Learn how websites get hacked in this latest trend report first introduced in Quarter 1 of 2016. It was the first of its kind built from metadata collected by Sucuri’s Remediation Group (RG. This report will be more succinct and direct in its insight and expand on the data collected from previous quarters. All data will include updated data for 2016/Q2.
The one constant you’ll find in this report is the issues pertaining to poorly trained website administrators (i.e: webmasters) and their affect on websites. Something we find time and time again is not only peoples lack of security but a complete lack of understanding about what is actually required. I am not talking about the owner of the site in question but the people who actually built the website to start with.
This report will provide trends based on the CMS applications most affected by website compromises and the type of malware families being employed by the attackers. Additionally, we’ve introduced new data points around the number of websites blacklisted during the remediation phase and additional details into the makeup of the WordPress platforms.
This report is based on a representative sample of the total number of websites the Sucuri RG performed incident response services on in Calendar Year (CY) 2016 Quarter 2 (CY16-Q2). A total of 9,771 infected websites were analyzed in this report; a sampling that provided us with the most consistent data from which we could prepare this report.
How Websites Get Hacked – And What You Can Do About It
Because building websites has become a lot easier now than it was in the past, we are seeing a lot of people jumping into the game with very little knowledge, mostly trying to make a quick buck by setting up their own little business and building websites for small to medium sized businesses. The problem is, most of these websites have the absolute bare minimum in terms of security or protection.
CMS platforms are great and their GUI interfaces have made them easier and easier to use, but they still require the same (if not more) attention under the bonnet or behind the scenes to really get the most out of them and most people simply ignore this. CMS platforms like WordPress still require an expert to set them up and configure them to perform properly.
Most people dont realise that CMS platforms like WordPress simply do not provide a good secure platform straight out of the box, a fact that is often ignored by many. One of the reasons they have been made a prime target for attackers is due to the popularity of these platforms being used by people with little or no knowledge, cos a lot of them know it is easy pickings and this is how websites get hacked so easily.
Talk To Us Today For A Free Assessment
How Websites Get Hacked – CMS Analysis
Based on our data, similar to 2016/Q1 the three leading CMS platforms were WordPress, Joomla! and Magento. Again, this does not imply these platforms are more or less secure than others.
In most instances, the compromises analyzed had little, if anything, to do with the core of the CMS application itself but more with improper deployment, configuration, and overall maintenance by the webmasters and their hosts.
WordPress experienced a 4% drop from 78% in Q1 to 74% in Q2. Joomla! experienced a 2.2% increase from 14% in Q1 to 16.2% in Q2. All other platforms maintained a constant (with minimal change) distribution.
In Q2, 74% of the infected sites were built on the WordPress platform; a 4% decrease from Quarter 1. Similar to Q1, because of its relatively low numbers, Undefined, ModX and vBulletin are being removed from the rest of the report.
Read The Full Article