Cybersecurity is becoming a major issue in 2017 and many websites are under threat. According to a variety of sources, there is an estimate of over 30,000 attacks daily on websites and that number is said to be increasing. Also, according to Sucuri’s report from last year, around 78% of all attacks were on WordPress websites. This is not because WordPress is less secure than other CMS platforms, it is simply because WordPress is one of the most popular with over 60% market share. We have looked recently into securing your website so that you may not become a victim to cyber attacks yourself. In this week’s blog, we are going to take a look at some different types of threats to your website and what you can do to prevent them from attacking your website.
Ransomware has been a major problem in 2017. Back in March, 99 countries were attacked by the WannaCry ransomware virus, with over 75,000 cases reported by Avast. Ransomware, as suggested in the title, is a type of malware that prevents or limits the user’s access to their website or computer. This is done by either locking your screen and/or encrypting your files and then holding it at ransom until money is paid to the hacker. Ransomware can be very difficult to budge once it has infected your system. During the attacks in March, many victims were fortunate as there was an accidental ‘kill-switch’ found in the malware’s code. However, not everyone has been so lucky. Last year, Los Angeles Valley College had to pay $28,000 for a ransomware demand. As this type of Malware can be a serious threat to your website and your business, it is important to adopt some common security practices. Similarly, avoid opening unverified emails or clicking links embedded in them, back up your website regularly and keep backups in secure and remote places, and be sure to update WordPress regularly to keep yourself less at risk.
Malware is any menacing software that enters your system and damages or disables your website or computer system. Malware can attack your website in a number of ways, but most often work by exploiting vulnerabilities your site may have. As mentioned, attacks by malware have been on the rise. According to Sucuri, approximately 20,000 websites a week are blacklisted by Google due to being infected by malware. Beyond having your website damaged or disabled, having a site infected can be problematic too as blacklisted websites will have advisements from Google not to enter if someone clicks on a URL for your website. This will almost certainly cost you business. To avoid malware, be sure to secure your usernames and passwords for website logins and consider a two factor authentication. You can also limit login attempts and stay up-to-date with WordPress updates. You might want to consider a good security plugin or file monitoring system. We recommend Sucuri, but find a good plugin that is right for you!
Though not as common as brute force attacks, such as Malware infections, Phishing is still on the rise and can be very harmful to your business. Phishing is the attempt to obtain sensitive information from a person, often by masquerading as a legitimate party. This is done by sending fraudulent emails to an employee or employer that requests access to the website for some ‘legitimate’ reason. They can pose as a website security personnel or sometimes even an employee of your company. Once the hacker has obtained the username and password to your website, they are then free to do what they want to it. The best way to avoid phishing is to simply avoid sending sensitive information over emails, particularly to untrusted parties. Be sure to look at the emails too – if something looks wrong with the email then chances are that it is phishing.
A website defacement is an online hack that changes the visual appearance of a website by adding malicious images to the homepage and sometimes other pages too. Website defacement is often a form of hacktivism, which is when the hacker is using the homepage to spread political or religious messages and ideologies. Though it does not necessarily mean that your entire site is not functioning, it will most likely result in a loss of traffic, revenue, and trust in your brand. Often, website defacement is achieved by SQL injection, which is a code injection technique. This will allow administration access to the hacker. These attacks are more a nuisance than any real threat, but remember that much of your sensitive information can still be at risk. To avoid website defacements, the best way to protect your site is to install a file monitoring system, which will constantly monitor your website for any suspicious activity. A website firewall should also outright protect your website from hacktivists.
Distributed Denial of Services (DDoS) attacks is a cyber attack from multiple compromised computer systems that target a website server and flood the bandwidth, which will cause a ‘denial of service’ that will prevent legitimate traffic from viewing the website. The flood of incoming messages, connection requests or malformed packets will ultimately slow down or completely crash the website completely. More often it is large, popular websites that is at risk of DDoS attacks. In October 2016, there was a large DDoS attack against on several popular online companies including Paypal, Netflix, and Playstation, when hackers flooded traffic to the DNS hosting providers, which in turn disrupted the websites. Unfortunately, there is no way to stop an outright attack, however there are some prevention methods you can take to minimize the damage done. If you do have a mid to large-size website, then be sure to monitor your traffic for any abnormal activity or threats against your website. You may want to consider using a third party DDoS testing to simulate an attack so you can be prepared and create a response plan to minimize damage. Finally, practise proper online safety and keep an eye out for website vulnerabilities.
If you ever feel that your website is at threat from cyber attacks, then be sure to contact Sucuri immediately for resolution. Similarly, feel free to contact us if you think your website might be infected with malware for full assistance.