According to a new study, vulnerable plugins, extensions and default settings are responsible for a high rate of website compromise.
Content management systems (CMS) are frequently used to publish content to websites and online services, including e-commerce stores, and make management and publishing easier for web administrators.
Plugins and extensions add extra functionality to websites and can provide everything from contact forms and SEO optimization to maps, image albums and payment options. They are therefore extremely popular, but if they are vulnerable, their use can lead to the risk of hijacking entire websites.
The plugin, achilles heel for websites
The 2021 Sucuri Website Threat Research Report (.PDF) examines these questions in depth by focusing on the use of CMSs, including WordPress, Joomla, and Drupal.
According to the researchers, vulnerable plugins and extensions “are responsible for far more website compromises than outdated CMSs”. About half of intrusions on websites registered by the company’s customers occur on a domain with an up-to-date CMS.
Malicious actors often rely on legitimate but compromised websites to host malware, credit card data stealing scripts, or to distribute spam. According to Sucuri, websites containing “a vulnerable plugin or other extension” are most likely to be exploited in this way.
“Even a fully updated and patched website can suddenly become vulnerable if one of the elements of the website has a vulnerability and steps are not taken quickly to fix it,” the researchers comment.
Additionally, webmasters leaving their websites and control panels on default configurations are a major risk, especially when multi-factor authentication (MFA) is not implemented or not possible.
Backdoors, skimmers and spam
The report lists the most common types of malware found on compromised websites. At the forefront are backdoors, which are forms of malware that give their operators permanent access to a domain and the ability to exfiltrate data.
According to Sucuri, more than 60% of website compromises involved at least one backdoor.
Additionally, credit card-stealing scripts (or “skimmers”) remain a persistent threat to e-commerce sites. Skimmers are usually small pieces of code implanted on payment pages, which collect card details from customers and transfer them to a server controlled by an attacker.
They now account for more than 25% of new PHP-based malware signatures detected in 2021.
Spam is also one of the most common forms of website compromise. A total of 52.6% of websites analyzed by the company contained SEO spam, such as URL redirects, which are used to force visitors to pages displaying malicious content. Additionally, the team found evidence of the existence of spam injectors that hide spammy links in compromised websites in order to improve their search engine rankings.
Most of the spam related content is about pharmaceutical products like viagra, escort services, gambling, adult websites and pirated software.
“While there is no 100% security solution for website owners, we have always advised using a defense-in-depth strategy,” Sucuri says. “Having defensive controls in place helps you better identify and mitigate attacks against your website. Maintaining a good security posture comes down to a few basic principles: keep your environment up-to-date and patched, use strong passwords, exercise the principle of least privilege, and leverage a web application firewall to filter out malicious traffic.”
Source: “ZDNet.com”