company, more than 50 million new strains of malware have emerged since the Target attack, and 20 million of those strains were detected in the third quarter of this year alone. Using those numbers, that works out to a stunning 227,000 new strains of malware being introduced to the world every single day for just the last twelve weeks.

The vast majority of new malware strains and infections, more than 75% of them, were Trojans. This malware is not having much trouble finding computers and servers to infect. According to Panda, more than a third of personal computers worldwide are now infected with malware.

These statistics are even more important as we approach the busy holiday season. With more people online, surfing, searching and shopping, the spread of malware will only increase, and much of this could be Point of Sale malware.

Close cousins of the malware that was used in the massive data breaches at Home Depot and Target are now on the march. The Backoff malware, which is widely regarded as undetectable by antivirus software, increased by nearly 30% in September alone according to security firm Damballa.

Businesses are not the only targets. Researchers recently found advanced malware known as Black Energy that has been compromising industrial control systems around the world, undetected, possibly for years. As with many of the most sophisticated attacks, they have often started with a phishing email to an unsuspecting or untrained employee.

Much of this malware lies in wait for its victims. The recently discovered Dark Hotel malware has been infecting hotel Wi-Fi networks around the world. The malware lies in wait for visiting guests to use the network, then tricks them into downloading malware that includes a keylogger and other data stealing components. While all guests are vulnerable, the prime targets are traveling executives who may provide access to sensitive corporate information and networks.

So what can you do to minimize the risk? The answer is in the question. With so much malware now able to evade antivirus software, it’s time to start assuming that risk mitigation is a better and more realistic option than absolute prevention

Your best defense is a “shield’s up” approach. Identify the most common ways malware can enter your business, whether it’s through an unprotected website or a careless employee, and patch the holes in the fence.

If you’re going to assume that you can’t keep all malware out, you can still do many things to reduce the potential damage. User privilege management is one of the best defenses. If you strictly limit the access privileges of your users to just the things they absolutely need access to, you can prevent malware from jumping from the lowest level of access to the highest.

As we approach the first anniversary of the Target breach, it’s worth remembering how the attack started. Target granted almost unlimited access to a lower level employee of a small, outside, service company. Once the hackers had the user’s password, they had undetected access to Target information for months. Make sure that you’re doing everything you can to prevent these types of attacks. Don’t become the next headline. To get started on the path to a secure website, contact SiteLock for a free website security analysis.

Is It Time For Mandated Website Security?

website security tipsWe’re now closing in on nearly one billion websites worldwide, and with another 6 million new domains being registered daily. Yet it’s estimated that less than 3% of those websites are secure. And guess who’s really taking notice of this glaring absence of website security?

It’s nothing new that hackers are constantly changing their tactics. What’s troubling is how quickly they adapt and adjust to whatever security countermeasures they encounter, and how creative and sophisticated their workarounds have become. That’s what happens when a crime becomes a lucrative industry, and when things like website security get overlooked hackers won’t waste a moment exploiting it.

Read More

Why Website Malware Removal Just Got Even More Urgent

Website malware removal is probably not at the top of your daily “to do” list, and yet it’s something that no business can ignore, even for a day. And new tactics by ransomware authors might just push that task right to the top of your list.

Ransomware is one of the most dangerous types of malware to emerge in recent years. It works by encrypting all the files it finds on infected computers and then demanding a ransom be paid for this files. That ransom can be as high as $10,000 but even paying it might not result in a good outcome. If you’re a business owner, the impact on your business could catastrophic and chances are you’ll never see those files again.

Read More

PCI compliance

Protecting Your Business From A Data Breach

It’s been a good time for malware and its authors, but a very bad time for businesses and especially those that have suffered a data breach. A variety of point of sale (PoS) malware has run rampant through thousands of business and retailers in just the last few months, creating a massive haul of stolen credentials for hackers worldwide. And making consumers a very nervous bunch.

The Home Depot Data Breach

The latest victim is Home Depot, which only just announced that it had lost at least 56 million customer credit and debit cards to hackers who used a variant of PoS malware that’s growing in popularity amongst criminals — because it apparently works very well.

Read More

Blackshades RAT a Threat to Every Business

blackshades RATIn what we can only hope is a sign of things to come, law enforcement around the world showed unprecedented cooperation in shutting the shades on a gang responsible for creating and sharing a nasty piece of malware that was spreading rapidly around the world.

The malware is known as Blackshades, and was allegedly created by a 24-year-old Swedish man who ran his malware operation like a legitimate business. The entrepreneur was very committed to making his malware as popular as possible, hiring a marketing director, customer service representatives, and a customer service manager.

Read More

11 Things You Should Know About the Heartbleed Bug

heartbleed bugIt won’t actually make your heart bleed and you can’t catch it. But it has caused a lot of heartburn since it was announced and probably caused lots of websites to bleed valuable data. Here is a list of eleven things you should know about the Heartbleed bug.

  1. It’s an exploit in OpenSSL, a type of security that protects a user’s communications with a website (the s in https) and around half a million secure web servers may have been affected.
  2. “Open” means it’s open source and free for anyone to use. It also means all the code is freely available and has been since Open SSL was first introduced more than 15 years ago.
  3. It’s a very big deal. According to Bloomberg “Heartbleed appears to be one of the biggest flaws in the Internet’s history, affecting the basic security of as many as two-thirds of the world’s websites.”
  4. It was discovered just recently by a security firm. But it’s apparently been known to the criminal community for a couple of years, and they may have been quietly exploiting it all that time.
  5. Heartbleed is not actually a virus or malware or a hack but simply a mistake in software coding made, probably innocently, by one of the many contributors to the Open SSL project.
  6. It can steal user passwords and credit card numbers – things that are most often protected by SSL.
  7. Some of the biggest sites on the web have been affected, from Gmail and Yahoo, to Facebook, Instagram, Pinterest, Google, Amazon, Netflix, and YouTube. However, it’s unlikely your bank’s website has been affected because few banks actually use Open SSL.
  8. A number of news outlets say that criminal weren’t the only ones who knew about Heartbleed and were quietly exploiting it. Some are accusing the NSA of knowing about Heartbleed for nearly two years and using the flaw as a spying tool.
  9. If in doubt, change passwords for all your important websites, then change them again in a few weeks. Some websites are slow to fix the flaw, so it might be safer to change passwords more than once.
  10. If you want to check whether or not a website is still unpatched and vulnerable to Heartbleed, there are plenty of places to do so. Try https://filippo.io/Heartbleed/.
  11. If you host a website, make sure you apply the security update. You can get more information at http://www.openssl.org/.

To help keep your website protected, all SiteLock plans SecureSpeed and higher include daily vulnerability scanning that detect Heartbleed and similar issues. To learn more call 855-378-6200.

Malware

8 Malware Threats To Watch Out For

Malware threatsSo many malware threats, so little time. We’ve rounded up the eight most dangerous malware threats every business needs to be aware of.

1. Banking Trojans

From Citadel to Zeus, banking Trojans have proven to be some of the most potent and profitable malware tools. This malware focuses on stealing bank account logins, which in turn can be used to steal whatever is in those accounts. It is believed that Zeus alone has been used to steal more than $120 million from compromised accounts.

2. Backdoor Trojans

Backdoor Trojans are designed to give hackers the very same access and rights to a computer or network as the administrator in charge of managing them. Which means hackers can do a lot of damage over an extended period – from stealing information and deleting files to changing passwords and modifying security settings.

3. Keyloggers

Keyloggers have once again become a favored tool of cybercrooks. They’re designed to steal anything that’s typed on a keyboard and even on a touch screen. In recent tests, only one of 44 of the most popular antivirus software products in current use was able to detect even the simplest keylogger.

4. Ransomware

Ransomware like Cryptolocker is also on the rise, and researchers claim that the malware has been so successful in making money for its creators that it’s likely to spawn lots of copycats. Ransomware makes money by encrypting all the data on an infected computer and then charging a fee or ransom to release that data back into the custody of its owners. One small cyber gang is believed to have made more than $27 million using Cryptolocker.

5. Exploit Kits

Exploit kits can include Trojan downloaders and droppers and are really the road crew of the malware industry. Their job is not so much to commit the crimes but set them up. Once installed on a victim computer or network, they give the criminals the options of what kind of malware they want to upload. In 2013, the Blackhole Exploit Kit was most commonly used to deliver the Zeus banking Trojan.

6. Bots

Bots are tiny pieces of malware, at least compared to their malware cousins described above. And unlike their cousins, they’re not specifically designed to attack the host computers they infect. Instead, bots take control of the infected computers, sometimes millions of infected computers at a time, to assist in other crimes. Those crimes could be to share or hide stolen information, distribute child pornography, or attack other computers.

7. Drive-by Downloads

Drive-by downloads, like APTs, are not really malware but attacks designed to help malware. They don’t necessarily break into the bank, just cut the hole in the roof for others to climb through.  Vulnerable websites are infected with malware that’s not designed to attack the website itself, but to spread the malware to visitors to that site. Once recent report found that crooks now prefer to spread malware through websites versus email by a ratio of 5-1 because it’s much more effective.

8. Advanced Persistent Threats

Advanced Persistent Threats, or APTs, may not really be a type of malware either but a type of attack that usually involves malware. And usually the most sophisticated kind. APTs have been growing in popularity because they work, and get their name because the attackers will often pick very specific targets and attack them relentlessly over a long period and using some very sophisticated attack tools. Some companies and even individuals targeted by APTs have been attacked as often as thirty times in thirty days.

Constant vigilance and layers of security are your best defense against malware. It’s much more cost-effective to put security in place proactively rather than react after an attack. SiteLock’s website security solutions can find and even automatically remove malware, as well as block malicious traffic from accessing your website in the first place. Call our security experts today at 877.563.6200. We are available 24/7 to help.

 

SiteLock Website Security

Hacked.gif: The Hidden Dangers of Malware in Website Images

For your company’s brand, sometimes image is everything. And how better to establish the your brand’s image than through the images on your website? The images you use on your website and social media accounts have to be chosen carefully.

You need to choose images that support the content you’re publishing and the message you’re promoting. You need to choose images that are appropriate for your audiences because you don’t want to offend anyone. And of course you need to choose images that you have permission to use. Using unlicensed images can cost you thousands of dollars in fines, even if they were put on your website years ago by a third-party web designer.

Read More

Page 4 of 5

Powered by WordPress & Theme by Anders Norén