New research shows that vulnerable plugins, extensions, and default settings are responsible for higher website compromise rates.
Content management systems (CMS) are frequently used to build websites and online services (such as e-commerce shops), allowing webmasters to easily manage and publish their content.
Plugins and extensions add to your website’s functionality and can offer everything from contact forms to SEO optimization, maps, image albums, and payment options. As a result, they are very popular, but if they are vulnerable to exploitation, their use can put your entire website at risk of being taken over.
Sucuri’s 2021 Website Threat Research Report (.PDF) explores these issues in depth, with a particular focus on CMS usage such as WordPress, Joomla, and Drupal.
According to researchers, vulnerable plugins and extensions “are responsible for far more website breaches than outdated core CMS files,” and about half of the website intrusions recorded by the company’s clients are It’s happening on a domain with an up-to-date CMS file. CMS.
Threat actors often use legitimate (but hijacked) websites to host malware, credit card skimmers, or deploy spam. Sucuri said websites with “recently vulnerable plugins or other extensions” are most likely to be exploited in these ways.
“Even a fully updated and patched website can suddenly become vulnerable if a vulnerability is disclosed in one of the website elements and action is not taken promptly to fix it. There is,” commented the researcher.
In addition, webmasters who leave CMS websites and control panels in their default configuration, especially where multi-factor authentication (MFA) is not implemented or not possible, is considered a “significant liability”.
This report lists the most common types of malware found on compromised websites. At the top is a backdoor. This is a form of malware that gives the operator permanent access to domains, as well as features such as the ability to steal data.
According to Sucuri, more than 60% of website compromises involved at least one backdoor.
Additionally, credit card skimmers continue to pose a persistent threat to e-commerce retailers. Skimmers are usually small pieces of code embedded on payment pages that collect customer card information. Forward them to an attacker-controlled server.
They now account for over 25% of new PHP-based malware signatures detected in 2021.
Spam is also one of the most common forms of website compromise. In total, 52.6% of the websites the company cleaned contained his SEO spam, such as URL redirects used to force visitors to landing pages displaying malicious content. Additionally, the team found evidence of spam injectors hiding spam links on hijacked websites to boost his SEO ranking.
Most spam-related content is related to drugs such as Viagra, essay writing services, escorts, gambling, adult websites, and pirated software.
“There is no 100% security solution for website owners, but I have always advised them to use a defense-in-depth strategy,” says Sucuri. “By implementing defensive controls, we can better identify and mitigate attacks against our websites. […] Fundamentally, maintaining a good security posture means keeping your environment up-to-date, patching, using strong passwords, enforcing the principle of least privilege, and leveraging web application firewalls to block malicious attacks. It comes down to some basic principles of filtering traffic with ”
Previous and related coverage
Any tips? Contact us securely via WhatsApp | +447713 025 499 or Signal with Keybase: charlie0
