Compromising legitimate websites is a common way for hackers to target Internet users. But site administrators often fail to discover and fix hacked websites.
That’s the word from a recent study from security firm Commtouch. The survey polled 600 website owners and administrators whose sites had been hacked.
Compromising legitimate websites is a favorite method of hackers — users tend to trust sites they perceive as being safe, and they’re also less likely to be blocked by most Internet security software. Once they’re compromised, criminals can use those hacked websites to spread malware, redirect visitors to other sites, collect contact information for spam or phishing campaigns, or other actions.
For a site to be compromised, it doesn’t even need to be targeted specifically. Often, hackers find exploits to simultaneously compromise thousands of sites using the same software — such as popular content management systems like WordPress.
As attacks have become more widespread and sophisticated, hackers have gotten good at stealth attacks that go undetected. In fact, nearly half of respondents said they didn’t discover their sites were compromised until they tried to visit their own site and received a warning from their browser or Internet security software. Another 35% didn’t know until about their hacked websites until they were notified by a third party.
Based on those figures, organizations may consider boosting their efforts to monitor their sites for suspicious activity so that hacked websites are discovered as soon as possible.
IT can also take steps to prevent attacks from occurring:
- Keep software up to date — That includes plug-ins, which can contain their own vulnerabilities. Hackers exploiting outdated and unpatched software was the most common way sites were compromised, according to survey respondents.
- Change passwords regularly — Many respondents reported their sites were compromised using stolen log-in credentials.
- Set appropriate file permissions — Only give user accounts the permissions they need. That will help decrease the damage that can be caused if credentials are stolen.