Imagine if one in every 15 websites you visited was secretly taken over by cybercriminals trying to steal your credit card information or other personal data. Now imagine if that website was your website, and you had no idea it was harming your visitors. This is the reality for many website owners, and now more than ever, they need to be on alert for cyberattacks in 2018.
In Q3 2017, SiteLock discovered alarming cybercrime trends that will likely affect websites for months to come. The most worrying trend for website owners: cybercriminals are increasingly using malware, or software that is used for malicious purposes, to take advantage of website visitors. In fact, nearly 15 percent of malware attacks targeted website visitors with the goal of exploiting them for sensitive data, website traffic, and other assets or resources. That’s not all: cybercriminals attempted to compromise more websites in Q3 2017 than in the previous quarter, increasing their attempted attacks by 16 percent.
The frequency of these attacks means that your website – and your visitors – could be impacted at any time. Without proper website security in place, your website is likely to experience a cyberattack and suffer the consequences.
Using data from The SiteLock Website Security Insider Q3 2017, we’ll reveal how cybercriminals are able to exploit website visitors, what they gain from targeting visitors, and how you can put a stop to it in 2018 and beyond.
How are cybercriminals taking advantage of website visitors?
Stealthy cybercriminals prefer types of malware that can enter a website and cause damage quietly, as cyberattacks are typically more effective when both website owners and visitors are unaware the attack is happening. It’s for this reason that backdoor files were often used to execute visitor attacks in Q3 2017.
Backdoor files allow cybercriminals to gain administrative access to a site without the knowledge of the website owner. As the name suggests, you can literally think of it like the backdoor to a house that someone uses to enter and leave without being noticed. More specifically, backdoor files are uniquely encoded files that are difficult to detect. Cybercriminals can encrypt their backdoor files with a decoding key that only they possess, meaning, no one else has access to their malicious file. In Q2 2017, backdoors accounted for 23 percent of malware files. Because malware is becoming increasingly complex and easily hidden, backdoor files pose a large threat to website owners. Once a backdoor file is left on a website, cybercriminals can use it to return to the website at their leisure to cause more damage.
Once malware successfully infects a site, it can be used to deploy visitor attacks.
Visitor attacks are attacks that occur on a website with the goal of exploiting the website’s visitors. These attacks can target sensitive customer data, steal website traffic, or spread malicious content.
In Q3 2017, visitor attacks accounted for 26 percent of malicious files cleaned by SiteLock, which means that if an attack occurs on your website, it’s likely targeting your visitors.
The most frequent visitor attacks in Q3 fell into one of four categories: SEO (search engine optimization) spam, redirects, defacements, and phishing kits. Below is a breakdown of what these attacks are and how they can harm website visitors.
SEO (search engine optimization) spam takes advantage of the way keywords are used to influence how well a website ranks in search results. For those unfamiliar with SEO, a website has a better chance of ranking for a certain keyword if that keyword is used on the website. By injecting unrelated keywords into a victim’s website, cybercriminals can attempt to force a website to rank for those unrelated keywords instead. SEO spam is a top objective for cybercriminals, as the number of SEO spam files removed from websites increased 10 percent from Q2 to Q3 2017. SEO spam can add keywords directly onto to the pages of the website, or inject them into the website’s code. The result: the attacker’s website sees higher traffic and improved rankings in search engine results, while the victim’s website loses traffic due to lower rankings and confused visitors.
SEO spam is classified as a visitor attack because it tricks visitors into viewing irrelevant content on the intended website. For example, if your visitors came to your blog looking for your latest recipe but found a post about prescription drugs instead, they’ll likely leave confused and unsure of whether or not your website is trustworthy. These irrelevant keywords can also devastate your website’s rankings in search results and draw traffic away from your website by directing your visitors to a different, malicious website.
Phishing kits are illegitimate replicas of popular websites like Google, Netflix, or various online banking applications that seek to steal sensitive information. Over 300 different organizations were targeted by 29,000 phishing kits in 2016, allowing cybercriminals to imitate several reputable websites. For example, if a visitor tries to complete a purchase on your site using PayPal, but is unknowingly taken to a phishing site that looks like PayPal, that customer has just handed over their payment information to a cybercriminal. If they never receive the order that they paid for and discover that their information was stolen, you’ve not only lost a sale, but likely a customer as well.
Website redirect attacks occur when visitors arrive on your site and are instead redirected to a phishing or malware-infected website. These attacks account for 8 percent of malware files. Redirects are often part of an SEO spam attack or a phishing scheme, causing a loss website traffic and a decrease in trust from your visitors.
Defacements change the appearance of your website when a cybercriminal replaces your website’s content with their own. You can think of it like digital graffiti on the homepage of your website. This content often includes an ideological or political message that could be off-putting to your customers. A defacement can render your website unusable, meaning you will lose leads, sales, and traffic. And when your website is restored, you can expect those numbers to stay low as visitors decide whether or not they still trust your website. Perhaps the most well-known type of malware, defacements accounted for 15 percent of malware files detected in Q3 2017.
Why are these cyberattacks happening?
While cybercriminals continue to increase their efforts and develop new types of malware, website owners largely continue to operate under a false sense of security. SiteLock surveyed 13,000 website owners to find out who they believe is responsible for their website security, and the responses were alarming. Of the surveyed website owners, 70 percent either believed their website was protected by their web host, or simply couldn’t answer the question.
It’s a common misconception that hosting providers offer security for each website they host. However, your web host only protects the server your website is hosted on, not the website itself. Think of it like securing an apartment building. Property management takes responsibility for securing the building, but each tenant must lock the door to their own apartment.
Another common website security misstep is relying on search engines for malware warnings. Popular search engines do their part to help create a safe internet by looking for websites with malware. To protect visitors, search engines will place a warning on a malware-infected site indicating that the site may be compromised. Search engines might even de-index the website if the infection isn’t resolved in a timely manner, meaning it will be removed from the search results. This process is known as “blacklisting,” and all too often – or perhaps not often enough – this is how website owners discover they have malware. Blacklisting can have a devastating effect on a website, causing a loss of traffic, trust, and revenue. For this reason, search engines err on the side of caution and only flag websites when malware is definitely identified. However, only 21 percent of infected websites are blacklisted, meaning that unflagged websites might still be infected with malware.
Fortunately, there are much more effective ways to secure your website.
Protect your website and your visitors in 2018 and beyond
Now that you’re aware of some of the ways malware can exploit your website and visitors this year, you should reinforce your website’s security. Here are a few simple best practices that can be implemented right away:
- Use strong, unique passwords on all of your website applications to prevent cybercriminals from guessing your password.
- Update your applications and add-ons as soon as security patches become available and remove anything you’re not using anymore to help prevent vulnerabilities.
- Maintain offsite backups of all website content so you can restore a clean copy of your website in the event that a cyberattack happens.
While everyday best practices are a great first step to securing your site, to combat threats effectively you’ll need to install a website scanner that looks for and removes known malware every day. You’ll be alerted when malicious or suspicious threats are identified, allowing you to resolve issues immediately and reduce the risk to your site and its visitors.
You’ll also save money by:
- Not needing to hire an expert to remove malware manually.
- Preventing costly downtime caused by cyberattacks. Website downtime can cost small businesses as much as $427 per minute.
- Retaining customers and visitors. Recent data shows that 65% of customers who have had their data compromised refuse to return to the website that was responsible, or simply stopped shopping online altogether.
With your website running safely and efficiently, you’ll be able to invest your time and money back into your business.
By taking proactive measures to protect your website, you can stay ahead of busy cybercriminals, cyberattacks and new trends in malware. You can get started with the only malware scanner in the industry that removes known malware automatically. Call 855-378-6200 to speak with a SiteLock security consultant anytime, 24/7.