What is malware? It’s a rather simple question, but to answer it, we have to go back in time.
The first real instance of malware occurred in the early 1970s — when BBN Technologies engineer Bob Thomas wrote the code behind the so-called “Creeper worm.” The worm was the first self-replicating computer program, and it quickly spread through the ARPANET, annoying users with the pop-up message: “I’m the creeper: Catch me if you can.” Over time, engineers took the Creeper worm’s principles further, leading to the creation of the first viruses.
A decade after the Creeper worm, computer scientist Fred Cohen defined a virus as “a program that can infect other programs by modifying them to include a, possibly evolved, version of itself.” The definition remains accurate today, but now, it applies to an array of programs that have been created for nefarious purposes.
Malware originally targeted computers themselves: logging keystrokes, stealing data, and spreading to other machines whenever possible. With the advent of the internet, however, a new breed of malware was created specifically to target websites, their owners, and their visitors.
Today, malware is incredibly common, and it continues to spread. Between 2016 and 2017, mobile devices experienced a 54% spike in malware variants, and Mac computers saw an 80% increase in malware attacks. As many as 17.6 million websites worldwide are infected with malware at any given time. As more and more websites and devices — from phones to refrigerators — gain internet connectivity, hackers are gaining easy access to unprecedented levels of processing power.
Different Types of Malware
Malware is a self-propagating software that’s created to damage websites and computers. Though there are many different types of malware, we’ll limit our examination to five of the most common types of website malware. As a website owner or manager, these are the threats you’re most likely to face.
1. Website Defacements
Website defacement is a common type of malware attack, and it’s one of the few that’s actually easy to spot. When executing a defacement attack, hackers may alter your homepage to display embarrassing or offensive images or edit the text on your “About” page. It’s possible for hackers to take a subtle approach, but a defacement attack is more likely to be shocking or humorous. In one particularly memorable example, a hacker accessed the European Union presidency site and replaced the image of Spain’s prime minister with a photo of the fictional Mr. Bean character.
Defacement malware is generally easy to fix once you get a cybersecurity professional involved, but it can cause website visitors to lose trust in your company. Would you want to enter your payment information on a site that appears to be compromised? Probably not.
2. Backdoor Files
A backdoor website attack occurs when cybercriminals inject malware into your site files or database, allowing remote access to bypass authentication methods. When these attacks remain undetected, hackers are free to steal your data and your customers’ data at their leisure. In 2018, 50% of infected website files were backdoor files, which are becoming increasingly difficult to detect. Pirated website plug-ins often contain backdoors, which is yet another reason to avoid them.
3. Website Redirects
Redirect malware is somewhat self-explanatory: It sends all traffic attempting to visit a legitimate site to a different, more malicious one. This malware is often easy to spot because the destination doesn’t match the site your visitor intended to reach, but cybercriminals can also use them in another way.
By redirecting traffic to illegitimate websites (designed to closely resemble the visitor’s intended destination), hackers can trick people into entering their sensitive financial or personal information without a second thought. By using URLs that closely resemble the original, hackers will imitate healthcare patient portals, e-commerce sites, and banking sites to steal a wealth of valuable information.
4. SEO Attacks
When hackers inject SEO spam malware into a website, they intend to create additional pages that serve the interests of spammers. Examples include malicious backlinks and irrelevant keywords used to direct traffic to another site. Unsurprisingly, random keywords draw the ire of search engine crawlers, causing your site’s position in search rankings to plummet (and ultimately leading to a potential decline in the amount of traffic you receive).
Malvertising is a case where cybercriminals take advantage of legitimate advertising networks to enable the spread of malicious code. When users click on infected ads, they prompt malware to download — often silently in the background. This type of malware is spreading rapidly, and in 2018, it cost advertisers more than $1 billion.
Are CMS Sites Safe From Malware?
Now that you’re well-versed on the most threatening types of malware, let’s examine why small business owners are at an increased risk of malware infections.
If you’re a small business owner, there’s a good chance you relied on a content management system to establish your web presence. CMS platforms are valuable tools for building functional, beautiful websites — and they’re not just for small businesses. Large enterprises like Sony Music and The Walt Disney Company rely on WordPress, while Tesla and NASA use Drupal. In fact, more than half of all websites on the internet are built using a CMS. However, CMS applications are an especially popular choice among small business owners because they’re free and easy to use.
These platforms are open source, meaning developers have coded certain features and made them available to the public. Open-source platforms are incredibly versatile, and even the most novice website owners can quickly learn how to use features and tools. From email newsletter sign-ups to submission forms, there’s likely a plug-in to perform the desired task. It’s worth noting, however, that open-source CMS platforms come with increased risk.
Our research suggests WordPress and Drupal sites are 1.6 times more likely to be infected with malware than non-CMS sites. For Joomla, that number is even higher (at 2.2 times more likely). The benefits of CMS platforms might outweigh the risks for some business owners, but be aware of vulnerabilities so you can mitigate them and take action should your website’s security become compromised.
When adding features or plug-ins to an open-source site, you can’t be sure who wrote the code and how securely it was made. Themes and plug-ins often have vulnerabilities that small business owners don’t know about or understand, leaving them open to attack from cybercriminals. Essentially, you’re adding ingredients to your website that you don’t know much about beyond their outward appearance.
Misconceptions Can Cost You
National coverage about widespread data breaches at large corporations tend to give small business owners the idea that cybersecurity isn’t something they should be concerned about. But the reality is that cybercrime is on the rise for businesses of all sizes.
As cybercriminals continue to automate their attacks, it’s incredibly cheap to conduct nefarious activity, and it’s only getting cheaper. In the early days, cybercrime required a certain degree of expertise, limiting who could conduct attacks and the scope of those attacks.
Now, automated attacking software is available on the darknet for bargain-bin prices. Whether they’re targeting websites with malware, attempting credential stuffing attacks, or sending out phishing emails to employees, attackers are buying capabilities as a service. Because attacks are so cheap, they’ll get the best results by casting the widest net possible. That means targeting any business with a digital presence.
Another common misconception is that all companies can overcome the financial obstacles of data breaches. Target’s 2014 data breach cost the company $162 million and hurt its reputation with customers, but today, the department store seems as strong as ever. The Home Depot suffered a breach in the same year and spent $33 million on recovery efforts, yet the home improvement chain seems to be conducting business as usual.
In both instances, the costs of these breaches were much higher than the numbers attached to them, but they were offset by insurance policies. The truth is that most small to midsize businesses lack both cybersecurity insurance and the budget to recover from a data breach. It’s the main reason 60% of SMBs shutter their operations less than a year after an attack. In addition, you’ll have to spend money on investigations that determine the size and scope of the breach. Add in potential fines, legal fees, and expensive downtime, and it’s easy to see how a breach can sink a small ship.
How to Check a Website for Malware
Whether you’ve been in business for five months or 50 years, you owe it to your customers and your employees to prioritize cybersecurity.
Website owners with technical capabilities can check for malware by using a database administration tool (like phpMyAdmin) to check for malware. Cybercriminals rely on a certain coding syntax to disguise their efforts, and finding these breadcrumbs can indicate the presence of malware. When searching through source code, look for both script and iframe attributes. If these attributes are followed by URLs that you don’t recognize, hackers may have injected them.
Additionally, regularly check website files for malware using file transfer protocol or the file manager provided by your domain host. Manually checking files isn’t always straightforward, but it can be a good way to spot something out of place. If locating malware is outside your technical skill set, it’s probably best to implement an automated malware scanner that looks for malware signatures.
SiteLock research indicates that websites experience 60-plus attacks per day, yet many small business owners won’t even recognize an attack. Case in point: Only 13% of small business owners said they’d experienced a cyberattack when surveyed by Nationwide, but once Nationwide provided common examples of cyberattacks, that number shot up to nearly 60%.
How to Prevent Malware Attacks
As cybercriminals continue to automate their attacks and expand their reach and volume, protecting your website from malware has never been more important. To prevent malware attacks on your website, be sure to:
1. Keep each component of your website updated to the latest available version, and work to identify and address vulnerabilities in the code.
2. Minimize the use of extraneous plug-ins, as they complicate your site unnecessarily and add additional entry points for cybercriminals.
3. Rely on a web application firewall to block bot traffic and make it more difficult for cybercriminals to find an access point.
Even with the right measures in place to prevent malware attacks, you should utilize a website malware scanner to monitor your website automatically. SiteLock’s SMART Scan automates the malware removal process — from detection to elimination. The earlier you can detect malware, the less it will affect your day-to-day operations (and the easier it will be to remove). Avoid the consequences of malware, and step up your website protection today.