Page 55 of 64

malware

5 Ways to Protect Your Website From Malware

protect website from malwareThere are over 1 million new strains of malware created every day. One identified infection can get your website blacklisted by Google, who currently blacklists over 10,000 websites each day. Mind you, the malware need not even be on your site.

SMEs (Small to medium-sized enterprises) are unfortunately one of the largest targets of cyber attacks. On average, over 30,000 SME websites are targeted each day, and to make matters worse, nearly 60% of their IT professionals think they aren’t at any real risk of being attacked.

Don’t allow your business to suffer expensive cyber attack damages (which average around $50K per attack) — instead, be proactive in your web security efforts to prevent security threats, protecting you and your customer’s private data. Here are 5 tips to help you protect your website from malware and other cyber threats:

1. Updates and Patches

Is your website running off of a Content Management System (CMS) such as WordPress? A CMS can be an easy and cost-effective way to manage your business’ website, but they’re also large targets for cyber attacks.

Why? Many CMS platforms and plugins are often easy targets for hackers and allow backdoor access to your server and data (a recent example of this vulnerability was the SoakSoak attack that occurred last month). Make sure your system, plugins and themes are always up to date, strengthening your web security. Many CMS solutions will even automatically update files for you, if you choose.

2. Website Scanning

Many web viruses and other malware go unnoticed until it’s too late, due to their elusive nature. They can often be implemented with a simple one-line script, injected into the code of your website – made to look like normal code.

Website security scanning software can scan your website for existing malware and other harmful code that doesn’t belong, and notify you immediately of any threats. Our SMART (Secure Malware Alert & Removal Tool) software takes it a step further by automatically removing anything harmful – similar to what a virus removal software does for your PC.

3. Web Application Firewalls

Removing existing website threats is one issue, but keeping them from coming back is another. With over 1 million new malware strains created each week, your business’s website can potentially to be infected by a new virus every day.

Web Application Firewalls (WAF) can help prevent attackers from even visiting your site. How do they work? Let’s take our TrueShield WAF, for instance – it evaluates traffic based on where it’s coming from, how it’s behaving, and what information it’s requesting. Based on these and other criteria, the firewall will allow “legitimate” traffic (e.g. customers and search engines) access while blocking “malicious” traffic (e.g. spam bots and hackers).

Used in conjunction with a website scanning solution, a WAF can help provide around-the-clock, hands-free security for your business’s website.

4. PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS), or PCI for short, is a security standard that businesses must adhere to if they accept major credit cards. This compliance helps ensure that your business and customers are protected from cyber attacks and fraud by providing a documented, baseline security posture for your site. Failure to comply with PCI standards can result in direct financial damages, lawsuits, government fines and ultimately ruin brand reputation in the event of a data breach.

Fortunately, it’s not difficult to become PCI compliant. There are many solutions that walk you through the steps to help create your own customized PCI policy. Our SiteLock® PCI Compliance program takes it even a step further by scanning your site and network, and you can also add on our PCI-certified TrueShield firewall.

5. Strengthen Passwords

Even now the world is still using weak passwords. A strong password is one that contains over 8 characters, no dictionary words, has a mixture of uppercase and lowercase letters, and includes digits and/or special characters. Unfortunately, many of those boxes aren’t checked – allowing brute-force hacking techniques (repeated attempts to login to your website) to become effective.

It’s extremely important that you create a strong password for your website’s back end, since it can often times be an easy way into your private data. You should also advise your customers who have online accounts to do the same, to help protect them from future attacks. After all, it only takes seconds for a computer to crack a poorly created password.

Want to stay up to date on the latest malware trends and ways to protect against them? Follow SiteLock on Twitter!

One Out Of Every Two Businesses Victim Of a DDoS Attack

DDoSIf you think that DDoS attacks are just a problem for the big guys, a new study might change your mind. The recently published DDoS Impact Survey found that nearly one in every two companies, regardless of size, were victims of a Distributed Denial of Service attack. The average cost of a DDoS attack ran to around $40,000 for every hour the attack lasted

The authors of the survey spoke to nearly 300 North American companies, ranging in size from 250 employees to more than 10,000. The responses were very troubling:

Read More

Prepare for Trends in Website Malware Growth

As we approach the first anniversary of the massive Target data breach that opened the floodgates for thousands of other attacks, we look at whether security measures are better or worse than last year. Are we better prepared to defend against the malware that took out Target, Home Depot and thousands of smaller firms, or is the malware used in these attacks simply outrunning us?

The news is not encouraging. PandaLabs, the research arm of security firm Panda, has been tracking new malware for years. According to the company, more than 50 million new strains of malware have emerged since the Target attack, and 20 million of those strains were detected in the third quarter of this year alone. Using those numbers, that works out to a stunning 227,000 new strains of malware being introduced to the world every single day for just the last twelve weeks.

The vast majority of new malware strains and infections, more than 75% of them, were Trojans. This malware is not having much trouble finding computers and servers to infect. According to Panda, more than a third of personal computers worldwide are now infected with malware.

These statistics are even more important as we approach the busy holiday season. With more people online, surfing, searching and shopping, the spread of malware will only increase, and much of this could be Point of Sale malware.

Close cousins of the malware that was used in the massive data breaches at Home Depot and Target are now on the march. The Backoff malware, which is widely regarded as undetectable by antivirus software, increased by nearly 30% in September alone according to security firm Damballa.

Businesses are not the only targets. Researchers recently found advanced malware known as Black Energy that has been compromising industrial control systems around the world, undetected, possibly for years. As with many of the most sophisticated attacks, they have often started with a phishing email to an unsuspecting or untrained employee.

Much of this malware lies in wait for its victims. The recently discovered Dark Hotel malware has been infecting hotel Wi-Fi networks around the world. The malware lies in wait for visiting guests to use the network, then tricks them into downloading malware that includes a keylogger and other data stealing components. While all guests are vulnerable, the prime targets are traveling executives who may provide access to sensitive corporate information and networks.

So what can you do to minimize the risk? The answer is in the question. With so much malware now able to evade antivirus software, it’s time to start assuming that risk mitigation is a better and more realistic option than absolute prevention

Your best defense is a “shield’s up” approach. Identify the most common ways malware can enter your business, whether it’s through an unprotected website or a careless employee, and patch the holes in the fence.

If you’re going to assume that you can’t keep all malware out, you can still do many things to reduce the potential damage. User privilege management is one of the best defenses. If you strictly limit the access privileges of your users to just the things they absolutely need access to, you can prevent malware from jumping from the lowest level of access to the highest.

As we approach the first anniversary of the Target breach, it’s worth remembering how the attack started. Target granted almost unlimited access to a lower level employee of a small, outside, service company. Once the hackers had the user’s password, they had undetected access to Target information for months. Make sure that you’re doing everything you can to prevent these types of attacks. Don’t become the next headline. To get started on the path to a secure website, contact SiteLock for a free website security analysis.

Is It Time For Mandated Website Security?

website security tipsWe’re now closing in on nearly one billion websites worldwide, and with another 6 million new domains being registered daily. Yet it’s estimated that less than 3% of those websites are secure. And guess who’s really taking notice of this glaring absence of website security?

It’s nothing new that hackers are constantly changing their tactics. What’s troubling is how quickly they adapt and adjust to whatever security countermeasures they encounter, and how creative and sophisticated their workarounds have become. That’s what happens when a crime becomes a lucrative industry, and when things like website security get overlooked hackers won’t waste a moment exploiting it.

Read More

Why Website Malware Removal Just Got Even More Urgent

Website malware removal is probably not at the top of your daily “to do” list, and yet it’s something that no business can ignore, even for a day. And new tactics by ransomware authors might just push that task right to the top of your list.

Ransomware is one of the most dangerous types of malware to emerge in recent years. It works by encrypting all the files it finds on infected computers and then demanding a ransom be paid for this files. That ransom can be as high as $10,000 but even paying it might not result in a good outcome. If you’re a business owner, the impact on your business could catastrophic and chances are you’ll never see those files again.

Read More

Why DDoS Protection Is No Longer Optional

If businesses are to survive the growing threat of DDoS (Distributed Denial of Service) attacks, then DDoS protection must evolve quickly and respond even faster. Hackers have no shortage of options when it comes to launching DDoS attacks. In early October, Akamai warned that hackers are now targeting Universal Plug and Play devices, or UPnP, to launch their attacks. The firm estimated that there were more than 4 million UPnP devices, from home routers to web cams, that were vulnerable to being conscripted by hackers to launch devastating DDoS attacks.

Read More

7 Website Security Tips You Can’t Afford To Ignore

With thousands of attacks daily on websites of all sizes, we thought we’d get your day started with some simple website security tips that should be a regular and central part of your security routine. And here’s why.

As hackers of all sorts constantly probe businesses of all sizes for any kind of vulnerability they can exploit, websites could by far be the biggest hole in security. And just one recent hack should have been a wakeup call for anyone responsible for website security. In the world of security breaches it seems like a lifetime ago, but it was less than three months ago that a company called Hold Security reported finding a stash of more than a billion usernames and passwords, along with half a billion email addresses, on the servers of Russian hackers.

Read More

USB exploit

Nasty USB Exploit Makes Malware Detection Tough

USB exploitWho would consider the possibility of a USB exploit?  Whether it’s malware prevention, detection, or removal, the sneaky critters are now getting so clever the challenge of dealing with them just seems to get harder. And sometimes people just get in the way.

You have to consider a USB infected and throw it away as soon as it touches a non-trusted computer.

Story Of A USB Exploit

A couple of months back, a fellow security hack told me the story of a simple but effective way hackers had found to break into a business simply by exploiting the curiosity of a CEO.

Read More

Shellshock exploit

Shellshock Exploit Exposes Millions Of Servers To Hackers

Remember Heartbleed, that age-old bug that only surfaced last year and left more than half of all internet servers around the world exposed? Looks like we might have yet another Heartbleed on our hands. This one has been codenamed Shellshock.   Experts are already saying the Shellshock exploit could impact millions of Unix systems that operate on Linux or Mac iOS. And may even threaten consumer devices including home routers.

Read More

PCI compliance

Protecting Your Business From A Data Breach

It’s been a good time for malware and its authors, but a very bad time for businesses and especially those that have suffered a data breach. A variety of point of sale (PoS) malware has run rampant through thousands of business and retailers in just the last few months, creating a massive haul of stolen credentials for hackers worldwide. And making consumers a very nervous bunch.

The Home Depot Data Breach

The latest victim is Home Depot, which only just announced that it had lost at least 56 million customer credit and debit cards to hackers who used a variant of PoS malware that’s growing in popularity amongst criminals — because it apparently works very well.

Read More

Page 55 of 64

Powered by WordPress & Theme by Anders Norén