Is your website behaving strangely? Have you noticed it’s taking a long time to load, or that there are new pages, lines of code, or files on your site you didn’t create? Or perhaps you’ve seen a drastic decrease in site traffic, or you suddenly can’t log in as an admin? These are just a few visible signs that your site might be experiencing a cyberattack.
Of course, just because you’re not experiencing any of these symptoms doesn’t mean your website is secure. In fact, it’s possible for attacks and infections on your website to go undetected for years. To help ensure your site isn’t a target for cyberattacks, you need to know what you’re dealing with. In this blog, we’ll discuss what cyberattacks are, the most common types of attacks your website is likely to face, and most importantly, how you can prevent them.
What is a cyberattack?
A cyberattack is a malicious attempt to exploit, damage, and/or gain unauthorized access to websites, computer systems, or networks. Cyberattacks are often caused by malware, which is the umbrella term used to describe software created for malicious purposes. You may be most familiar with computer malware such as Trojan viruses and spyware, which can be used to retrieve sensitive data from a computer or even take control of the system. Similarly, website malware takes advantage of websites for their resources, traffic, or visitor information.
You’ve likely read about high-profile cyberattacks in the headlines after a major data breach, such as the Equifax breach in 2017. While large-scale attacks on enterprise organizations are the most widely publicized, small businesses can be just as vulnerable and targeted by cybercriminals. In fact, nearly 60% of small businesses have reported being a victim of a cyberattack. This comes as no surprise considering that the average website experiences 44 attacks per day on average.
These attacks affect website owners and small businesses because they can make your website seem untrustworthy. As a result, your visitors will be hesitant to return, if at all. In fact, SiteLock data shows that 65% of consumers who have had their information stolen while shopping online refuse to return to the website where their information was compromised.
It’s important to learn about the ways cybercriminals might seek to harm your website and business so that you’re prepared in the event an attack happens. We’ve broken down the ten most common types of cyberattacks your website is likely to face, and how you can identify them if your site is hit.
Common types of cyberattacks and how to identify them
Defacements are one of the easiest attacks to identify, as they occur when a cybercriminal replaces a website’s content with their own. This content or image may be shocking in nature, or push a political agenda. Think of defacements as the digital version of graffiti spray-painted on a storefront. If your visitors cannot access your site due to a defacement, they won’t be able to make a purchase, and they may lose trust in your site altogether. Defacements made up 16% of incidents in Q4 2017 alone.
What to look for: Your website’s content will be replaced with the cybercriminal’s name, logo, or political/religious imagery.
A ransomware attack occurs when cybercriminals hold website’s files hostage by encrypting or deleting them, and demanding payment in exchange for the key. High-profile ransomware attacks typically target enterprises and large corporations, but it’s not uncommon for small businesses to fall victim as well. In fact, a report from June 2017 shows 22% of small businesses experienced a ransomware attack in the past year. Those businesses lost an average of $100,000 per attack – an amount that could easily devastate a small business.
What to look for: Your website or server interface will be defaced by a page stating your files have been encrypted. Cybercriminals will demand payment through Bitcoin or other untraceable means in order to restore your site and regain access to your files.
3. DDoS Attacks
DDoS attacks are used to flood a site with illegitimate and automated traffic in order to slow the site’s load time or crash the site entirely, taking it offline for visitors. These attacks are favored by cybercriminals because they are inexpensive and easy to execute. It’s no wonder, then, that the average organization experiences eight DDoS attacks per day. Visitors who cannot access your site will likely become frustrated and skip to another site without waiting for it to load. In fact, 83% of customers expect a website to load in 3 seconds or less. If your website isn’t loading quickly – or at all – don’t expect your visitors to wait around.
What to look for: Signs of a DDoS attack include an unusual uptick in website traffic, slow loading times, or a crashed website.
Backdoors are a type of malware that act as an entry point for cybercriminals. True to their name, backdoors are usually left after a cybercriminal gains access to a site in order to ensure they can re-enter and continue to damage your site unnoticed. Recent SiteLock data shows that backdoor files make up 23% of infected website files, and trends show that they have become sophisticated enough to go undetected. This means you may not immediately notice if an attacker has access to your website, so knowing the signs of a backdoor attack is especially important.
What to look for: Your site may have experienced a backdoor attack if you notice new pages or files on your website, unusually high bandwidth reporting from your host, disappearing images or defaced website pages.
5. SQL Injection (SQLi)
A SQL injection occurs when malicious SQL statements are “injected” into a user input field, such as a contact form. Attackers can then sneak their way into your site’s back end database and steal customer information, modify or destroy data, or gain full control of your website. Unprotected submission forms are an easy point of entry for cybercriminals, which is why sanitizing form input, or preventing the entry of code, is critical to website security. SQLi occurs so frequently that it has been named one of the top 10 security risks every year for a decade.
What to look for: Signs of SQLi include modified posts or comments on your website, changed database passwords, new admin users, and/or a disconnected CMS (content management system).
6. Cross-Site Scripting (XSS)
Cross-site scripting (XSS) attacks occur when malicious code is injected into web pages viewed by your visitors. Like SQLi, XSS takes advantage of a security flaw to inject malicious code, however, XSS is injected into the page itself. The code may redirect visitors to pages that look normal, but were actually set up by a cybercriminal to steal customer information. For example, a visitor may click a link that leads to what appears to be your website’s checkout page, not realizing that the link swiped their credit card information when they placed their order. Recent SiteLock data shows that 21.3 million pages contained XSS vulnerabilities in Q4 2017.
What to look for: Malicious redirects or pop-ups can be a symptom of these attacks.
Malvertising, or malicious advertising, is the use of advertisements to spread malware. This is achieved by injecting malicious code into a legitimate advertisement, or by using a legitimate advertising network to deliver a malicious ad. The malware can be spread via a drive-by download, which automatically downloads malware onto the user’s computer when the visitor clicks on the ad. The malware can also be spread by tricking the user into downloading the malware file after they click on the ad. Malvertising is so successful and widespread that it grew 50% from 2015 to 2016 – compared to the 10% growth experienced by legitimate online advertising.
What to look for: Malvertising can be difficult to spot, as some ads appear to be legitimate, while others may look unprofessional and contain spelling errors. Malicious ads may also promote “miracle cures,” celebrity scandals, or products that don’t match your search history.
Phishing attacks may be commonly associated with email scams, but they can be executed through websites as well. These attacks occur when users click on a seemingly harmless link, email, or URL, or even a fake copy of a popular website. Cybercriminals use phishing attacks to trick unsuspecting users into providing sensitive information or downloading a malicious attachment. For example, an email phishing scam might use an email that looks like an official message from PayPal asking users for their credit card information or social security number. Phishing attacks are extremely common: 76% of organizations were targeted by phishing attacks in 2016.
What to look for: A web page or email that appears legitimate at initial glance, but contains unusual spelling errors or suspicious content, is a sure sign of a phishing attack. To be sure, check that the URL of the page is correct, and be cautious of pop ups asking for your password. You may also spot new pages on your website or in your Google listings that look like common banking/financial pages.
A malicious redirect occurs when a visitor goes to a legitimate website and is redirected to another – usually malicious – website. According to SiteLock data, redirects account for 20% of all malware infections.
What to look for: If you type in your own URL and are redirected to another site – especially one that looks suspicious – you have been affected by a malicious redirect.
10. SEO Spam
If you aren’t already familiar, search engine optimization (SEO) refers to a set of techniques used to help websites rank well in search results. “Black hat” SEO techniques go against a search engine’s terms of service, and SEO spam is one such technique.
Two commonly used SEO techniques include placing relevant keywords in your web copy, and acquiring backlinks from authoritative sources to your site. The use of a particular keyword on a web page is a factor that helps search engines know what search results it should rank for. The number of links pointing back to a website, known as backlinks, can also have an effect on how well it ranks. SEO spam takes advantage of these by inserting hundreds or thousands of files containing malicious backlinks and unrelated keywords into a site. This can cause your site to drop in search rankings, and can “steal” your traffic by directing it to another malicious site.
What to look for: Common signs of SEO spam include unusual links suddenly appearing on your site, a significant and sudden loss in traffic, and/or suspicious commenters posting links on your site.
How to prevent cyberattacks in the future
Now that you are familiar with the most common types of cyberattacks and their symptoms, you’re already better prepared to protect your website from compromise. However, there is a critical next step you’ll need to take: implementing proactive, ongoing website security.
It might surprise you to know that websites are not inherently secure. Although 95% of website owners think their website security is being handled by another party, such as their hosting provider, this is not the case. Website security is actually the responsibility of the website owner. Hosting providers protect the server a website lives on, but not the website itself. Think of it like an apartment building: the building may provide security, but it’s up to each tenant to lock their doors and windows.
Your best defense against these common, but sophisticated, cyberattacks is a complete website security solution that proactively protects your site from all angles. Start by using a daily malware scanner that can find malware automatically and alert you to vulnerabilities. It’s also important to select a malware scanner that can automatically remove the malware from your website, as not all scanners have this capability. Think of a malware scanner as your website’s alarm system, alerting you to malware as it occurs. This helps to prevent attacks caused by malware and vulnerabilities, including defacements, malicious redirects, backdoors, and more. You can also prevent DDoS attacks and keep malicious bots at bay by installing a web application firewall (WAF), which helps block malicious traffic from slowing or crashing your website.
You can easily implement all of these solutions and more with the SiteLock suite of cloud-based security solutions. To get started, give the website security experts at SiteLock a call, anytime 24/7, at 855.378.6200.