Most common vulnerabilities

There are six common types of website vulnerabilities that are frequently exploited by attackers. While this isn’t an exhaustive list, like the OWASP Top 10, of all the possible vulnerabilities a determined attacker may find in an application, it does include some of the most known vulnerabilities websites contain today.

SQL injections

SQL injection vulnerabilities refer to areas in website code where direct user input is passed to a database. Bad actors utilize these forms to inject malicious code, sometimes called payloads, into a website’s database. This allows the cybercriminal to access the website in a variety of ways, including:

• Injecting malicious/spam posts into a site
• Stealing customer information
• Bypassing authentication to gain full control of the website

Due to its versatility, SQL injection is one of the most commonly exploited website vulnerabilities. It is frequently used to gain access to open source content management system (CMS) applications, such as Joomla!, WordPress, and Drupal. SQL injection attacks, for example, have even been linked to a breach of the U.S. Election Assistance Commission and a popular video game forum for Grand Theft Auto, resulting in exposed user credentials.

Cross-site scripting (XSS)

Cross-site scripting occurs when attackers inject scripts through unsanitized user input or other fields on a website to execute code on the site. Cross-site scripting is used to target website visitors rather than the website or server itself. This often means attackers are injecting JavaScript into the website so that the script is executed in the visitor’s browser. Browsers are unable to discern whether or not the script is intended to be part of the website, resulting in malicious actions, including:

• Session hijacking
• Spam content being distributed to unsuspecting visitors
• Stealing session data

Some of the largest-scale attacks against WordPress have been from cross-site scripting vulnerabilities. However, XSS is not limited only to open source applications. For example, a cross-site scripting vulnerability was found in gaming giant Steam’s system that potentially exposed login credentials to attackers.

Command injections

Command injection vulnerabilities allow attackers to remotely pass and execute code on the website’s hosting server. This is done when user input that is passed to the server, such as header information, is not properly validated, allowing attackers to include shell commands with the user information. Command injection attacks are particularly critical because they can allow bad actors to initiate the following:

• Hijack an entire site
• Hijack an entire hosting server
• Utilize the hijacked server for botnet attacks

One of the most dangerous and widespread command injection vulnerabilities was the Shellshock vulnerability, which impacted most Linux distributions.

File inclusion (LFI/RFI)

Remote file inclusion (RFI) attacks use include functions in server-side web application languages like PHP to execute code from a remotely stored file. Attackers host malicious files and then take advantage of improperly sanitized user input to inject or modify an included function into the victim site’s PHP code. This inclusion can then be used to initiate the following:

• Deliver malicious payloads that can be used to include attack and phishing pages in visitors’ browsers
• Include malicious shell files on publicly available websites
• Take control of a website admin panel or host server

Local File Inclusion (LFI), like remote file inclusion, can occur when user input is able to modify the full or absolute path to included files. Attackers can then use this vector to gain, read, or write access to sensitive local files—for example, configuration files containing database credentials. The attacker could also perform a directory traversal attack, amending an included file path to review the backend and host server files and expose sensitive data. A local file inclusion attack has the potential to become a remote file inclusion attack if, for instance, the attacker can include log files that were previously seeded with malicious code by the attacker through public interaction.

These types of vulnerabilities are frequently used to launch other attacks, such as DDoS and cross-site scripting attacks. They have also been used to expose and steal sensitive financial information, such as when Starbucks fell victim to an inclusion attack that compromised customer credit card data.

Cross-site request forgery (CSRF)

Cross-site request forgery attacks are less common but can be quite damaging. CSRF attacks trick site users or administrators into unknowingly performing malicious actions for the attacker. As a result, attackers may be able to take the following actions using valid user input:

• Change order values and product prices
• Transfer funds from one account to another
• Change user passwords to hijack accounts

These types of attacks are particularly vexing for eCommerce and banking sites where attackers can gain access to sensitive financial information. A CSRF attack was previously used to seize all control of a Brazilian bank’s DNS settings for over five hours.

Security misconfigurations

When security controls and configurations in any layer of a website, such as application, web server, network services, platform, framework, and databases, are set up incorrectly, security issues can occur, including:

• Using legacy components (unused pages, features, unpatched software, etc.)
• Leaving unnecessary admin ports open
• Enabling outbound connections to internet services, directory services, and so on

Commonly known security misconfigurations encompass broken authentication, broken access control, misconfigured cloud storage permissions, inadequate encryption settings, and failure to disable unnecessary services or features.

Impact of website vulnerabilities

Website vulnerabilities pose a significant threat to eCommerce businesses, impacting both their reputation and bottom line. When exploited, these vulnerabilities can lead to unauthorized access to sensitive data. ​Therefore, it compromises the integrity of the entire website. Personal data obtained through a user's browser can also be exploited to execute malicious scripts, further exacerbating the cybersecurity threat. Website security is not a luxury but a necessity.

Increase in data breaches

In 2023, the global landscape faced a surge in cyber attacks and data breaches, with statistics revealing a staggering 694 reported breaches and over 612.4 million breached records worldwide. Among the notable incidents, the MOVEit breach in May 2023 impacted an estimated 17.5 million individuals, exploiting vulnerabilities in Progress MOVEit software. Affected organizations included prestigious institutions like Johns Hopkins University and the University of Utah.

These breaches underscore the critical need for robust security measures, especially in educational and healthcare sectors, which remain prime targets for cybercriminals.

How to find vulnerabilities and fix them

There are easy steps you can take to manage and prevent vulnerabilities from allowing hackers to gain unauthorized access to your website and sensitive information.

Update all applications

The first critical step in securing your website is to ensure all applications and their associated plugins are up-to-date. Vendors frequently release imperative security patches for their applications, and it is important to perform these updates in a timely manner. Malicious actors stay in the loop on open source application news and are known to use update notices as a blueprint for finding security vulnerabilities. Subscribing to automatic application updates and email notifications on critical patches will help you stay one step ahead of the attackers.

Use a Web Application Firewall (WAF)

Web application firewalls are the first line of defense against those probing your website for vulnerabilities. WAFs filter out bad traffic from ever accessing your website. This includes blocking bots, known spam or attack IP addresses, automated scanners, and attack-based user input.

Use a malware and website vulnerability scanner

Your last line of defense is the use of a reputable automated malware scanner. It is recommended you find one that can automatically identify vulnerabilities and remove known malware. Try our free external website scanner to look for malicious code on your site, ensuring it is up-to-date and secure.

More advanced programmers may opt to manually review their code and implement PHP filters to sanitize user input. This includes methodologies such as limiting image upload forms to only .jpg or .gif files and whitelisting form submissions to only allow expected input. However, automated and manual security checks provide a more holistic approach to cybersecurity.

Web application security is paramount

Understanding the types of vulnerabilities that hackers may attempt to use to exploit your web applications is an important first step to securing your website. Vulnerabilities can have dire consequences for not only your website and server but for your customers’ data as well.

See how SiteLock's website security plans can keep your websites safe and patch vulnerabilities. If your site has already been compromised, learn how we help fix hacked websites.

Over one million new malware threats are released daily. To keep your website secure, it is critical to take matters into your own hands and become proactive about website security issues. There are two primary ways to do this; the first is by learning to check for signs of malware manually. The second and most effective way to protect against malware is by using a website malware scanner that detects malicious content and automatically removes it.

Follow these steps to check your website for malware, starting by recognizing the common symptoms of malware.

Look for common signs of malware

The signs of malware may not be immediately obvious to you or your visitors. For example, many website owners might assume that website defacement, an attack that changes the visual appearance of a website or web page, is the only way of knowing their site has malware. In reality, what makes malware so effective is its elusiveness and ability to hide.

If your site hasn’t been defaced, you might still have malware if:

• Your account login information was changed without your consent.
• Your website files were modified or deleted without your knowledge.
• Your website freezes or crashes.
• You’ve experienced a noticeable change to your search engine results, such as a blacklisting status or harmful content warnings.
• You’ve experienced a rapid drop or increase in traffic.

Should any of these common signs appear, you can follow these next steps to confirm your suspicions.

URL scanning for malware detection

If you suspect that your website has malware, a good online tool to help identify it is a URL scanner. Sitelock offers free security scans for any URL. Type in the domain name for your website (for example, mywebsite.com), and SiteLock will perform a free malware external scan of your site.

Scanning your site checks to make sure your site is up-to-date and secure. If your site is flagged for malware and you want to find the source of the infection, you can start by looking at your website’s code. Then, you’ll be able to remove malware from the clean code.

Website monitoring for changes

A best practice for all site owners is to keep frequent backups of your website. You can do this easily by using a tool that creates backups automatically. This offers several advantages, including having a clean copy to restore your site in the event of a cyberattack. Additionally, knowing what the clean, normal code on your website looks like can help you spot potential signs of malware.

But what if the worst happens and you don’t have a clean backup available? If you are familiar enough with your website or content management system’s (CMS’s) code to review it for suspicious content, you can check your database, files, and source code for signs of malware.

How to check for malware in your databases

To check for malicious code in your databases, you will need access to a database administration tool offered by your web host, such as phpMyAdmin. If your host offers a different tool, you may want to check their local knowledge base for further support.

Once you have access to the tool, let’s take a closer look at what exactly you’re looking for. The following is a short list of common syntax used by hackers when they inject malware into a site. While it is not comprehensive and may very well turn up a number of false positives, it is a great start when trying to perform a manual search.

• eval: This is a PHP function that attempts to process any string as valid PHP itself. It becomes dangerous when user-defined variables are included within it. It’s also dangerous, as most fail-safes included within the code of an application are disregarded within an “eval” statement. For these reasons, they are not only a prime target for hackers but also a common destination for their injected code.
• base64_decode: This PHP function is used to decode base64-encoded text for further processing within the PHP engine. Open-source applications do not typically have encoded text within their source code. More importantly, it’s an easy way for hackers to disguise their malicious code. If this function is found and shouldn’t be there, you may have found your culprit.
• gzinflate: Very similar to “base64_decode,” the “gzinflate” function is used to inflate (decode) a deflated (encoded) string of text. Again, if this function is being used to disguise code and isn’t a typical part of your site’s code, chances are it’s a problem.
• shell_exec: This function can be particularly dangerous if a server is not properly locked down. In short, it allows PHP to run commands at the server level and then feed their output into the PHP code of the site. Hackers are more interested in taking over a server than just one site, so this is a prime vector for them to leverage.
• GLOBALS: Disabled by default in versions of PHP since 2002 (v. 4.2.0), “GLOBALS” can pose a security risk when not implemented thoughtfully and carefully. If used in conjunction with user input, there is a much higher risk of unintended variable manipulation, which can lead to a compromised site. As a result, most applications and sites these days do not use global variables.
• error_reporting(0): When set to “0,” the “error_reporting” directive in PHP will effectively disable any code errors from being displayed in the browser or log. It is very unlikely that a stable release of an application or site would require such a directive. Instead, this exact directive might be used by a hacker who is testing out different bits of code within your site to see what might work.

Please note that this is by no means a complete list, but it does briefly outline some of the most common bits of PHP code that can be found in website hacks today.

How to check for malicious code in your source code

There are two types of attributes you’ll want to check if you are looking for malware in your source code: script attributes and iframe attributes. Look for any lines beginning with “<script src=>” and check for unfamiliar URLs or file names that follow. Similarly, look for unusual URLs included in <iframe src=”URL”>. If anything looks out of place or the URL doesn’t look familiar, it’s a likely sign of cybercriminal activity.

How to check for malware in your files

There are a few ways to manually check for malware in your website’s files, with varying degrees of difficulty and effectiveness. For most website owners, we recommend searching for malicious content in your website files using FTP or your host-provided file manager. Learn more about the signs of malware and what you need to look for. Once you’ve learned how to examine your database, source code, and files for changes, you’ll need to do so regularly to properly monitor for malware.

If this sounds overwhelming for someone new to code, there’s good news: the easiest way to check your website for malware is also the most reliable.

Automatic website scanning and malware removal

According to a 2024 data threat report, 41% of enterprises experienced a malware attack over the past year. With such a high level of criminal activity, you’ll need protection that can keep up, such as a website scanner that can scan for malware and remove it automatically.

Daily, automatic website security checks not only save you time but also allow you to get ahead of any infections, which may reduce the negative impact of malware on your site and its visitors. Malware scanners are typically designed to automatically scan for known and common malware types, including backdoor files, shell scripts, and spam. If the tool identifies malware, the website owner will be alerted immediately, and some solutions even provide automatic malware removal.

It’s important to note that preventative measures against malware are only as good as their ability to keep up with new types of malware and trends. Malware scanning should be backed by a comprehensive database that logs the most recent and persistent threats, offering the most up-to-date protection possible.

Protect your online business with SiteLock

As cybercrime and malware continue to evolve, being proactive about your cybersecurity is your best defense. In addition, search engines favor safe browsing and websites, so malware can also put your search engine optimization (SEO) performance and rankings at risk. Whether you use hands-on methods to check for malware yourself or deploy an automatic solution, by learning the different ways to look for malware, your website is one step closer to being secure.

Cyber threats are especially dangerous for eCommerce and other online businesses as they can impact more than just your bottom line, and the effects can be long-lasting. To keep your site protected, learn about SiteLock’s website security plans, or contact us for more details. If your site has been hacked, try our website repair services, and let us clean up your hacked site today.

Fortunately, you can prevent it all with effective website security. We’ll discuss what website security means and what solutions will help ensure your site isn’t taken down by a cyberattack.

What is website security?

Website security is any action taken or application put in place to ensure website data is not exposed to cybercriminals or to prevent exploitation of the website in any way. These actions help protect sensitive data, hardware, and software within a website from the various types of attacks that currently exist.

Implementing the proper security solutions will shield your site from the following security threats:

• DDoS attacks. These DDoS (distributed denial-of-service) attacks can slow or crash your site entirely, removing all functionality and making it inaccessible to visitors.
• Malware. Short for “malicious software,” malware is a very common threat used to steal sensitive customer data, distribute spam, allow cybercriminals to access your site, and more.
• Injection attacks. Involve inserting malicious code or commands into an application's input fields to manipulate its behavior or access unauthorized data. SQL injection (SQLi) and cross-site scripting (XSS) are the most common.
• Blacklisting. This is what could happen to your site if search engines find malware. It may be removed from search engine results and flagged with a warning that turns visitors away.
• Vulnerability exploits. Cybercriminals can access a site and the data stored on it by exploiting weak areas within the site, like an outdated WordPress plugin.
• Defacement. This attack replaces your website’s content with a cybercriminal’s malicious content.

Putting website security best practices into place will protect your visitors from these common risks as well:

• Stolen data. From email addresses to payment information, hackers frequently go after visitor or customer data stored on a site.
• Phishing schemes. Phishing doesn’t just happen in emails. Some attacks take the form of web pages that look legitimate but are designed to trick the user into providing sensitive information.
• Session hijacking. Some cyberattacks can take over a user’s session and force them to take unwanted actions on a site.
• Malicious redirects. Certain attacks can redirect visitors from the site they intended to visit to a malicious website.
• SEO Spam. Unusual links, pages, and comments can be put on a site to confuse your visitors and drive traffic to malicious sites.

Why businesses need to invest in cybersecurity

There are four main reasons why every website needs proper protection from security risks.

Website owners are responsible for the site security — not hosting providers

Hosting providers protect the server your website is on, not the website itself. You can think of the website-host relationship like an apartment building: management provides security for the whole building, but it’s up to each occupant to lock their door.

Avoid costly cyberattacks

It’s cheaper than a cyberattack. Cyberattacks can cost small businesses as much as $427 per minute of downtime. By contrast, SiteLock customers pay an average of $1-2 per day for a full website security plan.

Protect brand reputation

You’ll protect your reputation and retain visitors and/or customers. An estimated one in four Americans will stop doing business with a company that has experienced a data breach. That’s a devastating number of customers to lose for large and small businesses.

Detect malicious activity before it becomes a problem

Malware and cyberattacks can go undetected if you’re not careful. Cybercriminals specialize in malware that can discreetly enter a site and stay hidden, so there may be an infection without the site owner even knowing.

Some sneaky malware attacks include backdoor attacks, a type of malware that allows someone to access a site without the owner’s knowledge, or cryptojacking, which mines a site for cryptocurrency without showing any symptoms. These types are increasingly common: in 2022, 32% of infected websites had a backdoor attack, and cryptojacking continues to rise in popularity, increasing 23% in the first half of 2021 compared to the previous year. Once a hacker secretly enters your website, they can access your data, steal traffic, deploy phishing schemes, and more without you even noticing.

What do I need to keep my website secure?

Whether you have a brand new business and are looking for website security solutions to deploy or have an existing site and are looking to improve security on it, there are a few basics to consider putting in place.

Login authentication

Strong passwords and MFA (multi-factor authentication) are crucial for safeguarding personal and sensitive information in today's digital landscape. Strong passwords, consisting of a combination of letters, numbers, and special characters, make it significantly harder for hackers to crack into users’ accounts.

MFA adds an extra layer of security by requiring users to provide multiple forms of identification, such as a password combined with a fingerprint scan or a unique code sent to a mobile device. This additional step significantly reduces the risk of unauthorized access, even if a password is compromised.

SSL certificate

SSL/TLS certificates protect the sensitive data collected by your website, like emails, addresses, and credit card numbers, as it is transferred from your site to a web server. This is a basic website security measure, but it’s so important that popular browsers and search engines label sites without an SSL as “insecure,” which can make visitors suspicious of your site and oftentimes influence them to leave. Depending on the functionality of your site and the types of personal information that are requested (e.g., eCommerce, financial, etc.), you’ll want to choose an SSL certificate that’s the best fit for your business.

Remember that SSLs only protect data in transit, so you’ll need to take further steps for a fully secure website.

Web application firewall (WAF)

A WAF prevents hackers from installing malicious code onto a site and stops automated attacks that commonly target small or lesser-known brands. These attacks are carried out by malicious bots that automatically look for vulnerabilities they can exploit or cause DDoS attacks that slow or crash your website.

Website scanner

A cyberattack costs more the longer it takes to be found, so time is of the essence when a site experiences an attack. A website scanner automatically looks for malware, vulnerabilities, and other security issues and then works to remove them immediately or flags them so you can mitigate them appropriately.

SiteLock’s scanners not only deploy fixes to remove known malware but they also look for cyber threats on a daily basis. They let you know in real-time the moment anything is found, reducing the amount of damage it can do to your site.

Content delivery network (CDN)

A CDN is a network of servers that speeds up web content delivery by serving it from servers closer to users. CDNs also help with web application security and DDoS protection by distributing traffic across multiple servers, mitigating the impact of attacks, and ensuring websites remain accessible.

Software updates

Websites hosted on a content management system (CMS) are at a higher risk of compromise due to vulnerabilities and security issues often found in third-party plugins and applications. These can be prevented by installing updates to plugins and core software in a timely manner, as these updates often contain the security patches that are currently needed. An automatic patching solution makes this even easier.

While CMS security plugins can enhance website security, they aren't always reliable due to potential vulnerabilities, compatibility issues, and the evolving nature of cyber threats, leaving websites susceptible to attacks even with their presence.

How SiteLock security tools can help

SiteLock makes website security easy and affordable with automated solutions that are easy to install and plans that work for your budget. These solutions offer website scanning with automatic malware removal, a WAF solution, automated software patching, and more. We can also assist you in choosing an SSL certificate, too.

If your site's security has already been breached, see SiteLock's hacked website repair services immediately.

A website vulnerability is a weakness in website code that cybercriminals can exploit to gain unauthorized access to a site—and a mere one vulnerability has the power to impact over 1,000 pages on a single website.

Let’s talk about one of the most common types of vulnerabilities on the OWASP Top 10: broken authentication and session management. Simply stated, broken authentication and session management allows a cybercriminal to steal a user’s login data or forge session data, such as cookies, to gain access to websites.

What is the OWASP Top 10?

The OWASP Top 10, short for Open Web Application Security Project, is a list of the ten most dangerous web application security flaws today (including broken authentication and session management). According to owasp.org, its purpose is to drive visibility and evolution in the safety and security of the world’s software. As of 2021, broken authentication is now referred to as identification and authentication failures by OWASP.

What is broken authentication and session management?

Many websites require users to log in to access their accounts, make a purchase, etc. More often than not, this is done using a username and password. With this information, a site will assign and send each logged-in visitor a unique session ID that serves as a key to the user’s identity on the server.

If not properly secured, a cybercriminal can impersonate a valid user and access that user’s account, resulting in a broken authentication and session management attack.

How can the authentication process be exploited?

When a user logs onto a website, the site uses a proprietary algorithm to generate a unique session ID. Their device then uses that session ID as a key to their identity for the remainder of their user session.

All of this information has to be sent back and forth between the user and the server. If that information is not encrypted and is sent as plain text instead, it becomes an attack vector. Hackers can then intercept user credentials or session IDs to impersonate that person. This is especially true when operating on a public network (e.g. coffee shop wifi) or a public computer that anyone else can access. The following are some broken authentication and session management attack examples.

Credential stuffing

The stealing of usernames and passwords to gain unauthorized access to user accounts across multiple websites and services is known as credential stuffing. This technique relies on the fact that many people reuse the same login credentials across different online platforms. Attackers typically obtain these credentials from breaches of other websites and then use automated tools to test them on various websites in hopes of finding matches. Credential stuffing exploits the widespread issue of password reuse and can lead to unauthorized access to user accounts, compromising sensitive information, and leading to financial or reputational damage.

Brute force attacks

Another approach a cybercriminal could take is attempting a brute-force attack wherein they repeatedly try common weak passwords to guess a user’s correct password. It is also possible for attackers to forge session IDs if they are not randomly generated. For example, if an attacker intercepts several legitimate session IDs that are enumerated, it is possible to guess the next legitimate session ID and access the site fraudulently. These are commonly referred to as man-in-the-middle attacks.

Password spraying attacks

This type of cyberattack uses a single password against many user accounts before moving on to another password to avoid triggering account lockouts. This technique contrasts with brute force attacks, which try many passwords against a single user account. Password spraying targets the common use of weak passwords across multiple accounts and takes advantage of the fact that many users opt for simplicity over security. By exploiting the likelihood that at least some accounts will use common passwords, attackers can gain unauthorized access without alerting the authentication mechanisms designed to lock accounts after a few unsuccessful login attempts.

How to prevent broken authentication attacks

Explore below broken authentication best practices to protect user credentials and authentication processes from exploitation by bad actors.

Use an SSL certificate

To prevent man-in-the-middle type attacks on your site’s sessions, it is important to encrypt this data in transit using an SSL certificate. As the name implies, an SSL (secure socket layer) is a digital certificate that encrypts information sent between a web server and a web browser.

Enforce strong passwords

Regarding brute force attacks, mentioned earlier in this article, it’s a good practice to have access control and password policies for any and all registered users on a site (this includes admin accounts, especially!).

Strong passwords do not have complete words; instead, they consist of a combination of random letters (both uppercase and lowercase), numbers, and symbols to prevent users' passwords from being easily guessed. Minimum password lengths should also be required, and users should be required to update their passwords after multiple failed login attempts are detected.

Use a session manager

Implement a secure, server-side session management system that creates a new, random session ID with high complexity each time someone logs in. Ensure the session ID is not visible in the web page's URL, is kept safe, and is properly discarded following a user's logout, periods of inactivity, or after session timeouts.

Conduct regular website security audits

Make sure you are on top of any website vulnerabilities or issues by conducting security audits on a regular basis. An automated website security plan is also helpful in that it continuously monitors the site for issues.

Prevent data breaches with SiteLock

In short, broken authentication and session management is a major security risk. It can allow a hacker to steal a user’s sensitive data or forge session data, such as cookies, to gain unauthorized access to websites. However, there are simple and easy solutions to prevent your site from being affected by this vulnerability. Learn more about protecting your site with our website security solutions. If your site has already been hacked, discover how SiteLock's website hack repair service can help.

Today we will cover useful tips for building a secure website or blog in thirty minutes or less.

1. Keep your website up-to-date

To help keep your business website or blog secure, it’s important to keep all of your website software up-to-date. If you use a content management system (CMS) such as WordPress, Joomla!, or Drupal, installing any updates they release is a must. These updates are designed to correct problems and security flaws in the website software and make it less vulnerable to hackers and cyberattacks. Be sure to run these updates as soon as they are released to help protect your site from possible threats.

2. Scan your site with a website scanner

Another essential security practice for websites or business owners is to regularly conduct scans of their sites to check for vulnerabilities. A website scanner is a tool that checks your website files for many different security issues, such as vulnerabilities and malware. There are a variety of online tools that are available, but these are generally unable to detect all possible security problems.

It’s advisable to invest in a professional website scanner to thoroughly review your website files for malware and vulnerabilities. The most comprehensive option is a website scanner that takes this one step further and reviews your website for many different threats, including malware, spam, and network and server vulnerabilities. You’ll also want a scanner that checks for XSS (cross-site scripting) and SQLi attacks (SQL Injection), which are vulnerabilities that often target website logins or contact forms.

3. Use a web application firewall

A web application firewall (WAF) is a type of firewall that is specifically designed to monitor the traffic that is transmitted to your website server. They may be network-based, host-based, or cloud-based. If malicious traffic is detected, the WAF will prevent it from accessing your website. WAFs can effectively block hacking attempts and filter many kinds of malicious traffic that target web applications, including automated bots, spam, and malware.

They are also useful in stopping the top attacks websites face today, like cross-site request forgery (CSRF), cross-site scripting (XSS), file inclusion, SQL injection (SQLi), and distributed denial-of-service (DDoS) attacks on your website. That said, WAFs can’t protect against all kinds of threats and are best implemented as part of a larger security solution.

4. Update your security plugins

Any website or blog owner should install security plugins to help monitor their security and protect their website from hacking attempts and malware. Typically, plugins work by monitoring and addressing security vulnerabilities and preventing hackers from exploiting them. Once you install these add-ons, it’s crucial to keep them updated. This is because updates frequently address security vulnerabilities in earlier versions of the plugin. For this reason, website or blog owners should install plugin updates as soon as they are available, especially if they involve a security or bug fix.

5. Secure your passwords

Using strong passwords is a must for any website owner to help protect their site from hackers and cybercriminals. A secure password is hard to guess, has a minimum of eight characters, and consists of a random assortment of letters, numbers, and symbols. If your passwords don’t meet these criteria, then it’s advisable to update your passwords to make them more secure.

Additionally, two-factor authentication (2FA) strengthens website security by requiring an extra verification step beyond passwords, such as a code sent to a user's device. This added layer of protection makes it harder for hackers to access websites even if passwords are stolen. 2FA helps thwart common cyber threats like brute force attacks and phishing, enhancing overall security for users and businesses.

Since it can be a hassle to think up new random passwords and attempt to remember them, consider using a high-quality password manager to help you generate and securely store your passwords. This will make it easier to create passwords while sparing you the frustration of trying to remember them.

6. Check your admin permissions

Regularly checking website administrator permissions is easy and goes a long way toward securing your website. This ensures that only authorized people can access sensitive areas and functionality, reducing the risk of unauthorized changes, data breaches, and malicious activities. By maintaining tight control over admin permissions, website owners can protect their site's integrity and user data.

7. Install an SSL (Secure Sockets Layer) Certificate

For an added layer of security, you can opt to install an SSL certificate on your website or blog. When you use an SSL, the data that is transmitted between your website and the web server is encrypted, making it more difficult for hackers to decipher.

Google also favors sites with an SSL and tends to rank them higher. Installing an SSL certificate is usually quite simple, and there are many options available to choose from so you can pick the right one for your business needs.

8. Run regular backups

Regularly scheduled backups enable you to restore your website to its previous state quickly in the event of an attack or system failure, minimizing downtime and data loss. Automatic backups also eliminate the risk of human error and ensure that critical data is regularly backed up without requiring manual intervention. By implementing automatic website backups, you can proactively protect your website's data and functionality, mitigating the risk of cyberattacks and enhancing your overall site’s security.

9. Work with a reliable hosting provider

Using a reliable hosting company is a critical best practice for any website owner. Trustworthy website hosting ensures that your servers are secure, backed up, and regularly maintained, reducing the risk of data breaches. However, using a cheap web hosting service that is more easily compromised can expose your site to significant vulnerabilities, putting your sensitive data and reputation at risk. Their hosting plans typically offer additional security features, such as SSL certificates, firewalls, and intrusion detection systems, that can further enhance your overall protection and provide peace of mind.

Consequences of cybersecurity risk

Poor website security can have severe consequences for individuals, businesses, and society as a whole. It is as important to understand the impacts of cyber threats as it is to take proactive security measures to mitigate them. Below are the most common ones:

• Loss of sensitive information. This includes the theft of credit card numbers, phone numbers, emails, and other personal data from hackers.
• Interruptions to website operations. Data breaches can make your eCommerce site or blog shut down and unavailable until the problem is fixed.
• Fines for failing PCI compliance: Businesses can be fined for not meeting PCI DSS (Payment Card Industry Data Security Standard) requirements, which protect customer payment data.
• Poor SEO performance. Search engines, like Google, can and will blacklist websites that have malicious code on them. This could result in major decreases in web traffic and revenue.
• Damaged business reputation. A single hacking incident can have a big impact on your reputation, and restoring trust may not be as simple as recovering from being blacklisted.

Mitigate security risks with SiteLock

Keeping your website safe might seem like a hassle but in reality, it doesn’t need to be time-consuming or stressful. By implementing these quick, simple, and highly effective tips, you can greatly increase the security of your business website or blog. For more information, explore our website security plans or contact the experts at SiteLock.

1. Look for the “S” in HTTPS

2. Check for a website privacy policy

A website’s privacy policy should clearly communicate how your data is collected, used, and protected by the website. Nearly all websites will have one, as they are required by data privacy laws in countries like Australia and Canada, and even stricter rules have been introduced in the EU. A privacy policy indicates that the website owner cares about complying with these laws and ensuring that their website is safe. Be sure to look for one and read it before giving your information to a website.

3. Find their contact information

4. Verify their trust seal

If you see an icon with the words “Secure” or “Verified,” it’s likely a trust seal. A trust seal indicates that the website works with a security partner. These seals are often an indicator that a site has HTTPS security, but they can also indicate other safety features, like the date since the site’s last malware scan.

Although 79 percent of online shoppers expect to see a trust seal, the presence of the seal isn’t enough. It’s also important to verify that the badge is legitimate. Fortunately, it’s easy to do – simply click the badge and see if it takes you to a verification page. This confirms that the site is working with that particular security firm. It doesn’t hurt to do your own research on the company supplying the badge, too!

If a trust seal is legitimate, clicking on it will take you to a page that verifies the authenticity of that seal. As an example, SiteLock’s verification page looks like this.

5. Use free website security tools

Make sure you’re not accessing a malicious website with Google Safe Browsing. This free tool helps protect internet users from visiting dangerous websites or downloading malicious files. It not only identifies and flags websites that contain malware or phishing content, warning users before they can even access them, but Google Search Browsing also constantly updates its database of unsafe websites.

SiteLock also offers a free website scanner. Simply input your domain name, and SiteLock will conduct a free external scan, searching for known malware or malicious code while ensuring your site is up-to-date and secure. While this scan is effective at detecting visible malware, certain types may require deeper investigation with server access. For a thorough check, we recommend website owners conduct a comprehensive full scan, especially if server issues are suspected.

6. Know the signs of website malware

Even if a website has an SSL certificate, a privacy policy, contact information, and a trust badge, it may still not be safe if it is infected with malware. But how do you know if a website is infected with malware? Look for the signs of these commodn attacks:

• Defacements. This attack is easily spotted: cybercriminals replace a site’s content with their name, logo, and/or ideological imagery.

• Suspicious pop-ups. Be cautious of pop-ups that make outlandish claims – they are likely trying to entice you to click and accidentally download malware.

• Malvertising scams. Some malicious ads are easy to catch. They typically appear unprofessional, contain grammar/spelling errors, promote “miracle” cures or celebrity scandals, or feature products that don’t match your browsing history. It’s important to note that legitimate ads can also be injected with malware by scammers, so exercise caution when clicking.

• Phishing kits. Phishing kits are websites that imitate commonly visited sites, like banking websites, to trick users into handing over sensitive information. They may appear legitimate, but spelling and grammar errors will give them away.
• Malicious redirects. If you type in a URL and are redirected to another site – especially one that looks suspicious – you have been affected by a malicious redirect. They are often used in conjunction with phishing kits.

• SEO spam. The appearance of unusual links on a site, often in the comments section, is a sure sign of SEO spam.

• Search engine warnings. Some popular search engines will scan websites for malware, and place a warning on that site if it is definitely infected with malware.

It’s unfortunate that not every website is trustworthy and secure, but don’t let that keep you from going online – just do it safely! Simply being able to recognize a safe website can go a long way to help protect your personal data. A legitimate trust seal, “https,” a privacy policy, and contact information are all good signs that a website is safe! For more on protecting your information online, check out our cybersecurity resources.

Learn more about SiteLock’s malware removal services and if your site’s security has already been breached, see how we can help fix your hacked website immediately.

What does account suspension mean?

When your website account is suspended, it means the hosting provider has temporarily taken it offline. Website hosts often suspend websites for a myriad of reasons ranging from malware to spam. They suspend websites when needed to protect their servers that host tons of other websites, so they don’t get infected too.

Why has your account been suspended?

The most common reason your account has been suspended is usually malware infection. Unfortunately, thousands and thousands of websites are infected with malware from hackers every day, and yours was probably one of them. In fact, according to Cybint News, a hacker attack occurs every 39 seconds. These security issues can range from brute force attacks to DDoS attacks to the use of phishing pages to steal data like credit card information.

Other possible reasons

There are also many other reasons why your hosting provider decided to suspend your website. While they all don’t necessarily relate to a hacked website, they’re equally worth considering to reduce downtime and get your site back up as quickly as possible.

• Non-payment of hosting fees: Failure to pay the hosting fees on time is a common reason for suspension. Setting up automatic payments will prevent this payment issue.
• Excessive resource usage: Overusing server resources beyond the limits of your shared hosting plan can affect other users on shared hosting platforms.
• Illegal content or activities: Hosting illegal content (such as pirated software, illegal video streams, etc.) or engaging in illegal activities (like phishing or fraud).
• Spamming activities: Using the hosting service to send out spam emails or host spammy content can lead to suspension.
• Violations of terms of service: Breaching any specific terms outlined in the hosting provider's agreement, which can include a range of activities from unauthorized reselling of services to hosting certain types of content.
• Infringement of copyright or intellectual property: Hosting content that infringes on someone else’s copyright or intellectual property rights.
• Content policy violation: Depending on the provider's policies, hosting adult content or other objectionable material may be grounds for suspension.
• Poor website maintenance: Neglecting to update software or plugins, resulting in vulnerabilities that can be exploited by hackers.
• Breaching email policies: Sending too many emails in a short time or being blacklisted for spam can lead to suspension.

To avoid suspension in general, website owners need to get familiar with and comply with their hosting provider’s terms of service and acceptable use policies.

How to save my web hosting account

How do you get back online? The bottom line is that you are responsible for the security of your website. With that, you have two options. First, if you have a technical understanding of cybersecurity, you can clean up the problem yourself. The second option is to hire a third party to resolve the problem for you. Most website owners opt for the second option and hire a third party to ensure it gets done properly and quickly. The best third-party vendors have relationships with web hosting providers and can speak directly with them to help you get back online as soon as possible. Let’s take a closer look at how the process works.

Hosting services regarding security

As a website owner, the security and maintenance of your website are your responsibility. However, the website host is responsible for the security and maintenance of their servers. Like an apartment building superintendent, shared hosting providers are responsible for making sure the building (server) is up to code and the exterior fence locks (global firewalls). Websites are tenants in this high-speed high-rise and are expected to lock their own doors and windows to prevent intruders.

Many types of malware can negatively impact the performance or security of a shared hosting server. This means that malware could potentially spread beyond your website, infecting other customers who share the server with you. Malware can cause both infected and non-infected sites that share the same server resources to slow down or become inaccessible. For these reasons, hosting providers run cursory malware scans on all websites hosted in their system and alert site owners when their site is infected. To mitigate the risks associated with infected websites, hosting companies will take these sites offline as a precaution.

While this may seem like a punishment for being compromised, it is actually done to protect the website owner, as well as the hosting server. Having your website account suspended and taking it offline will prevent the site’s visitors from being victimized. In Q3 2017, SiteLock found that nearly 15% of malware detected was classified as a visitor attack, a type of attack designed to cause harm to a website’s visitor. Malware categorized as a visitor attack includes malicious redirects, SEO spam, and phishing. This type of malware is designed to harm unsuspecting visitors to the infected site.

Having your website account suspended also ensures no further damage is done while the infection is addressed. In Q3 2017, the average infected website contained 283 malicious files. While the website is suspended, attackers cannot continue to upload malicious files.

Getting your website back online

A suspended website can be incredibly frustrating and may harm the website's reputation or business income. Finding out your website is inaccessible to your visitors can be a bitter pill to swallow, even if it’s for your own protection. Hosts understand that it’s important to get the website back online as quickly as possible, which is why they partner with security providers like SiteLock.

Process overview

The process for getting a website back online after a suspension will vary from host to host, but generally speaking, the website owner will need to remove the malicious files and then contact their hosting provider for a rescan. Before contacting their host’s customer support team, website owners will need to carefully review all files under the affected domain name, removing any malicious files or malicious code injected into legitimate files. A skilled web developer may be able to do this manually with FTP (File Transfer Protocol), but it is faster and easier to use a malware scanner backed by an up-to-date malware database. This will automatically scan all files and remove any malicious content – including newly discovered types of malware.

Partner with SiteLock

Hosting providers turn to SiteLock as a security partner to expedite the malware removal and reinstatement process. Malware scanners can clean the malware infection, help address vulnerabilities that led to the compromise, patch core CMS applications that may be out-of-date, and contact the hosting provider directly to request to get the website back online. Hosts also count on SiteLock to secure sites going forward, preventing reinfections and future suspensions.

For more information about our comprehensive website security services and pricing, explore SiteLock’s security plans to learn how they work.

Image by Mohamed Hassan from Pixabay

Kaspersky Lab's threat intelligence team identified it during a sophisticated attack that hit Russian media outlets, causing servers to crash during the cyberattack. It also hit critical infrastructure organizations in the transportation sector in Ukraine, causing flight delays due to the manual processing of passenger data. A Kiev metro system was also affected, causing payment delays at customer service terminals.

The malware became known as Bad Rabbit ransomware and was the third major spread of malware that year. After the initial outbreak, members of the cybersecurity community were confused about what exactly Bad Rabbit is.

So, what is Bad Rabbit ransomware—and what does Bad Rabbit do?

What is Bad Rabbit ransomware?

Bad Rabbit is similar to other ransomware like WannaCry and Petya/NotPetya in that it spreads through Microsoft Windows vulnerabilities, encrypting files and demanding cryptocurrency, typically Bitcoin, for decryption.

Designed to encrypt and lock files, Bad Rabbit is a type of ransomware that spreads through “drive-by-attacks” where insecure websites are compromised. Disguised as an Adobe Flash Installer, the malware doesn’t travel through traditional types of ransomware attacks like phishing emails but rather through drive-by downloads on compromised websites. This means that a person could be exposed to the virus simply by visiting a malicious or compromised website and downloading files they believe to be Adobe updates.

So, while a person thinks they’re visiting a safe website, a malware dropper is downloaded from the threat actor’s infrastructure onto their computer. Bad Rabbit ransomware is embedded into websites using JavaScript injected into the site’s HTML code. Some members of the cybersecurity community believe the initial outbreak was a targeted attack that may have been months in the making, but that hasn’t been confirmed.

How does an attack work?

Now that you have a better understanding of Bad Rabbit ransomware—what does Bad Rabbit do?

While the downloaded file may look safe, it begins infecting the computer once opened. However, it isn’t installed automatically and must be clicked on to actually lock the computer. When activated, the malicious installer shows a ransom note and payment page demanding a certain Bitcoin amount within a 40-hour deadline. It also displays a note that “no one will be able to recover files without our decryption service.”

Once Bad Rabbit has infected a computer, it attempts to spread across the network by using lists of simple username and password combinations (e.g., 1111, Password, Guest123) to try and force its way into other computers. If successful, Bad Rabbit deploys the ransomware, encrypts files, and moves on to the next device.

Ransomware protection

Companies can reduce the risks posed by ransomware attacks—and ultimately protect themselves from Bad Rabbit ransomware—with a few simple steps.

1. Only download updates from a reliable source; if you need to download Adobe updates, download it from the Adobe website, not a third-party website
2. Perform regular backups
3. Enforce strong password controls
4. Have updated antivirus software
5. Implement network architecture and security controls that segment a corporate network

Bad Rabbit hasn’t affected companies in the U.S. yet, but organizations are strongly encouraged to advise their employees about Bad Rabbit ransomware attacks and remain aware of possible Bad Rabbit outbreaks.

Stay protected with SiteLock

Now that you know what Bad Rabbit ransomware is, discover other ways that hackers hold sites hostage—and what you can do to ensure your site isn’t one of them. Or, check out our comprehensive security solutions against a wide range of cyberthreats, including ransomware.

SiteLock's advanced technology scans your website for vulnerabilities, detects malicious software, and effectively blocks or removes malware. By employing SiteLock's proactive security measures, you can ensure the safety and integrity of your website, keeping your data secure and your operations running smoothly.

DDoS attack meaning

DDoS, short for distributed denial of service, is an attack that makes a site unavailable by overwhelming it with “fake” requests and traffic. This can slow your website or crash the server it is hosted on, which takes down your site as well.

Types of DDoS attacks

The question "What is a DDoS attack?" can have a lot of different answers depending on the type of attack you are talking about. The first step to protecting your organization against DDoS attacks is understanding the type of threats that you face. With that in mind, here are the most common types of DDoS attacks:

Volumetric attacks

Volumetric attacks work by overwhelming the target network with a massive amount of traffic, causing congestion that prevents real users from being able to access the network. Common methods used in volumetric attacks include UDP reflection/amplification and DNS amplification. The goal of these attacks is to saturate the target network so that it is incapable of handling legitimate user requests.

Protocol attacks

Protocol attacks are designed to target network infrastructure by exploiting vulnerabilities in the network protocols. Commonly targeted protocols include ICMP, TCP, and UDP. With a protocol attack, hackers can manipulate these protocols in a way that forces the target systems to expend resources on handling illegitimate or malformed packets, which leads to service disruption.

Application-layer attacks

Unlike volumetric and protocol attacks, application-layer attacks are meant to target the application layer of a network. These attacks work by exploiting vulnerabilities in web applications or services and are designed to exhaust server resources by overwhelming them with a large number of requests. Examples of application-layer attacks include HTTP floods, slowloris attacks, and SQL injection attacks.

Fragmentation attacks

Fragmentation attacks work by manipulating packet fragments in order to overwhelm the target system. By sending incomplete or overlapping packets, hackers attempt to confuse the target system's ability to reassemble the data correctly. This can lead to a degradation of network performance and can potentially disrupt communication between systems.

Amplification attacks

With an amplification attack, hackers use third-party systems to magnify the volume of traffic they are able to direct at a target system. These attacks exploit vulnerabilities in services that respond with larger data packets than the initial request, which enables hackers to amplify the impact of their DDoS attack. Common amplification techniques include DNS amplification, NTP amplification, and SSDP amplification.

Zero-day exploits

This is a unique category of DDoS attacks. It encompasses any type of DDoS attack that exploits vulnerabilities unknown to the target and the cybersecurity community. Hackers are constantly searching for opportunities to capitalize on undisclosed vulnerabilities since it allows them to take advantage of the absence of available patches or defenses. These zero-day exploits underscore the immense importance of remaining vigilant and employing proactive security measures.

DoS vs. DDoS attacks

Though often confused, Denial of Service (DoS) attacks and Distributed Denial of Service (DDoS) attacks are actually two different types of cyber threats. Both of these attacks are designed to overwhelm the target system and disrupt its performance, but they go about it in different ways.

DoS attacks are orchestrated from a single source (or a small number of sources), which typically makes it easier to identify and mitigate the threat. DDoS attacks, on the other hand, take a more sophisticated approach by leveraging multiple sources, often coordinated through a botnet. This amplifies the scale and impact of the attack while also making it more difficult to detect and mitigate.

Motivations behind DDoS attacks

Unlike many types of cyber attacks, DDoS attacks are not intended to steal data from the target. Instead, they are simply designed to disrupt and damage a targeted organization.

This is sometimes done for revenge or as a form of "hacktivism". In other cases, DDoS attacks are launched as a means of gaining a competitive advantage over a business. Sometimes, DDoS attacks are also used to extort a business, similar to ransomware attacks, with hackers promising to halt the attack once a ransom is paid.

Impact on businesses

Downtime can be devastatingly expensive for small and medium-sized businesses (SMBs). Website downtime can cost as much as $427 per minute, and DDoS attacks cost an average of $120,000.

DDoS attacks are also favored by cybercriminals because they are extremely inexpensive and can be purchased online for as little as a dollar a minute. Unfortunately, once you’re a target, you’re likely to be attacked again – studies show that two-thirds of all DDoS targets were hit repeatedly.

Along with these significant financial impacts, DDoS attacks can also permanently damage a business's reputation and the trust its customers have in it; if a DDoS attack renders your business unable to serve its customers, they often look elsewhere for their needs and may never come back.

DDoS mitigation

DDoS attacks can be devastating, but the good news is that they can also be largely prevented and mitigated with the right cybersecurity protocols and solutions. If you would like to bolster your business's defenses against DDoS attacks, here are a few proven methods to employ:

Use DDoS protection services like a WAF

Implementing DDoS protection services such as traffic filtering mechanisms, real-time monitoring, and a web application firewall (WAF) is one of the most effective ways to mitigate DDoS attacks. WAFs are particularly useful for preventing DDoS attacks, as they are designed to automatically analyze HTTP traffic and block any traffic that is deemed potentially malicious.

Segment your network to limit the impact of an attack

Segmenting your network into isolated sections can greatly limit the impact of a DDoS attack. By compartmentalizing resources and services, you can structure your network in a way that makes an attack on one segment much less likely to affect the entire network. This helps keep critical services operational even during an ongoing attack.

Increase bandwidth and scalability with a CDN

A content delivery network (CDN) enables you to distribute your online content across multiple servers worldwide. Along with reducing latency and enhancing the overall performance of your network, CDNs are also capable of absorbing a significant portion of DDoS traffic to reduce the impact of the attack.

Implement rate limiting and access controls

Rate limiting and access controls can both help regulate the flow of incoming traffic. Setting limits on the number of requests a user or IP address can make within a specific time frame can help prevent DDoS attacks. Strong access controls, meanwhile, allow you to restrict access to specific resources, preventing hackers from exploiting vulnerabilities.

Regularly update and patch systems for vulnerabilities

Keeping your systems up to date with the latest security patches is a cornerstone of effective cybersecurity. Regular updates and patching can help close known vulnerabilities that hackers may otherwise exploit, and this proactive approach helps ensure that your infrastructure is resilient against DDoS attacks and other security threats.

Stop DDoS threats with SiteLock

The potential impact of DDoS attacks is something that businesses cannot afford to take lightly. Thankfully, SiteLock offers cutting-edge cybersecurity solutions that businesses need to stay protected.

From web application firewalls for filtering incoming traffic to real-time network monitoring to a content delivery network for boosting your network's performance and reliance, SiteLock takes a modern, wide-ranging approach to defending against DDoS attacks in all their various forms.

To get started protecting your business from DDoS attacks and other cyber threats, be sure to learn how SiteLock works, and check out our affordable pricing packages!

Frequently asked questions

Interested in learning more about DDoS attacks? Here are the answers to some of the most commonly asked questions about these attacks:

Are DDoS attacks illegal?

Yes, DDoS attacks are illegal. Attempting to overwhelm an organization's online services or otherwise disrupting their normal operations is a violation of computer security laws in many jurisdictions, and perpetrators of DDoS attacks can face criminal charges, fines, and imprisonment.

How long will a DDoS attack last?

The duration of a DDoS attack can vary significantly. Some attacks are short-lived, lasting only minutes, while others can last for hours or even days. The length of an attack depends on factors such as the attackers' motives, resources, and the effectiveness of the targeted organization's DDoS mitigation measures.

How do you detect a DDoS attack?

The most effective way to detect a DDoS attack is by monitoring network traffic for unusual patterns or sudden spikes in volume. Signs of a DDoS attack may include a significant increase in the number of requests, a slowdown in website performance, or unavailability of online services.

Are DDoS attacks traceable?

Due to the distributed nature of DDoS attacks, tracing their origin can often be challenging. Hackers launching DDoS attacks will commonly use botnets or anonymization techniques to hide their identity. However, analyzing the attack traffic can still provide useful insights into the methods that were employed.

How common are DDoS attacks?

DDoS attacks have become regrettably common in a world where so many organizations are heavily reliant on their online services; it is estimated that there were 5.2 million DDoS attacks launched in 2023 alone, and organizations of all sizes can potentially end up being targeted.

What country do most DDoS attacks come from?

DDoS attacks can originate from almost anywhere. According to Cloudflare, more DDoS attacks originate from China than any other country, followed by the United States, Brazil, India, and Malaysia.

This staggering volume of traffic positions CDNs as prime targets for cybercriminals intent on intercepting, altering, and stealing crucial information. In essence, security should be a paramount concern for website owners in their CDN strategy. So, what exactly is CDN security, and are your users at risk if it's lacking? Thwarting the nefarious intentions of cybercriminals necessitates robust, up-to-date security measures specifically tailored to your CDN's needs. Let’s explore all these CDN security issues and more.

What is CDN security?

CDN security refers to the measures and technologies used to protect a content delivery network (CDN) and the content it delivers. A CDN is a network of servers that work together to distribute web content quickly. It allows for the quick transfer of assets needed for loading Internet content, including HTML pages, javascript files, stylesheets, images, and videos.

Here's why CDN security is especially important for eCommerce:

Safeguard Data: eCommerce platforms often handle sensitive customer data, including personal information and credit card details. CDN security helps protect this data from breaches and unauthorized access.

DDoS Protection: Distributed Denial of Service (DDoS) attacks are a common threat where a site is overwhelmed with traffic from multiple sources. CDNs can help absorb and distribute this traffic, reducing the impact of such attacks.

Performance and Availability: CDNs improve website performance by caching content close to the user. Ensuring CDN security means that this performance is maintained, which is crucial for eCommerce platforms where page load times can significantly impact sales.

Trust and Reputation: A secure CDN helps maintain the integrity of the eCommerce site. Security breaches can damage a company's reputation and lead to a loss of customer trust.

Compliance with Regulations: eCommerce sites are often subject to regulations like GDPR, PCI DSS, etc. CDN security helps ensure compliance with these regulations, avoiding potential legal issues and fines.

Protection Against Malware and Vulnerabilities: A CDN can provide an additional layer of security when paired with firewalls and other solutions to protect against malware and other vulnerabilities.

Secure Content Delivery: Encryption and secure tokenization in CDN ensure that content is securely delivered to the end-user, preventing man-in-the-middle attacks.

What are some CDN security risks?

Once you understand the answer to “What is CDN security?,” it’s easy to see how CDN security can be vital to users having a great browsing experience. Unfortunately, security for a CDN can come with risks.

Unlike firewalls, CDNs alone are unable to block bad bots from infecting a website. As such, it’s possible to hijack and exploit CDN servers containing cached information in a variety of ways.

For example, if a hacker gained access to data cached on a CDN used by multiple businesses, customers’ private information would become vulnerable. Cybercriminals could then steal passwords, email addresses, and any other sensitive information that could be used to log into private accounts or leveraged in a ransom situation.

DDoS attacks are another method for extortion and blackmailing, making them one of many major CDN security concerns. A simulated test showed that 16 different CDNs were vulnerable to a DDoS exploit that caused servers to repeatedly run the same command. These repeated commands eventually led to the servers becoming overloaded, ultimately taking the content offline.

Is a CDN the same as a web host?

No, a CDN is not the same as a web host, although they both play crucial roles in delivering web content to users and involve the use of data centers. A web host provides a server, typically located in a data center, where your website's data is stored and managed. It's where your website 'lives' on the internet. When a user wants to visit your website, their browser requests data from your web hosting server at the data center.

On the other hand, a CDN is a network of web servers distributed globally across multiple data centers, designed to deliver your website's content more efficiently. The CDN caches a copy of your website's static content (like images, CSS, JavaScript) on servers in these data centers around the world. When a user visits your website, the CDN routes this content from the server closest to them, located in one of the data centers. This proximity reduces the distance the data travels, improving loading times and reducing bandwidth costs.

CDN security best practices

Though CDNs bring inherent security risks, they’re still a necessity for any website owner looking to help deliver users a seamless experience. But just because website owners use CDNs, that doesn’t mean websites need to be left vulnerable to cybercriminals. In fact, there are steps you can take to ensure that employing a fast, robust CDN won’t compromise the security of your website and its content.

1. Choose a reputable CDN service

There are a number of CDN providers available on the market, each of varying quality. Get in contact with someone representing a CDN before committing to it as an option—and don’t be afraid to ask tough questions. For example, you should know how frequently the CDN will cache your data and how often the CDN provider conducts comprehensive penetration testing to ensure a server is secure.

You should also understand what happens in the event that your server fails and what you—and your CDN provider—are able to do about it. For example, are there existing failover security measures in place to switch to a backup server in the event of an outage? If not, and an outage does occur, not only will you be unable to connect to the server, but your data will become exposed since the website’s security technology will be disabled.

All told, carefully choosing the CDN provider that’s right for you helps eliminate numerous CDN security concerns.

2. Use a web application firewall

Alone, CDNs are immensely vulnerable to attackers, which is why you need a web application firewall (WAF). WAFs act as a barrier between your content and the broader internet. They’re able to monitor and block any and all HTTP(s) traffic exhibiting security red flags, all the while seamlessly allowing access to good website traffic. With the market size for WAFs expected to grow to $5.48 billion USD by 2022, many businesses use WAFs in conjunction with their CDN servers to significantly increase their website’s security.

3. Enable SSL/TLS encryption

Combining a CDN with SSL/TLS encryption fortifies your online presence. By leveraging a CDN's distributed servers to optimize content delivery and ensure compatibility with SSL/TLS encryption protocols, you establish a secure and efficient transfer of data. This tandem approach not only improves latency but also safeguards sensitive information, bolstering trust and reliability for visitors.

4. Implement strong access protocols

Establishing strong access policies is a key mitigation strategy in cybersecurity, ensuring only authorized users can access specific data and systems. This involves deploying multi-factor authentication (MFA) for more robust user verification and adopting role-based access control (RBAC) to restrict access in line with job functions. Regular audits and timely updates of access protocols are crucial for mitigating vulnerabilities and maintaining system integrity. These measures are essential for protecting sensitive data and ensuring compliance with regulatory standards, significantly reducing the risk of unauthorized access and data breaches.

5. Keep software up-to-date

Software updates often include patches for security flaws that could be exploited by attackers to gain unauthorized access or disrupt service. By regularly updating software (including server operating systems, content management systems, and web applications), organizations can protect against the latest known threats, ensuring the integrity and availability of the content being delivered. Additionally, updates can bring performance improvements and new features, enhancing overall efficiency.

Partner with SiteLock for CDN security

Nobody wants to browse an unsecured website. If you’re looking to sustain and grow your traffic by providing the safest browsing experience possible for users, you need CDN security. By following the steps above, you can provide a user experience that’s not just fast but secure. And if your site is compromised, reach out to SiteLock immediately and ask about our hacked website repair services. Or, review our website security pricing and plans for more information.

In the past, these attacks were more of an annoyance than a serious threat, but this has changed. DDoS attacks are growing in both size and frequency. A report showed that these attacks increased 200% in the first part of 2023 compared to the previous year. Recovering from a DDoS attack like this could cost a small business thousands of dollars.

Strategies for stopping DDoS attacks on your network

Understanding how to effectively respond to and mitigate DDoS attacks is essential for maintaining the integrity and availability of your online services. Let's delve into a detailed approach to handling a DDoS attack, ensuring your network's resilience against such disruptive threats.

1. Identifying the Attack: The first and most critical step in dealing with a DDoS attack is to recognize that it's happening. This involves constant vigilance through network traffic monitoring. You should have systems in place that alert you to unusual traffic spikes or abnormal traffic patterns that deviate from your typical network activity. Utilizing advanced network monitoring tools can help in quickly detecting these traffic increases, which is essential for a timely response.

2. Blocking the Attack: Once you've identified that a DDoS attack is underway, the immediate priority is to block the malicious traffic flooding your network. This is where Web Application Firewalls (WAFs) and intrusion prevention systems become invaluable. These tools are designed to filter out the harmful traffic that constitutes a DDoS attack. They work by distinguishing between legitimate traffic and malicious data packets, allowing only legitimate requests to pass through. Promptly implementing these measures can significantly reduce the impact of the attack on your network and services.

3. Analyzing the Attack Type: After the initial threat is mitigated, it's important to conduct a thorough analysis of the attack. This involves determining the specific type of DDoS attack you've experienced.

DDoS attacks can vary, from volumetric attacks that overwhelm your network with traffic to application-layer attacks that target specific aspects of your services. A couple of common types to look out for are teardrop attacks and DNS floods.

Understanding the nature of the attack is crucial for both comprehending the attacker's methods and for preparing your defenses against future attacks. This analysis will provide valuable insights into the vulnerabilities that were exploited and help in fortifying your network's defenses.

4. Implementing Recovery Processes: The next step is to initiate a recovery process. This involves restoring and securing any systems or services that were affected by the attack. Assess the extent of the damage or data loss and take steps to recover any affected services as quickly as possible. It's also important to conduct a security audit to ensure that no underlying vulnerabilities remain that could be exploited in future attacks.

5. DDoS Protection and Preventing Future Attacks: Finally, based on the analysis of the attack, update and refine your security protocols and infrastructure. This might involve implementing additional security measures such as DDoS mitigation services, enhanced network security solutions, or more sophisticated monitoring systems. The goal is to strengthen your defenses to reduce the likelihood or impact of future DDoS attacks. Regularly reviewing and updating your security measures is essential in the ever-evolving landscape of cyber threats.

While DDoS attacks can be daunting, having a structured and well-prepared response plan can significantly reduce their impact. By following these steps, from early detection to post-attack recovery and prevention, you can safeguard your digital assets against future attacks, ensuring the continuous operation and reliability of your online services.

See how SiteLock can help with our comprehensive website security plans, which include everything from malware detection and removal to a WAF and website vulnerability patching.

FAQs

Why Is a DDoS attack destructive?

There are several DDoS attack variants, but in general, cybercriminals will use these types of attacks to block legitimate traffic to a website. Multiple remote-controlled computers on different networks flood servers with “fake” requests. The web of machines used to launch the attack is called a “botnet.”

Often, the glut of requests will cause the host server to crash, taking the targeted website offline. Even if the attack fails to crash the website, it might slow it down enough to render it unusable to visitors.

How much can a DDoS attack cost a business?

The loss of legitimate website traffic in the wake of a DDoS attack can be costly for businesses of all sizes. Even small to medium-sized businesses can lose thousands of dollars for every hour of downtime.

And yet, for most companies victimized by DDoS attacks, reputational damage is even harder to recover from than financial losses. Failing to protect yourself on the internet is a surefire way to lose customer trust, and that trust can be hard to win back.

Why do people launch DDoS attacks?

While DDoS attacks can be costly to victims, they’re relatively cheap for cybercriminals to execute, which is one reason they’re growing in popularity.

A cybercriminal won’t see any financial gain directly from a DDoS attack (unless a third party pays them to carry it out). Usually, cybercriminals use DDoS attacks as a diversion, capturing the attention of the target organization while data theft or malware injection is carried out behind the scenes. Other motives might be political, egocentric, or retaliatory in nature, and almost anyone can hire a cybercriminal to carry out a DDoS attack.

What are the signs of a DDoS attack?

Diagnosing DDoS attacks can be tricky because the symptoms of an attack often resemble non-malicious availability issues such as slow site speeds or network problems.

However, if the connection to your site is unusually slow, or your site is completely unable to connect to the network, you might be experiencing signs of a DDoS attack. Similarly, if you notice an unusual or unexpected surge in website traffic that lasts for days, rather than just hours, or a significant spike in spam emails, you could be under attack.

Can you prevent a DDoS attack?

It’s cheaper and easier to prevent a DDoS attack than it is to recover from one. But how are DDoS attacks prevented?

The primary defense against DDoS attacks on your website should be a Web Application Firewall (WAF). This firewall not only protects against powerful DDoS threats but also redirects malicious traffic to different content delivery networks, easing the load on your server. It's effective when used alongside a website scanner or intrusion detection system, which helps identify and remove malicious bot traffic and malware. Additionally, setting up alerts for unusual traffic loads and configuring automatic blocking of suspicious network packets can further enhance security. While a WAF is crucial in mitigating an attack, without it, you might be unable to fully disrupt a DDoS attack and may have to endure it.

For small business owners, cybersecurity is essential and they need to be proactive in preventing cyber attacks, especially with the rise of unsecured Internet of Things (IoT) devices, which could provide more avenues for hackers. Strengthening the security of all your devices is a key step in avoiding becoming a target.

Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 12 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.

Keeping a website up and running may seem like a simple task, but the truth is that there are a number of issues that can impact website and application performance and potentially lead to downtime. One such issue is web server overload — a common problem that can lead to numerous performance issues that negatively impact the user experience on your website.

To help you make sure server overload doesn’t slow down your website, we’ll cover everything you need to know about how to identify it in real-time and how to optimize your website to prevent overloaded servers.

What is server overload?

Server overload is an issue that occurs when a web or application server receives a larger volume of requests than it is able to efficiently handle. When this happens, it can result in performance issues such as latency and bottlenecks. In severe cases, server overload can cause a complete breakdown of the server, rendering it temporarily unavailable.

What causes server overload?

From hackers launching denial-of-service attacks to sudden surges in web traffic, there are several issues that can lead to server overload. Understanding what causes it is the first key to preventing it. So, with that in mind, here are the most common causes of server overload that businesses need to be aware of:

Sudden high traffic spikes

One of the most common causes of server overload is a sudden surge in web traffic. While attracting a large number of visitors to your site is almost always a positive thing, an especially large surge of traffic can cause a server load that might be more than your infrastructure is capable of handling.

Sudden traffic spikes can happen for a number of reasons, including viral content, marketing campaigns, or other events that attract widespread attention. However, when the number of incoming requests exceeds the server's capacity, it can result in slower response times or even a complete outage.

Unavailable web servers

If one or more servers in your network become unavailable due to hardware failures, software issues, or maintenance activities, the rest of the servers in the network will be required to pick up the slack. This can lead to performance degradation across the entire system.

Redundancy is one way to prevent server overload due to unavailable web servers. By having multiple servers that can take over if one goes down, you can ensure that a single issue doesn’t cause your entire network to topple.

Malware

The presence of malware can create a lot of potential issues, including server overload. Malware often compromises server resources, leading to increased memory/CPU usage. This, in turn, impacts the server’s ability to handle legitimate requests.

To prevent malware from bogging down your servers, it is essential to invest in robust cybersecurity measures, including regular security audits, malware detection software, and employee training programs. Keeping server software and applications up to date with the latest security patches is also key to shoring up any vulnerabilities that malware could exploit.

DoS or DDoS attacks

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are malicious attempts to disrupt the regular functioning of a website, server, or network. In a DoS attack, a single source overwhelms a target server or network with a flood of traffic, rendering it inaccessible to intended users. This flood of requests exhausts the server's resources, such as bandwidth or processing power, causing it to slow down or even crash.

DDoS attacks take the disruption to the next level by involving multiple sources, often distributed globally. Cybercriminals control a network of compromised computers, known as a botnet, to coordinate a synchronized attack on the target. This distributed approach makes DDoS attacks more potent because they appear as real requests. The sheer volume of incoming requests from different locations can quickly overwhelm a server, leading to downtime, loss of service, and potential damage to a website's reputation.

In both DoS and DDoS attacks, the primary goal is to create a situation where the targeted server is unable to handle the incoming requests, leading to server overloads and service disruptions for legitimate users. These attacks can impact businesses by causing financial losses, damaging reputation, and compromising the integrity of online services.

How to fix

Server overload is an issue that needs to be fixed as soon as possible to avoid downtime and unhappy customers. If your company is experiencing this issue, here are five tips on how to fix the problem:

Look for signs of server overload

The first step to fixing server overload is identifying it. Common signs that you will want to be on the lookout for include things like:

• Server error codes: Server error codes (such as 500 Internal Server Error) indicate issues in handling requests that are often a result of server overload.

• Delayed requests: Users experiencing delayed requests can be an indicator of server overload, making it important to monitor and analyze your website’s response times.

• Partial content and TCP connection issues: Partial content requests and TCP connection problems can arise during overload. Examining server logs for these issues can offer valuable information on the specific challenges the server is facing.

Use load balancing and autoscaling

Load balancing involves distributing incoming traffic across multiple servers and is a great way to ensure that no single server is overwhelmed. Autoscaling, meanwhile, allows your server infrastructure to dynamically adjust to varying workloads. When traffic increases, autoscaling automatically adds more resources or servers to handle the load.

Both of these practices can help ensure that your server infrastructure is prepared to handle things like sudden traffic spikes without experiencing any issues.

Rate limiting and access controls

Rate limiting allows you to set restrictions on the number of requests a user or IP address can make within a specified timeframe. This prevents a single user from monopolizing server resources and can also help prevent DDoS attacks.

Likewise, access controls that restrict certain resources to authorized users or applications can also serve as an effective safeguard against DDoS attacks. With the frequency of these attacks continuing to rise, implementing rate limiting and access controls is key to preventing this increasingly common cause of server overload.

Contact hosting provider

If issues persist, it’s a good idea to reach out to the cloud provider responsible for hosting your website or application. Hosting providers often have expertise in server management and can assist in identifying and resolving performance bottlenecks.

Discuss your server's specifications, traffic patterns, and potential areas of improvement with your provider to help identify the root cause of the issue and come up with a solution.

Best practices for prevention

Now that we’ve looked at the steps you can take to fix server overload once it’s been identified, here are a few best practices you can implement to prevent it from ever becoming an issue in the first place:

Web application firewalls (WAF)

Web application firewalls serve as a protective barrier between a web application and the internet, monitoring and filtering HTTP traffic to block malicious activity. By analyzing requests and responses, these firewalls work to block malicious traffic such as traffic from a DDoS attack.

Once you’ve installed a WAF, be sure to keep WAF rules updated to defend against emerging threats. Regularly check for updates provided by the WAF provider or security community to ensure that the firewall is equipped to handle the latest attack vectors.

Malware detection and removal

Malware that ties up server resources is one common cause of server overload. Thankfully, there are plenty of tools and practices companies can use to detect and eliminate malware.

Regular scans and audits is the first step to detecting and removing malware, and you can use antimalware software to perform these scans automatically. It’s also important to educate employees about potential security threats, emphasizing the importance of safe online practices. Human error is a common entry point for malware, and employee awareness can play a crucial role in preventing security breaches.

Software updates and patches

It’s crucial to keep server software, operating systems, and applications up to date with the latest security patches. Regularly applying updates ensures that known vulnerabilities are addressed, reducing the risk of exploitation by attackers.

Be sure to plan scheduled maintenance windows ahead of time to perform updates without disrupting regular operations. This will help minimize downtime and allow for thorough testing before deploying patches.

Content delivery network (CDN)

CDNs help offload server resources by delivering content from servers closer to the end-users, reducing latency and improving overall performance.

You can also use caching strategies within the CDN to store and serve frequently accessed content. Caching reduces the load on the origin server by delivering cached copies to users, which is particularly useful during traffic spikes.

Combat server overloads with SiteLock

Server overload is an issue that can create a lot of problems for businesses, disrupting their operations and frustrating their customers. The good news is that it’s also an issue that can largely be prevented with the right tools and practices.

With SiteLock’s comprehensive security solutions, you can safeguard your server infrastructure against common causes of server overload such as malware and DDoS attacks. By providing advanced solutions such as malware scanning, web application firewalls, a content delivery network, and more, SiteLock takes a multifaceted approach to preventing server overload.

DoS and DDoS are two common types of cyberattacks that can block legitimate users from getting access to your website and interrupt services. Both attacks can cause companies to lose millions of dollars in just a few hours. According to Infosecurity Magazine, the average cost of a successful DDoS attack is $218,000 without accounting for any ransomware costs. Aside from the financial impact, there’s also the disruption of online services, loss of sensitive data, brand reputation damage, and legal and regulatory consequences to consider.

Although these two attacks look similar and both have consequences, the difference between them is more than just the letter “D.”

Denial-of-service attack

A denial-of-service attack (DoS attack) is a type of cyberattack executed from a single system.

During a DoS attack, your web server gets flooded by traffic, making your website or network resource unavailable. Therefore, if your customer service center is receiving constant complaints from customers who can’t get access to your online services while most access requests come from one IP address, you should consider the possibility of a DoS attack.

Types of DoS attacks

• Buffer overflow attacks occur when a program writes more data to a buffer (temporary storage) than it can handle, potentially overwriting adjacent memory and leading to unintended consequences, such as crashing the program or enabling malicious code execution.

• A Ping of Death or ICMP flood attack sends oversized or malformed Internet Control Message Protocol (ICMP) packets to a target, causing the victim's system or network to crash or become unresponsive due to the inability to process these unusually large packets.

• A Teardrop attack involves sending fragmented IP packets with overlapping, incorrect offsets to a target system, exploiting vulnerabilities in its reassembly process and potentially leading to system instability or crashes.

• A flooding attack involves overwhelming a target system or network with a massive volume of traffic, requests, or data, causing resource exhaustion and potentially disrupting or rendering the target's services inaccessible to legitimate users. These attacks aim to flood the target beyond its capacity to handle the incoming traffic, leading to service degradation or downtime.

Distributed denial-of-service attack

A distributed denial-of-service attack (DDoS attack) is usually considered an evolved version of a DoS attack. It has all the negative effects of a DoS attack and is harder to stop. A DDoS attack is executed by having multiple computers on different networks (called a botnet) to send a large amount of requests to your website simultaneously.

If a DoS attack is like starting a one-on-one fight, then a DDoS attack is like besieging your house with people flooding from different directions. What’s worse, these people all look like legitimate visitors because DDoS attackers can compromise legitimate source IPs and leverage them to start an attack. Even if there is no malicious hacker, DDoS can still happen when there is an unexpectedly large spike in traffic to your website. So be vigilant of unusual spikes in traffic, logins, and other important signs of DDoS.

Types of DDoS attacks

• Volumetric attacks inundate a target system or network with an extremely high volume of traffic, often exceeding the systems’ capacity, causing service disruption by consuming available bandwidth and resources.

• Fragmentation attacks involve sending IP packets with incorrect or overlapping fragmentation information, exploiting vulnerabilities in the target's packet reassembly process, and potentially causing system instability or crashes.

• Application layer attacks target specific applications or services within a network, attempting to disrupt or compromise their functionality by exploiting vulnerabilities in the application code, protocols, or server resources.

• A Protocol attack focuses on exploiting weaknesses in network communication protocols, like TCP/IP or UDP packets, to disrupt or manipulate data traffic, potentially leading to network or service issues by causing improper protocol behavior.

Key differences

Although they sound similar, DoS and DDoS attacks couldn’t be more different in the world of cybersecurity, from implementation to sheer scale.

Single source vs. multiple sources

A DoS attack typically uses a single location or internet connection to flood a target system, so they’re naturally easier to detect and sever the connection. However, a DDoS attack has multiple compromised devices or a network of botnets involved. Each one sends a portion of the attacking traffic, making it challenging to trace back to a single source.

Speed of attack

A DDoS attack is typically faster than a DoS attack because it involves multiple sources that simultaneously generate a massive volume of attack traffic. This distributed nature of DDoS attacks allows them to overwhelm the target system more quickly and effectively. In contrast, a DoS attack relies on a single source or a limited number of sources, which may not have the same level of combined bandwidth and resources as a DDoS attack, making it slower and less intense in comparison.

Amount of traffic

A DDoS attack can send a much larger volume of attack traffic compared to a DoS attack, often magnitudes more. DDoS attacks can involve a coordinated effort from numerous sources, which collectively generate a massive amount of traffic, effectively overwhelming the target server. It's not uncommon for DDoS attacks to involve gigabits or terabits of data per second, whereas DoS attacks may involve a fraction of that volume. However, the exact difference in attack traffic can vary widely from one attack to another.

Attack complexity

A DDoS attack is coordinated and includes multiple compromised devices infected with malware, known as bots, to form a botnet under the control of a central command-and-control (C&C) server. On the other hand, a DoS attack usually leverages a script or specialized tool to execute the attack, originating from a single machine or source.

DoS and DDoS mitigation with SiteLock

While DoS attacks are often easier to detect and prevent than DDoS attacks, both are significant threats to websites and businesses.. To help you mitigate these malicious attacks, SiteLock offers comprehensive DDoS protection solutions, which include:

• Website monitoring to identify and detect abnormal traffic patterns or malware.

• Automatic malware removal to prevent site downtime.

• A website application layer firewall (WAF) to block attacks and prevent malicious traffic from overwhelming your website.

• A content delivery system (CDN) to distribute traffic and absorb DDoS attacks, reducing the impact on your primary servers.

• Regular patching and updates to keep your software current with the latest security patches to reduce vulnerabilities automatically.

ExploreSiteLock website security plans and find the security solution that fits your site.

A few seconds after you land on the page, or sometimes upon arrival, a pop-up will appear that says something like “Hi, how can I help you?” or “Is there something you’re looking for?” If you answer the prompt, your chat with the AI chatbot will begin. Based on your responses, additional prompts may be provided, or you might be redirected to a live representative for more help.

Chatbot technology is all the rage these days. This is because they use artificial intelligence to answer your customers’ online inquiries 24 hours a day, 7 days a week, even if you or your customer support team are offline. Several companies have created their own chatbots, including Microsoft, Facebook, Google, Amazon, IBM, Apple, and Samsung. In fact, more than 300,000 bots are being used on FB Messenger alone now. Around 80% of people have interacted with a chatbot at some point.

As Chatbots Magazine puts it, the reason businesses are so anxious to use chatbots is that they know that consumers want answers quickly. When a potential customer messages a company, they expect a swift response and if they don’t get answers quickly, they will often move on – which can result in missed sales opportunities. However, chatbots can answer fast on your behalf to provide a positive user experience.

While chatbots can be a really valuable tool, it’s crucial to understand their security issues and solutions that can prevent these risks. Let’s go over everything you need to know.

Are chatbots secure?

Whether or not a chatbot is secure is a complicated question because there’s no definitive answer. There are many chatbot options to choose from, and even the most robust and secure systems could have potential vulnerabilities and could be at risk for security threats.

However, there are specific security risks to be aware of.

Chatbot security risks

According to DZone, chatbot security risks come down to two categories – threats and vulnerabilities. Threats that a chatbot could be prone to include spoofing/impersonating someone else, tampering with data, and data theft. Vulnerabilities, on the other hand, according to DZone, “are defined as ways that a system can be compromised that are not properly mitigated. A system can become vulnerable and open to attacks when it is not well maintained, has poor coding, lacks protection, or due to human errors.”

Threats are often one-off events such as malware attacks, phishing emails, ransomware, or distributed denial of service (DDoS) attacks. There’s also the possibility of cybercriminals threatening to expose customer data, which is believed to be secure, in hopes of getting some sort of ransom. Vulnerabilities, on the other hand, are long-term issues that need to be addressed regularly.

Thankfully, there are security protocols you can put in place to increase chatbot security should you decide to use them. The process is similar to any other system that involves introducing sensitive data in that respect. What you do on the offense can determine the level of security of your chatbot.

Best practices for chatbot security

The two main security methods to use for chatbots are authentication and authorization. The former refers to user identity verification, while the latter refers to granting permission for a specific user to perform certain tasks and functions or access a portal. Here are some important cybersecurity options for chatbots:

Two-factor Authentication: This time-tested method of security requires users to provide personally identifiable information in two different ways. For example, using a username and password and then also answering a prompt with a unique response that has been sent to the user via email or phone.

Use a Web Application Firewall (WAF): A WAF protects websites from malicious traffic and harmful requests. It can help prevent bad bots from injecting malicious code into your chatbot’s iframe.

User IDs and Passwords: Instead of allowing anyone to use your chatbot, require them to become a registered user to obtain login credentials. Criminals like easy targets. Therefore, just an additional step like registering with a website could deter a would-be bad actor.

End-to-End Encryption: This can prevent anyone other than the intended receiver and sender from seeing any part of the message or transaction. For example, having an “HTTPS” website provides transport layer security or a secure socket layer that ensures encrypted connections.

Biometric Authentication: Instead of user IDs and passwords, you would use things like iris scans and fingerprinting to grant access.

Authentication Timeouts: This security practice places a time limit on how long an authenticated user can stay “logged in.” You’ve likely seen this on your bank’s website.

A pop-up asks you to log back in, confirm you are still active, or simply tells you time has expired. This can prevent a cybercriminal from having enough time to guess their way into someone’s secured account.

Self-Destructive Messages: This is a security measure you can use to make your chatbots more secure. Just like it sounds, after the messaging on a chatbot concludes, or after a certain lapse of time, the messages and any sensitive data are erased forever.

While there is no doubt that chatbots are an innovative and exciting technology to engage with customers, they give hackers one more opportunity to gain access to personal data and sensitive information. Chatbot security, like all aspects of website security, is in your hands. The more layers of security you implement, the harder it will be for cybercriminals to prey on your site and your visitors.

Learn how SiteLock’s website security solutions can help today.

Cybercriminals use URL redirection attacks to take advantage of users’ trust. They redirect traffic to a malicious web page using URLs embedded in website code, an .htaccess file, or a phishing email. These attacks are frequent, too: high severity attacks, which include URL redirection attacks, were up 86% from 2021 to 2022.

For example, a cybercriminal might send a phishing email that includes a copycat of your website’s URL. This link might look like your website’s URL, but it is actually a phishing attack that will lead users to a malicious site with forms and login pages that request user credentials and personal information. Because the phishing site link appears legitimate and users believe they’re on a trusted website, they often willingly share personal information without suspicion.

Redirection attacks are also commonly used to perform other social engineering attacks, such as server-side request forgery and cross-site scripting (XSS) attacks.

How to spot a URL redirection vulnerability

Stealthy attacks are difficult to diagnose, including ones that redirect users. Some website owners don’t realize cybercriminals are at work until their web hosts suspend their sites or they notice significant drops in website traffic after checking tools such as Google Analytics.

Search engines also perform regular site scans and blacklist websites if they detect an infection. That being said, it can take quite some time before Google notifies you that your site is unsafe, which leaves your site’s visitors susceptible to potential security threats and puts your brand reputation at risk.

There are three common types of redirection vulnerabilities to look out for:

• Parameter-Based URL Redirection
• Session Restoration URL Redirection
• DOM Based Open Redirects

Parameter-based URL redirection is a method where the redirection destination is determined by the parameter value in the URL. For instance, a URL like “example.com/redirect?target=maliciousurl.com” would lead users to “maliciousurl.com” if the redirection logic is improperly configured. This technique is stealthy as it uses legitimate web services to redirect users to malicious sites.

To identify parameter-based URL redirection, look out for URLs that include query string parameters like "redirect," "url," "link," "target," and other suggestive terms or parameters that you’re not familiar with on your site. The parameter's value will typically be the destination website.

Session Restoration URL Redirection occurs when a user's session state is embedded in the URL to allow the user to bookmark or share their session. For instance, if a user interacts with a dynamic web application and their actions or inputs are saved as URL parameters, this URL can be used to restore the session later. While this is convenient for users, it can be exploited by attackers.

Malicious actors can manipulate the URL parameters to direct users to unintended content or to inject malicious scripts after user authentication. This redirection happens when users trust the familiar base domain and may not closely inspect the parameters, making them easy targets. Watch for unusually long URLs or many parameters to identify Session Restoration URL Redirection. Such URLs are prime candidates for this type of attack, especially if they are generated by web applications that rely heavily on user input. You should test session-based restoration URLs with a redirect URL appended to it, for example, https://example.com/login?returnUrl=https://sitelucky.pro. Then, ensure validation is applied to verify the URL.

DOM (Document Object Model) Based URL Redirection is a redirection attack executed in the DOM environment of the victim's web browser. It's different from other types of redirection attacks in that the actual page remains unchanged; instead, the client-side scripts in the page execute differently due to the malicious modifications in the DOM. For instance, if a web application uses JavaScript to read the document.location property and uses this to decide where to redirect the user, an attacker can manipulate this behavior to take advantage of an open redirection vulnerability that sends users to another site.

Website owners must be proactive regarding their website’s health and security. They can do this by using cybersecurity solutions that alert them to these attacks the moment they occur.

How to stop URL redirection attacks

Fortunately, protecting your website and your customers doesn’t have to be complicated or time-consuming. Start with these three crucial steps:

1. Use a web application firewall.

A web application firewall is a great first line of defense for directing malicious actors away from your website. Using a WAF guards your site against the most common types of attacks, and some solutions even provide security reports highlighting essential data (such as site traffic). A firewall allows you to monitor your traffic for significant declines, which is also one key sign of a URL redirect attack.

2. Use an automated website scanner.

An automated website scanner will help you detect malware in your site’s files and database faster than if you review them on your own. An effective website scanner should be able to detect and remove these active infections daily to minimize negative impacts on your business and customers.

3. Keep software up-to-date.

Cybercriminals typically gain unauthorized access to small business websites by exploiting outdated code. If you use a content management system, third-party plugins or widgets, or other software to enhance your site, you must be diligent about updating it to avoid open redirect vulnerabilities. Implement the patches and updates that developers release to fix existing vulnerabilities and mitigate new threats.

The cybersecurity landscape is changing rapidly each day, and it can be difficult to keep up with on your own. Having a trusted cybersecurity partner, like SiteLock, who knows how to prevent these attacks can save you time and keep your customers safe from malicious websites. Your customers’ trust is vital to the health of your small business — don’t let cybercriminals take advantage of it. SiteLock can help implement the steps above to protect your customers and ensure you can mitigate a URL redirection attack quickly.

Has your site been hacked? If so, learn about SiteLock's website hack cleanup services, and get help today.

Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 16 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.

What is a WAF?

A WAF is a security solution that safeguards web applications and sites from cybercriminals and common attacks. WAFs work by inspecting the HTTP/HTTPS requests and responses that flow between clients (such as web browsers) and web servers. Think of it as a shield that stands between a website and its visitors, analyzing both the incoming and outgoing web traffic and adeptly spotting any signs of malicious activity or unusual patterns. When it identifies possible threats, it promptly filters that traffic out, all in real-time.

They're a cybersecurity standard because they check for threats such as SQL injections (SQLi), cross-site scripting (XSS), as well as distributed denial-of-service (DDoS) attacks. WAFs play a big role in upholding the overall security and uninterrupted accessibility of a website.

Different types available

There are three distinct types of WAFs, each designed to enhance online security in their own way.

Hardware-based WAFs: Reduces latency by being locally installed on a computer’s hardware but typically more costly.

Software-based WAFs: Integrated directly into the application code making it more customizable, however, implementation can be more difficult.

Cloud-based WAFs: The most cost-effective option, the quickest to install, and easy to update when needed.

Each type caters to specific needs, contributing to a layered defense strategy against various cyber threats.

Top 4 WAF benefits

Now that you understand the purpose of a web application firewall, it’s time to dive into specific benefits.

Provide web application security automation in real-time

WAFs offer a dynamic layer of automated security for web applications. By continuously monitoring incoming and outgoing web traffic, they swiftly identify and neutralize potential threats. This ensures harmful actions are quickly intercepted and prevented as they happen, preserving both the security and accessibility of the website.

Ensure compliance with HIPAA and PCI regulations

They play a pivotal role in ensuring compliance with stringent regulations like HIPAA and PCI. Through customizable security rules, encryption, and monitoring, WAFs can often enforce safeguards that align with HIPAA's healthcare data protection and PCI's payment card industry standards.

Stop customer data from being compromised

A WAF helps safeguard customer data from potential breaches. This not only preserves the integrity of the website but also preserves user confidence, ensuring that customers trust the website with their personal and financial information.

Cost-effective security solution that frees up your team’s resources

As the market demand for website security grows, many eCommerce businesses are seeking third-party services that handle their website protection. A reliable WAF offers a cost-effective choice by automating various security tasks that teams often manage manually. This frees up internal team resources and allows them to focus on other tasks.

SiteLock is a cybersecurity company that offers all-in-one services – packages that include malware scanning and removal, content delivery networks (CDNs), and vulnerability patching – along with WAFs. The need for websites to have swift and straightforward security solutions in place has never been higher.

WAF as a security solution

If you’re in charge of any sensitive data—credit card information, social security numbers, or health or financial records—you’ve likely spent a few late nights thinking about all the scary things that can happen to that information.

Installing a firewall that can analyze traffic for suspicious activity may help set your mind at ease. This additional layer of protection will scan all traffic to your site, securing it against known malicious bots and multiple different attack vectors.

But WAFs don’t just passively monitor activity: they also proactively shore up weaknesses in your web applications. By constantly scanning for vulnerabilities, WAFs often notice weak points long before you do. The best part? Many WAFs can automatically patch the weak point, meaning your team doesn’t have to worry about shifting priorities to immediately resolve the issue.

While the patch isn’t meant to be a long-term solution, it buys you time to fix the vulnerable code without losing sleep over potential breaches.

Deploy a solution you can trust

Get comprehensive website security services in a simplified and automated way to protect yourself from hackers and malware. SiteLock harmoniously partners with a variety of CMS platforms, like Drupal and WordPress, ensuring an ideal cybersecurity approach customized to your particular needs.

If you need help securing your website, have questions about pricing, or are still unsure if you need a WAF, contact our team today to speak with leading security experts.

In this article, we’ll go over what SQL injections are, how they work, the different types, and how to prevent them.

What is a SQL injection?

There are different types of SQL injection attacks, also called SQLi, but they all involve injecting modified SQL queries within input fields on a web form. This method returns sensitive, sought-after data within the database, such as usernames, passwords, credit card data, and other personal identifiable information (PII).

In some cases, an attacker can breach an application’s database through a website form designed to accept user input, which is then passed to the back-end database. In other instances, the attacker may modify cookies to poison a database query or forge HTTP headers to inject code into the database if the web application fails to sanitize those inputs.

How does it work?

Structured Query Language (SQL) is a programming language designed for managing data within relational database systems. It facilitates executing SQL commands for tasks such as data retrieval, updates, and record deletion. To execute harmful commands, attackers can embed malicious code within query strings sent to a SQL server. There are several methods for executing attacks, with susceptible entry points often being user-input fields such as text-containing forms on web applications or web pages.

SQL injection example

Suppose you have a login form on a website where users enter their username and password to access their accounts. The SQL query to check user credentials might look like this:

SELECT * FROM users WHERE username = '<username>' AND password = '<password>';

Now, an attacker could enter the following in the username field:

' OR '1'='1

If the application doesn't properly sanitize and validate input, the SQL query sent to the database would become:

SELECT * FROM users WHERE username = '' OR '1'='1' AND password = '<password>';

Since '1'='1' is always true, this modified query will always return a valid user, effectively bypassing the authentication process and granting the attacker access to the application. This is just a basic example, but it showcases the fundamental concept of SQL injection, where malicious input alters the intended query behavior.

3 Types of SQL injection attacks

1. In-band SQL injection

Also known as Classic SQL injection, In-band SQLi is a type of cyberattack where an attacker manipulates a web application's input fields to inject malicious code. This code is then executed by the application's database, allowing the attacker to retrieve, modify, or delete sensitive data.

It occurs when the attacker can directly retrieve the results of the injected query, making it a relatively straightforward method of attack. This type of injection can lead to unauthorized access, data leakage, and potentially compromise the entire application if not properly mitigated through input validation and secure coding practices.

2. Inferential SQL injection

Also called Blind SQL injection or Blind SQLi, Inferential SQLi is a complex attack. Hackers inject malicious SQL code into web app inputs, inferring success from app behavior or responses without directly retrieving data. Detecting and preventing this is difficult, as signs of manipulation might not be evident. It risks unauthorized data access, compromising apps and databases if your defense is not sufficient.

The two types of inferential SQL injection attacks use the following techniques:

Boolean injection: A technique in which attackers can manipulate a web application's input to exploit its interaction with a database. By leveraging Boolean-based queries that result in either true or false responses, attackers can deduce information about the database structure and content, potentially extracting sensitive data or gaining unauthorized access.

Time-based injection: With this technique, attackers can exploit web application vulnerabilities by causing delays in the application's response time. By injecting malicious SQL queries that introduce artificial time delays, attackers can gauge the impact on response times, allowing them to infer database structure and extract valuable information.

This can lead to unauthorized data access, allowing attackers to extract sensitive information, gain control over an application, or compromise the underlying database if defenses against a blind SQLi attack are inadequate.

3. Out-of-Band SQL injection

Also, an advanced attack method, Out-of-Band SQLi involves hackers manipulating web application inputs to trigger communications with external entities controlled by the attacker, such as a web server they manage. This enables attackers to extract sensitive information or control the targeted system, bypassing traditional in-band communication between the application and the database.

The impact of data breaches

Cybercriminals love a successful SQL injection because it’s versatile. It can be used to modify or destroy proprietary data, steal customer information, and take complete control of a website. And it’s not always easy to detect. Even if an application correctly sanitizes user input to prevent an immediate attack, that poisoned data will be stored locally and can wreak havoc when used in a different context in the future.

Cybercriminals who deploy SQL injection attacks are usually after the same thing, sensitive data. Their goal is to pinpoint vulnerable database servers to hijack the data being stored — usually PII — which can then be sold to the highest bidder on the dark web.

Why is PII so valuable? Imagine you had the personal information belonging to a physician who bills healthcare payers electronically. You could make a fortune by sending fraudulent bills to insurers or Medicare. On the dark web, you could purchase the records you need to carry out that operation for about $500 — but you would stand to gain millions.

Medical records aren’t the only PII that cybercriminals are after, though. Any business that collects and stores data on local servers is vulnerable to SQL injection attacks. That includes eCommerce companies, real estate, law firms, banks, and agencies. Website owners who collect information such as home addresses, phone numbers, birthdates, and Social Security numbers present an especially appealing target for attackers due to the quality of information.

How to prevent SQLi attacks

In some circumstances, an attacker can breach your site undetected, and the effects of a second-order SQL injection attack may not become obvious until long after the initial attack. In other instances, you may notice signs such as modified posts or comments on your website, new admin users, modified passwords, or a disconnected CMS. Fortunately, there are ways to prevent SQL injection attacks before they occur. Start by following these steps:

1. Keep software up to date

Every site owner must diligently keep security patches up to date. That means performing updates as soon as they become available. It’s also important to keep plugins, themes, and your CMS core files updated at all times to prevent these attacks and other forms of malware.

2. Choose plugins wisely

Plugins may be useful to your website (because they provide enhancements for SEO, social media engagement, and more), but they’re also useful to attackers. Every plugin represents an additional attack vector that can be leveraged to breach your site, so be thoughtful about the ones you choose to install. Remove the ones you don’t need or that haven’t been updated in more than a year, as these can result in weak entry points for your website due to outdated code.

3. Add layers of security

Begin by granting SQL database accounts the minimum necessary privileges. It's crucial to avoid sharing these accounts across distinct websites and applications to mitigate cross-contamination risks. Employ comprehensive input validation for all user-supplied data, encompassing even drop-down menus, to fend off malicious inputs. You can further enhance security by configuring error reporting mechanisms that avoid exposing database error messages to the client web browser, reducing potential avenues for attackers to exploit vulnerabilities.

4. Sanitize input fields

All user-submitted data on contact forms or other input fields is vulnerable to cybercriminals trying to gain unauthorized access to your database. Using an input validation function, such as a MySQL escape string, can ensure any malicious strings are not passed to an SQL query. Sanitizing input fields acts as a filter for user data to ensure only information that meets specific criteria can be entered. For example, if you ask users to enter their phone numbers, the input field should only allow numbers, dashes, and parentheses.

5. Don’t trust any user input

Employ prepared statements alongside parameterized queries. By encapsulating and defining all SQL code within these statements, each parameter is systematically passed, effectively thwarting any attempts by attackers to alter query intent subsequently. Additionally, integrate stored procedures to construct SQL statements enriched with parameters stored within the database, and subsequently invoked from the application. This strategic approach adds an extra layer of protection, reducing the exposure of raw SQL code and reinforcing the security framework against potential attacks.

6. Install a vulnerability scanner

Automated scanners perform deep website scans to identify and patch vulnerabilities before cybercriminals can exploit them. These make your site more resilient to different types of SQL injection attacks as well as other malware.

7. Use a web application firewall

A web application firewall (WAF) plays a significant role in preventing SQL injection attacks by filtering bad bots and malicious threats out of your site. While shopping around for a WAF, it’s best to look for one that utilizes the OWASP Top 10 threats to better protect against these stealthy attacks.

Best practices for mitigation

Mitigating future attacks is vital for preventing unauthorized access and data breaches. Effective measures, such as input validation and parameterized queries, database safeguards, and ensuring data integrity are important but not enough.

Educate development teams

Training development teams on how to handle SQL injection vulnerabilities is paramount to your overall web security. By comprehending the potential risks and learning proper coding practices, developers can implement effective countermeasures during the design and development stages. This proactive approach helps prevent exploitable vulnerabilities, safeguards sensitive data, and ensures the creation of robust web applications that are resistant to attacks.

Implement an incident response plan

Creating a plan or cheat sheet of sorts to minimize the impact of potential attacks will help maintain business continuity. The plan should encompass swift detection of the attack, isolating affected systems, and involving cybersecurity experts to analyze the extent of the intrusion. Communication with stakeholders, including customers and regulatory bodies, is vital for transparency. Remediation involves patching vulnerabilities, restoring compromised data, and enhancing security measures to prevent recurrence. Regular testing and refinement of the plan ensure readiness to effectively manage incidents.

Work with cybersecurity experts

If your business doesn’t have the in-house security experts to prevent SQL injection attacks, you’re not alone. Using comprehensive cybersecurity solutions designed for all businesses, SiteLock can help protect your site against these attacks and other cyberthreats. Take advantage of our services and competitive pricing so cybercriminals won’t be able to take advantage of you.

You can stay one step ahead of cybercriminals by familiarizing yourself with how malware can affect your site, understanding the signs to look for, and learning what you can do to prevent it.

What is malware?

Malware, also known as malicious software, is a type of software created for malicious purposes. While it is commonly associated with computer systems, malware can also be used to attack and infect websites. It is designed to cause harm and is often used by cybercriminals to carry out common types of cyberattacks and steal sensitive information such as financial data. Different forms of malware include:

• Viruses

• Worms

• Trojans

• Ransomware attacks

• Spyware

• Fileless malware

• Rootkits

• Keyloggers

• Adware

• Bots and botnets

It can be distributed through various means, such as email attachments, infected websites, compromised software downloads, or even through physical media like USB drives. Hackers use malware as a tool to exploit vulnerabilities for their own gain. Effective cybersecurity measures are crucial to detecting, and removing and preventing these malicious threats.

What does malware do?

Malware attacks can cause a number of different problems on websites and apps. Here are some of the most common issues these attacks can create:

Change the appearance of your site.

Defacements allow cybercriminals to replace your website’s content with their own message, which often promotes a political or religious agenda. This attack could turn visitors away by offending them with the shocking message and/or preventing them from accessing your website entirely. It is one of the more common and recognizable types of malware.

Hide in advertisements.

Malvertising spreads malware by prompting users to click on an ad, or through a “drive-by” download, which automatically infects a visitor when they visit the site. Cybercriminals can either inject malicious code into an advertisement or upload their own malicious ad to an ad network that will distribute it across millions of websites at a time.

Send your visitors to other (usually) malicious websites.

If visitors to your site are redirected to another site – especially one that looks suspicious – you have been affected by a malicious redirect.

Grant cybercriminals access to your site.

True to their name, backdoors are a type of malware that acts as an entry point for cybercriminals, allowing them to gain access and maintain persistent access to your site. With access to your website, they can expose sensitive data, alter your site’s appearance, and more. You may not notice a backdoor file, as studies show they are sophisticated enough to go undetected, yet very popular with cybercriminals.

Place spam content on your site.

Unusual links or comments suddenly appearing on your site or a significant and sudden loss in traffic are all signs of SEO (search engine optimization) spam.

SEO spam takes advantage of two techniques used to help websites rank well in search results: the use of relevant search terms on a web page and acquiring links from outside sources. By inserting hundreds or thousands of files containing malicious backlinks and unrelated keywords into your site, cybercriminals can cause a drop in your site’s search rankings, resulting in a dramatic drop in website visits.

Get your site flagged by search engines and removed from search results.

Google and other popular search engines review websites for malware and may remove infected sites from search results in an effort to keep users from visiting them. This practice is known as blacklisting. Search engines may also place a warning on blacklisted sites in order to protect visitors from malicious content. The warning lets visitors know that the site is infected, and prevents them from entering. Not only will this cause your traffic to drop, but those visitors may distrust your site and never return.

Possible consequences

Your reputation, website traffic, and/or revenue will likely take a hit if your website is infected with malware. Suspicious activity or signs of malware on your site could make your site appear untrustworthy, damaging your reputation and preventing visitors from returning, especially if a data breach occurs. In fact, 65 percent of online shoppers who have had their credit card or other personal information stolen refuse to return to the site where their information was compromised – a loss that many websites and businesses could not afford.

Fortunately, preventing malware infections is affordable, easy, and a good investment towards the success of your website.

How to prevent website malware

You can prevent website malware by:

Preventing vulnerabilities. Vulnerabilities are weak points in the website’s code that can be exploited to attack a website, and cybercriminals can find them automatically by using bots.

Vulnerabilities can be prevented by:

1. Installing updates and patches promptly. If your site is built using a CMS like WordPress, updating your software and plugins as soon as updates are available ensures that vulnerabilities are patched quickly.

2. Using only what you need. A website’s risk of compromise increases the more features it has. Reduce your risk by only using the plugins and features you absolutely need – and fully uninstall anything you’re not using.

3. Using a vulnerability scanner and automated patching system. This helps to automate the process of keeping your site updated.

Blocking automated attacks that look for vulnerabilities. No website is too small to fall victim to a cyberattack, as cybercriminals frequently use malicious bots to automatically look for websites with vulnerabilities. Fortunately, these bots can be blocked with a web application firewall (WAF).

Finding and removing malware quickly. A cyberattack costs more the longer it takes to find, but prompt malware removal can reduce the cost and damage incurred. Using a website scanner that looks for and removes known malware on a daily basis ensures that you’re catching threats swiftly.

Malware and cybercriminals don’t rest, but you can defend against them with a website security solution that doesn’t quit. With SiteLock, you can easily protect your site by preventing malware, vulnerabilities, and automated attacks. We’re always here for our customers with 24/7/365 customer support, so give us a call at 855.378.6200 to get set up, or shop our affordable plans online.

SiteLock also offers immediate website hack repair.

Want to learn more about malware? Explore these additional resources:

Common Types of Malware

Malware vs Virus

The Evolution of Malware

Ways Malware Can Get Onto Your Site

The Dangers of Malware

• The Effects of Malware on Small Businesses

How to Check A Website for Malware & Common Signs

• How to Check Databases for Malware

Ways to Protect Your Site From Malware

How to Remove Malware

Malware Analysis Series:

• Signature Based Analysis

• How a Signature Is Born

• Detection vs Removal

As the name suggests, a backdoor attack is stealthy, and hackers often bypass security systems to obtain remote access to sensitive data undetected.

Small and midsize businesses are particularly vulnerable to trojan horses because they tend to have fewer resources to close off built-in backdoors or identify successful attacks. Cybercriminals know that SMBs often lack the budget or security experts to prevent and mitigate attacks. In fact, nearly 50% of all SMBs report being breached at some point.

The Consequences of Backdoor Attacks for Small Businesses

Because small businesses are at a high risk of security breaches, they need to be hyper-aware of threats. Taking proactive measures to secure your website and prevent backdoor attacks is critical if you want to avoid the financial fallout of a successful attack. The average cost of a data breach is $25,000 for SMBs, and that doesn’t include the high price tag associated with repairing a business’s reputation and rebuilding customer trust.

As cybercrime increases, your security measures should, too. Backdoor attacks have increased over the years as well. According to the SiteLock 2022 Website Security report, 32% of infected websites had this type of attack.

The problem is only getting worse as backdoor detection becomes more difficult. Cybercriminals are creating new types of backdoor attacks that can bypass malware scanners without detection. The longer an attack goes undetected, the more it will damage a business.

As cybercrime advances and backdoor attacks become even more prevalent, it’s vital that small businesses pay close attention to their cybersecurity efforts.

How to Prevent Backdoor Attacks

The best line of defense against backdoor malware for any website owner is a website scanner that can mitigate malware, patch vulnerabilities, and alert the administrator of potential security threats.

Because cybercriminals are creating new malware specifically to bypass scanners, you need to ensure your cybersecurity partner performs adequate research to detect and review new types of malware on a regular basis. Your partner should then update the scanner’s signature database with each new iteration it finds.

In addition to a website scanner, you should install a web application firewall to protect the perimeter of your website by keeping bad actors at bay. A WAF differentiates good traffic (like real customers) from bad traffic (like malicious bots) and prevents bad traffic from gaining access to your site.

What to Do If You Suspect a Backdoor Attack

If backdoor malware slips past your security measures, it’s best to mitigate the problem as quickly and efficiently as possible to keep costs and damage to your reputation to a minimum. Take the following steps to close such backdoors:

1. Review the logs in the website scanner to identify any files that are consistently being removed.
2. Ask your cybersecurity vendor or IT team to review the site access logs for anything out of the ordinary.
3. Audit the CMS and uninstall any unused plug-ins, taking care to remove the files from the file manager.
4. Update all the plug-ins and themes on the website or else reinstall all core files to your CMS. You can download a new copy of your CMS by going to the WordPress or Drupal site and downloading all your files.
5. Keep an off-site backup of the site that’s confirmed to be free of back doors. If the back door can’t be found after an attack, the only solution may be reverting to a “clean” version of the site.

You will also want to immediately look into hacked website repair services to prevent as much long-term damage as possible.

Prevent Backdoor Website Access

If your small business hasn’t yet taken measures to prevent a backdoor attack, now is the time to do so. As backdoor detection becomes more difficult and cybercrime increases, small business cybersecurity is more important than ever. Make sure you not only have reliable tools such as a website scanner and WAF to stop cybercriminals in their tracks, but also know what to do if an attack does break through your defenses.

See how SiteLock’s comprehensive website security packages can help keep your site protected.

Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 12 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.

The best way to avoid the negative consequences of website defacement and protect your small business is to prevent these attacks from occurring in the first place.

What is Website Defacement?

Much like vandalism in the physical world, website defacement attacks can leave a visible mark on your digital property. In carrying out this type of attack, cybercriminals typically replace existing content on your site with their own messages — whether those messages are intended to be political, religious, or simply shocking.

Website defacements can damage your company’s reputation, giving visitors the impression that you don’t take security seriously or are incapable of protecting your business online. Aside from hurting your reputation, website defacement can also cost your business a significant amount of money. Prospective customers will abandon your site if they don’t feel it’s secure. What’s more, while website defacement detection isn’t difficult, getting rid of defacements requires downtime that could cause a drop in revenue.

8 Steps on How to Prevent Defaced Websites

To gain access to your website, cybercriminals often hone in on contact forms, inject spam into comment boxes, or insert unwanted links into your source code or database. The more entry points your website has, the easier it will be for attackers to gain access. If you don’t have the tools in place to detect their entry, they’ll be able to carry out a defacement attack.

Follow these tips to stop cybercriminals in their tracks and keep your site protected:

1. Monitor Add-Ons and Plug-ins

Cybercriminals usually target sites that are either seen as vulnerable or would draw a lot of attention if hacked. Oftentimes, the sites that are especially susceptible to attack are those that incorporate a bevy of added plug-ins and features. Add-ons expand a site’s surface, giving hackers more potential points of entry. Using a high number of plugins or add-ons on CMS platforms such as WordPress or Shopify could increase the number of vulnerabilities on your website.

One way to prevent website defacement is to choose your plug-ins and apps carefully. Make sure each one provides value to your website and use only what you need. Regularly audit add-ons and completely uninstall any plug-in or theme that’s deactivated within your dashboard.

Unused add-ons are likely outdated and become less secure over time, making your site more vulnerable. Outdated software is a leading factor in cyberattacks due to the vulnerable code not being updated. It’s strongly recommended to update plug-ins, themes, and core files as soon as updates are available.

2. Secure Login Credentials

Securing passwords is essential to prevent website defacements. Hackers can gain access to a website by using stolen or weak login credentials. Strong passwords, multi-factor authentication, and regular password changes are just some of the many website security measures to protect passwords. When attackers can't get their hands on valid login credentials, they are less likely to be able to deface a website. Ensuring the security of logins is a crucial step toward protecting a website from attacks and maintaining its integrity.

3. Limit Administrative Access

If more than one person is logging into the website to make changes to content, limit the type of access each additional individual has. Having multiple administrators on your website leaves the door open for a cybercriminal to gain unauthorized access via your login page. Limiting full access to content can prevent a website defacement caused by human error (e.g., weak passwords).

4. Reduce the Number of File Uploads

Attackers can upload malicious files to a website to gain unauthorized access, modify site content or perform other nefarious actions. By limiting the number of file uploads, website owners can prevent attackers from using this method to deface their sites. Simply limit the acceptable file types, establish a maximum file size, and perform malware scans prior to authorizing file uploads to make the process effortless. Regularly monitoring and reviewing file uploads can also help detect any suspicious activity and prevent attacks before they occur.

5. Scan for Security Vulnerabilities

If you have a technical background or tech-savvy staff members, you can manually check for malware on your site. You should also have access to the file manager provided by your domain host or file transfer protocol, both of which can be used to check your site for malware. Look for both script and <iframe> attributes, and scan the URLs that follow these attributes to be sure you recognize them. If you don’t, they may have been injected with malicious content, and you could be dealing with a potential data breach.

6. Use a Web Application Firewall

A web application firewall, or WAF, helps protect web applications from a variety of cyberattacks. It examines HTTP traffic between the web server and the client, filtering out malicious traffic and blocking attacks that could harm your website. It can also impede many types of attacks, like SQL injection and cross-site scripting (SQLi and XSS). WAFs can and will block traffic from known malicious IP addresses and botnets. Most importantly, it provides an additional cybersecurity layer and helps to ensure that sensitive data is kept safe from threats.

7. Get an SSL Certificate

An SSL certificate conceals the information shared between a user's web browser and your website, making it tough for anyone to deface pages or steal data. It's for sites that contain sensitive data like passwords, payment information, etc.

This certification also helps to improve your website's search engine ranking. Google has made it clear that SSL encryption is a ranking factor, and websites with SSL certificates are given preference in the form of an HTTPS status. HTTPS, instead of HTTP, is not only important for securing your website but also for improving your online visibility and credibility.

8. Install an Automated Scanner

Even if you have the technical expertise to manually check for malware, an automated website scanner is critical for regular maintenance that won’t take up your time. This kind of scanner can detect suspicious activity as soon as it occurs. It will be able to monitor your website files and database, patch vulnerabilities, and automatically remove malware and spam when it’s detected.

Ultimately, the costs of recovering from a website defacement attack will be higher than those of preventing the attack in the first place. To avoid downtime, loss of revenue, and a damaging hit to your reputation, follow these security best practices and explore SiteLock’s website security plans.

Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 12 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.

As an eCommerce owner, are you doing enough to address and overcome your customers’ concerns? If not, don’t worry – we’ll explain how you can protect your customers by using PCI compliance. We’ll also make sure you understand the ins and outs of PCI compliance, the steps to get started, and the penalties for not meeting PCI standards.

PCI Compliance Meaning

The term ‘PCI compliance’ is short for Payment Card Industry Data Security Standard. It is also referenced as PCI DSS.

PCI compliance was established in 2006 to help protect businesses from credit card fraud. It was established by five of the largest major payment brands (Visa, Mastercard, American Express, Discover, and JCB) in an effort to increase control over where cardholder data is stored, processed, or transmitted for websites that take payment online.

PCI Data Security FAQs

Maintaining proper PCI compliance levels can be difficult for those who aren’t familiar with the subject. An online business needs security controls to protect against data breaches, while also maintaining compliance. These are the most popular questions people ask when looking to set up compliant security systems.

What is PCI compliance in simple terms?

In short, PCI compliance is a set of security standards used to help protect consumers’ credit card data whenever they make a purchase online.

Who needs to be PCI compliant?

Any individual or business that stores, processes, or transmits payment card information needs to meet PCI compliance requirements. This includes small businesses, companies that only take payments over the phone, and even companies that use a third-party payment processing system, like PayPal.

Is PCI compliance required by law?

While PCI compliance is not a federal law in the United States, it is strongly enforced by the major card brands listed above. It is a security standard that applies to all individuals, businesses, or organizations that accept, transmit, or store cardholder data.

Meeting PCI requirements can be a very time-consuming and complicated process. In addition, maintaining compliance can be even more challenging. There are quarterly and annual assessments organizations need to complete on an ongoing basis to maintain compliance.

However, only 27.9% of organizations are fully compliant with these requirements. One of the roadblocks is the extensive questionnaire individuals need to complete to get started, as well as the ongoing validation process.

As a result, many businesses that should be compliant are not. Those who do not follow PCI DSS requirements might be subject to very expensive fines that could result in bankruptcy.

What happens if I don’t become PCI compliant?

Non-compliance may subject you to penalties and hefty fines. More often than not, the fined bank will pass this fine to the merchant, terminate your relationship with the bank, or increase the fee. Large fees can be devastating to a small business and might even result in the website owner going out of business.

How is cardholder data defined?

According to the Payment Card Industry Security Standards Council (PCI SSC), cardholder data consists of the full primary account number (PAN), plus any of the following: cardholder name, expiration date, and/or security code. The security code is the three- or four-digit number on the back of the credit card.

What if I operate a small business and only accept a few credit card payments a year?

Regardless of whether you are a small, one-person business or a large enterprise, if you accept, store, and transmit cardholder data, then you need to be PCI compliant. The same holds true for whether you collect $20 in payment per year or $20,000,000 – meeting PCI compliance standards is a must.

Additionally, don’t assume you are too small to be hacked. In fact, small and medium-sized businesses faced twice as many cybersecurity threats in 2021 vs. the previous year.

Are eCommerce websites the only ones that need to be PCI compliant?

While it’s true that eCommerce stores need to be compliant, they are not the only businesses that need to comply with PCI standards. PCI DSS applies to any and all websites that store, process, or transmit cardholder information.

Even if you do not “sell” anything online, your business might still be required to follow the requirements. For example, in order to start a free trial with Netflix, individuals are required to input their payment information as part of the trial process. While the customer is not being charged during the free trial period, Netflix is storing their payment card data, and therefore needs to protect that data via PCI compliance.

Another example is a doctor’s office that allows their patients to pay for their visits online through a payment portal. Although these doctors aren’t necessarily “selling” anything online to their patients, they are still expected to protect their patients’ financial information.

If I only accept credit cards over the phone, do I need to be PCI compliant?

Regardless of if you store information via your website database or elsewhere, all businesses that store, process, or transmit payment data must meet PCI standards.

If I outsource my credit card processing, do I need to be PCI compliant?

If you use third-party processors, like PayPal, to collect credit card information, then you still need to comply with the standards. For example, if your business receives charge-back and refund information, it is important to make sure this information is protected.

If my hosting provider is PCI compliant, does that make me compliant?

In short, the answer is no. As an eCommerce or website owner, you are ultimately responsible for the security of your website, which includes meeting compliance standards. Your host does not automatically provide you with PCI compliance. In fact, most shared hosting environments are not compliant.

The average website experiences 63 attacks per day on average. With this in mind, it is important to understand the differences between the security your web host offers versus the security you’re responsible for. Your web host ensures that your website is being hosted on a secure server; however they are not responsible for protecting your website from hackers, or ensuring you are PCI compliant.

How do I get started with the PCI compliance process?

First, you will start by identifying the self-assessment questionnaire you are required to complete. The self-assessment you complete will depend on your business and how you accept payment online. For example, eCommerce merchants who outsource payment processing will complete a different questionnaire than merchants who take payment over the phone.

What do I do after I identify the correct self-assessment questionnaire?

Once you’ve identified the correct questionnaire, it is time to complete your questionnaire. It’s important to keep in mind that the questionnaire is 280 questions and may take several hours to complete.

However, there are companies that specialize in making the PCI DSS compliance questionnaire process as easy as possible by providing a simplified questionnaire. These companies will use logic to pre-populate responses for you by section, which may save you a significant amount of time.

In fact, depending on the type of questionnaire you’re completing and the company you’re getting help from, you may only need to answer 20 percent of the 280 questions.

Additionally, the application asks a series of business process, policy, and technical questions about your existing credit card security practices. If you need to make changes to your existing policies or need new policies, some security companies will customize a policy for you that you can download instantly.

What do I do after I complete the questionnaire?

Once you complete the questionnaire, then an initial and quarterly vulnerability scan by an approved scanning vendor may be required to maintain compliance. This vulnerability scan will check for any potential security weaknesses in your website and hosting server configuration.

According to pcicomplianceguide.org, if you qualify for any of the following SAQs under version 3.x of the PCI DSS, then you are required to pass a vulnerability scan:

• SAQ A-EP
• SAQ B-IP
• SAQ C
• SAQ D-Merchant
• SAQ D-Service Provider

What is a vulnerability scan?

A vulnerability scan, also referred to as a website scan, is designed to complete a comprehensive scan of your website to identify vulnerabilities. A website vulnerability is a weakness or misconfiguration in a website or web application code that allows a cybercriminal to gain some level of control of your site. When vulnerabilities are exploited, cybercriminals can infect the website with malware. Malware, short for malicious software, can be used to harm your website and your website visitors, like stealing your customers’ information or unknowingly redirecting them to a malicious website.

How often do I need a vulnerability scan to meet PCI compliance standards?

If you are required to complete a vulnerability scan, then you will need to make sure you complete a scan every 90 days, or once per quarter. For the sake of convenience, it’s recommended you work with a company that can both help you complete your questionnaire and scan your website each quarter to ensure you are regularly complying with all standards.

As an additional security best practice, it’s best to scan your website on a daily basis to help identify vulnerabilities and malware as soon as they hit your website. This way, you never have to worry about whether or not you’re going to meet compliance standards each quarter. This will also ensure your website and customer data are protected from malicious cyber activity each and every day.

Do You Meet the PCI Security Requirements?

As an eCommerce website owner, it is your responsibility to ensure a safe shopping experience for your customers. SiteLock can help you become PCI compliant fast by providing a simplified self-assessment questionnaire. Not only that, but your website can be scanned for vulnerabilities the very same day. Contact SiteLock security experts today to learn more.

Signs of a Malware Infection: Spotting Signs of an Attack

Certain malware attacks will be detectable almost immediately. Even the most untrained eye can spot website defacements, where hackers mask existing site content with a message or image of their choosing. While defacements generally make up only a relatively small portion of malware attacks, even more inconspicuous malware might leave traces of its work that are detectable by website owners, visitors, or both.

Other obvious signals of a malware-infected website include unauthorized modifications to your user account logins, missing or modified website files, web pages that freeze or crash, or a significant decrease in site traffic. Additionally, when your hosting company detects malware, you may receive a notification, which could lead to an account suspension. Search engines could even “blacklist” your site if evidence of malware is completely conclusive.

Signs of an attack are never a good thing — particularly for small business owners. A malware attack can have lasting consequences on search rankings, website performance, and more. For example, if your website is suspended or blacklisted, it could erode customer trust, damage your reputation, and even lead to a decline in revenue, regardless of whether your website serves as a primary point of sale.

Removing Malware From a Hacked Website

For those who don’t consider themselves particularly tech savvy, outsourcing malware removal to a security expert is likely your best bet. You can also use a website malware scanner that monitors your website daily and automatically removes malware when it’s detected. On the other hand, developers or other individuals with tech expertise might choose to manually remove malware themselves, depending on the time and resources available.

If you do decide to extract malicious code yourself, here’s how:

1. Identify the source.

You can do this through a file manager, local file search, or command line. Most web hosts offer file managers, though they’re generally optimized for basic file modification, rather than for specific content searches.

A local search — as its name suggests — involves downloading the contents of your live site to your local machine, making the search process a little simpler. Access to a command line is rare in a shared hosting scenario, but if you have it, you can perform a far more nuanced search. With it, you can find files that have been recently modified as well as specific contents within files.

2. Look for the right clues.

When you do find files you believe may have been infected, look closely for common syntax used by attackers when injecting malware into a site. Be sure to look for any of the following PHP code snippets: eval, base64_decode, fromCharCode, gzinflate, shell_exec, globals, error_reporting(). These represent just a handful of countless functions used by modern cybercriminals, but they’re present in many PHP hacks.

3. Remove the malicious software.

Once you’ve identified infected files, remove them, and your site will be malware-free. While it’s possible to manually remove malware, we always recommend using a website scanner for speed and accuracy. The SiteLock scanner, for example, automates malware detection and elimination. It uses a file transfer protocol scan to download, inspect, and clean website files. Then, it uploads those files back to the host server without disrupting the user experience.

Website Security Issues Never End

Defending against malware is an ongoing effort for every website owner. To minimize your risk, focus on preventing vulnerabilities in your site’s source code, as cybercriminals will certainly test these backdoors. You can do this regardless of whether you have a programming background or not: Simply install updates and patches promptly. An automated patching system will make this process even easier. Likewise, use only plug-ins and features you absolutely need (and uninstall those you no longer use).

Implement a vulnerability scanner, not to be confused with a malware scanner, to automatically detect areas where improvement is needed. If you use a content management system, such as WordPress or Drupal, to power your website, it’s best to use a vulnerability scanner that automatically patches vulnerabilities. Antivirus or malware scanners are designed to identify viruses, trojans, ransomware, and other malware on a device while also offering solutions in real time. Finally, have a web application firewall in place to block malicious bots that cybercriminals use to locate potential entry points.

The modern web is about 30 years old, but in some regards, it still feels like the Wild West. Luckily, plenty of website malware removal tools exist to help website owners protect what’s important to them online. It’s up to you to take advantage of them. If you’re dealing with a hacked site, explore our comprehensive website security plans.

Want to learn more about malware? Check out these additional resources from SiteLock:

• What is Malware?
• Common Types
• The Evolution of Malware
• Ways Malware Can Get Onto Your Site
• The Dangers of Malware
• The Effects of Malware on Small Businesses
• How to Check Your Website for Malware & Common Signs
  • How to Check for Malware in Databases
• Ways to Protect Your Site
• Malware Analysis Series:
  • Signature-based Analysis
  • How a Signature is Born
  • Detection vs Removal

More than half of all businesses are a target of a social engineering or spear phishing attack every year. It’s an increasingly pressing issue, and it’s one that many businesses are only just starting to take seriously.

Whether you’re the owner of a small, medium, or large business, know that social engineering attackers don’t discriminate due to size. If you don’t learn how to defend against social engineering, you could likely be the next victim of an attack.

What is Social Engineering?

As it pertains to information security, social engineering is the manipulation of people into performing actions or sharing confidential information without them knowing or due to human error.

Common Examples

There are many types of social engineering attacks, but the ones below are the most commonly seen by security professionals.

• Phishing. Scammers will use deceptive phishing emails, websites, phone calls, and texts to steal sensitive information from unsuspecting victims.
• Spear Phishing. Is a type of email scam that is used to carry out targeted attacks against businesses.
• Baiting. Perpetrated online or in person, this type of attack involves cybercriminals promising the victim a reward in return for private information.
• Malware. A cyberattack involving malicious software, like ransomware or scareware. Victims are sent an urgently worded message and tricked into installing malware on their devices by hackers.
• Pretexting. Is a form of social engineering that involves the perpetrator assuming a false identity to trick victims into giving up information.
• Tailgating. This attack targets individuals who can give scammers physical access to a secure building or area. These scams often work because of misguided common courtesy, like when a door is held open for an unfamiliar “co-worker.”
• Vishing. In this situation, cybercriminals leave urgent voicemails to convince victims they must act now to protect themselves from arrest or another risk under the guise of being a financial organization, a federal agency, or law enforcement.

How Data Breaches Affect Businesses

You’ve likely read about the potential impact of social engineering on your personal life, but what about the impact of social engineering on businesses? Here are the main consequences you’ll incur if your business falls victim to an attack:

• Financial implications. Bad actors are always after something, and usually, it’s money. Social engineering can cost businesses anywhere from tens of thousands to millions of dollars—and that doesn’t even include the costs associated with recovery.
• Productivity costs. In any business, time is money. A successful attack means significant time lost rectifying the impact of social engineering and resolving the damage. This often craters the IT team’s productivity, general employee productivity, and ultimately the business’s profitability.
• Operational disruption. Reduced productivity won’t just impact your IT team—it can trickle down your entire supply chain or service delivery operations, slowing every moving part of your business and causing logistical delays.
• Reputational damage. Cybersecurity attacks are extremely dangerous and put both business and customer information at risk. If you’re seen as an organization that’s not adequately protected, customers won’t feel safe—and it can be difficult to build back that trust.

Preventing Social Engineering Attacks

Fortunately, there are ways to prevent social engineering attacks from happening. Learning how to defend against social engineering starts with recognizing the signs. Also, investing in proven cybersecurity solutions and mandatory, company-wide training are great ways to keep your business safe from the impact of social engineering. To help keep your operations running smoothly—and your business safe—see how SiteLock can help keep your website safe.

To learn more about the impact of social engineering tactics and cybercrime, read “What is Social Engineering?”

Negative SEO attacks (also called SEO spam attacks) have become increasingly common. These attacks sink website search rankings by deluging sites with spammy keywords and backlinks. Search rankings can make or break a small business, so understanding how to strengthen SEO security and prevent these types of attacks is a must.

What is SEO Spamming?

Hackers and spammers rely on a variety of methods to launch negative SEO attacks. They might insert malicious links into existing web pages, create new pages full of malicious links and spammy content, or make pages on your website lead to other sites using website redirects.

Spamdexing is one of the most common types of negative SEO attacks. Spamdexing is when hackers redirect visitors navigating to your site, to a malware-infected or phishing website. As a result, you lose web traffic and trust.

The easiest way for cybercriminals to deploy a negative SEO attack is by adding spam malware to blog posts or comment fields. Cybercriminals use black hat SEO tactics that deploy bots to leave endless spammy comments on sites. These comments resemble a hacked website and can discourage visitors from doing business with you.

So, what do SEO spammers get from these attacks? Typically, they use these attacks to improve their own search engine rankings by stealing traffic from other sites.

7 Tips to Boost Your SEO Security

Negative SEO attacks don’t just tank your website’s rankings — they hurt your credibility with customers and visitors. Furthermore, they open up other pages of your site to security breaches and can even cause search engines to flag or blacklist your site.

To prevent cybercriminals from sinking your rankings and eroding your credibility, strengthen your website’s SEO security with the following steps:

1. Update your software and plugins.

Outdated software and security plugins on your website can create vulnerabilities that cybercriminals can exploit, so it’s important to keep your content management system’s software current. As a best practice, site owners can perform routine checks to ensure all software is up-to-date and check whether security patches are complete. It’s also a good idea to remove applications you don’t need: The more complex your site (and the more you rely on applications created by third-party developers), the higher your security risk.

2. Use strong passwords.

If you own a WordPress site or similar platform, be sure to use a strong password for login. Brute force attacks can attempt to guess your password by trying the most popular passwords until it guesses correctly. Hackers can also figure out your password by finding clues on social media and trying different combinations until successful. For example, children’s names, pet names, the city where you were born, etc.

3. Sanitize input fields.

As a best practice, you should always sanitize input fields to protect your site from bad bots and prevent cybercriminals from inserting modified queries. These modified queries can lead to a much larger security issue, such as a data breach. To sanitize input fields, predefine what a user can enter into a text box. For example, phone number fields should allow users to enter only numbers, parentheses, and hyphens.

4. Use a CAPTCHA.

Even if you haven’t heard the term before, you are likely familiar with a CAPTCHA; it’s the variety of images with a theme you need to correctly select to log in to your account or make a payment on many websites. Essentially, a CAPTCHA is a test that computers use to distinguish human website visitors from bots. By applying one to your website’s login, account sign-up forms, and eCommerce checkouts, you can stop cybercriminals from deploying bots to fill your website with SEO spam.

5. Setup and monitor Google Search Console.

Setting up Google Search Console is not only good for tracking search engine results, but it’s also good for monitoring security issues. Search Console will show alerts when it appears the site’s security has been compromised. You can also keep track of what search terms your site ranks. If you begin seeing terms unrelated to your business, such as around viagra, cialis, or other pharma-related products, you are likely the target of search engine spam. Lastly, you typically get alerts if your site has received a large number of spammy links.

6. Keep track of backlink profiles.

Building low-quality spam links and redirects is a typical way cybercriminals carry out negative SEO attacks, so it’s crucial to keep track of these items on your website. As a best practice, use SEO monitoring tools that can track backlinks and keywords to help you quickly detect when a cybercriminal is creating malicious redirects to your site.

7. Install a web application firewall (WAF) to prevent spammy comments.

Lastly, you can block bad bots from deploying spammy comments on your website by installing a WAF. When evaluating WAF options, make sure the solution you choose includes a built-in CAPTCHA as an added layer of security. The WAF acts as a gatekeeper for your website and blocks the top security threats before they ever reach your site.

Prevent SEO Spamming Now

Building up your business’s search rankings takes a lot of work and is an investment for your business. Don’t let cybercriminals scam that power away from you — strengthen your SEO security by understanding how and why these attacks occur. Start by implementing a comprehensive web security solution that can block these SEO attacks to keep your small business secure from SEO spam and bad bots.

Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 16 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.

The cross-site scripting attacks that dominate headlines tend to be larger-profile cases with big-name companies; in reality, businesses of all sizes can fall victim to this kind of cyberattack. In fact, cross-site scripting attacks were one of the most common types of web attacks in 2021.

If cybercriminals can easily gain access to such big companies and cause significant damage with a cross-site scripting attack, imagine what problems they could stir up for your small business. For that reason, it’s more crucial than ever for small business owners to proactively protect their websites and customers.

What Is a Cross-Site Scripting Attack?

When cybercriminals use cross-site scripting (XSS), they inject malicious code on a site via form fields or other areas of user inputs in order to target website users. When the user’s web browser executes this code, attackers can hijack user sessions, covertly track session data, or even display spam content on an otherwise legitimate site.

Almost three-quarters of websites have cross-site scripting vulnerabilities. This number should be concerning for small business owners, especially considering the immense fallout that could occur due to an XSS attack.

The Impact of XSS Attacks

Cybercriminals using a cross-site scripting attack to steal sensitive data, such as session cookies, can take over a victim's browser session, allowing the cybercriminals to post on social media, initiate bank transfers, and make purchases on e-commerce websites, all without the user knowing.

The fact that cross-site scripting impacts the user directly makes this type of attack particularly damaging for businesses. If customers found out that your website had XSS vulnerabilities that allowed cybercriminals to steal their data, they wouldn’t remain customers for long. In fact, research indicates that 65% of users who experience data theft while online will not return to the site.

Possible Results

These are just a few of the many consequences of a cross-site scripting attack:

• Website downtime
• Theft of user accounts
• Theft of credit card numbers and passwords
• Theft of session cookies
• Theft of users’ files
• Manipulation of files
• Loss of confidence in the business
• Creation of fake log-in pages
• Fake posts redirecting to malicious pages
• Installation of malware in users’ computers

Considering that a single vulnerability could have such a tremendous impact on your bottom line, it’s imperative to take the necessary steps now to prevent cross-site scripting attacks.

4 Ways to Prevent Cross-Site Scripting Attacks

The primary ingredient for cross-site scripting attacks is outdated software — including content management system core files, plug-ins, and themes. Input fields are often overlooked as well because many small businesses don’t have in-house security personnel to ensure the right level of security is factored in when building out these fields.

Cybercriminals have caught on that small businesses are more vulnerable, and it’s estimated that 43% of cyberattacks now affect small businesses. To prevent your business from becoming the next victim, use the following four cross-site scripting prevention techniques.

1. Keep Software Updated

Cybercriminals and developers are in a constant arms race, with the former hunting tirelessly for site security vulnerabilities and the latter working to patch them. If you aren’t judicious about updating software or applications, you give cybercriminals the chance to take advantage of any known vulnerabilities.

It’s best to review your systems and web applications regularly to ensure they’re updated. Also, your business should remove applications you don’t need as an added security measure. Reviewing all others every few months will help ensure your applications don’t have vulnerabilities that attackers can exploit.

2. Sanitize Input Fields

Input fields are a common gateway for cross-site scripting attacks. Sanitizing an input field — or validating that the data is in the proper form — ensures that only expected content can be submitted by your visitors and not any malicious scripts. Predefining what a user can input (e.g., only allowing your fields to accept numbers, hyphens, and parentheses for a phone number, and not any special characters) helps prevent an attack on your site. To protect your site visitors, all input fields should be sanitized regularly.

3. Use Client- and Server-side Form Validation

Validating all form submissions allows you to check the data on a form before it’s accepted by the server. Typically, client-side form validation is done by utilizing JavaScript code to confirm that only data deemed “acceptable” is being used before submitting it to the web server.

As an additional safeguard, server-side validation should always be used in tandem with client-side validation. Server-side validation means the server also sanitizes the data before evaluating and accepting it.

4. Use a Web Application Firewall

As cyberattacks become more advanced and prevalent, a good best practice is to use a WAF that can filter bad bots and other malicious content away from your website. Think of a WAF as the gatekeeper to your website, preventing attacks before they’re executed. When shopping for a WAF, look for a provider that protects against the latest and the most common types of attacks.

With cyberattacks on the rise, a few steps toward XSS prevention go a long way. By taking the above measures to shore up your defenses, you’re demonstrating a commitment to company and customer data that will produce big benefits in the long run.

Learn how SiteLock can also help keep your website secure today.

Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 12 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.

How Blacklisting Works

Blacklisting websites is how search engines protect browsers from malicious content. Google and other search engines send bots or crawlers to scan websites and flag anything suspicious. If your website is deemed a threat it can be removed from search engine results, flagged, and added to website blacklists which can have devastating consequences, especially if your website captures and converts leads.

You may not know that your website has been infected with malware or malicious code — but you’ll figure it out when Google or another search engine detects it and marks your site with the warning label. The same warning could also appear next to your domain name when prospective customers try to search for your business directly.

Being removed from Google or another search engine’s results page means your rankings and visibility will plummet. Users won’t be able to find your website via Google search result pages (SERPs), and even if they visit your website directly, they’ll be deterred by that infamous warning message. Ultimately, low visibility causes traffic to tank, which could inevitably hurt sales. Your Search Engine Optimization (SEO) efforts will become a sunk cost, and the longer the warning sign remains on the site, the more the damage multiplies.

These consequences can be devastating for small businesses, in particular. For instance, one website owner saw a 50% drop in traffic to her small business’s site after being blacklisted. Ultimately, she had to hire an expert for $1,000 before she could resubmit her site to Google. And this was a relatively inexpensive fix: It can cost up to $10,000 depending on the extent of the damage.

This makes it incredibly important to identify and fix malware problems as soon as possible.

Recognizing a Malware Infection

While many types of malware are difficult to detect with the naked eye, some common malware attacks do show symptoms that all visitors should be aware of:

• Defacements. This attack is the easiest to spot, as cybercriminals will replace a site’s content with their own name, logo, and/or ideological imagery.
• Suspicious pop-ups. Are you really the lucky one-millionth visitor? Think before you click on pop-up ads that sound too good to be true. Clicking on them may cause you to accidentally download malware to your computer.
• Malvertising. We recommend exercising caution when clicking on any ads, as legitimate ads can be infected with malware. However, some malicious ads are more obvious. They typically contain spelling/grammar errors or unprofessional graphic design, feature products that don’t match your browsing history or promote “miracle” cures/celebrity scandals.
• Phishing kits. This attack tricks users into handing over sensitive information by imitating commonly visited sites, like banking websites. They may seem real at first glance, but spelling and grammar errors will give them away.
  Malicious redirects. Often used in conjunction with phishing kits, malicious redirects take visitors from one site to another, usually malicious, site.
• SEO spam. If you see unusual comments, usually with links, in a website’s comments section, it’s likely SEO spam.
  

Another way to quickly identify a potential malware infection is to analyze website traffic drops on webmaster tools like Google Analytics and Bing Analytics. Then, follow up on Google Search Console or Bing Webmaster Tools to see if any web pages were deindexed from search results. A sharp decline in organic traffic could be a tell-tale sign that your website is experiencing security issues.

Why Google Blacklists Sites

So why does Google blacklist sites if it’s so harmful to small businesses? Though it may seem like search engines are punishing site owners for having malicious links or content on their sites, that’s not the case. Google and other search engines blacklist sites in order to protect web users from hackers. Promoting safe browsing benefits everyone, from hosting providers to website owners.

Blacklist Removal Requires Manual Action

If you are blacklisted, you’ll need to get back up and running as soon as possible to avoid lasting damage. The first step, of course, is to remove all malware from your website and database, which can be done by implementing an automated website malware scanner. The automated scanner will find and remove any malicious content on your website, and it should have the capacity to patch security vulnerabilities to prevent “quiet attacks,” such as JavaScript or backdoor files.

Once your site is malware-free, the next step is to create a Google Search Console (formerly Webmasters) account and request a review or recrawl of your site. If Google fails to detect malware during its scan, it will take your site off the blacklist and remove the warning label.

Even if you mitigate the problem and restore your site as quickly as possible, however, those who did see the warning screen may not be keen to revisit your site anytime soon. This is one reason preventing cyberattacks with the right website security solution should be your first line of defense.

You can’t rely on Google or other search engines to catch all malicious links or content on your site. After all, not all infected sites are blacklisted. Research from the “SiteLock 2019 Website Security Report” found that only 15% of sites containing malware were blacklisted by search engines last year. Take adequate precautions by implementing automated security tools, and you won’t have to worry about how to get your website off the Google blacklist.

How to Avoid Being Blacklisted

To secure your website and avoid being blacklisted, take these three steps.

1. Safeguard incoming traffic. The first step is to implement a web application firewall, which will act as a gatekeeper for incoming traffic. A WAF will block bad bots that could inject SEO spam, malicious links, and other nefarious content — all of which could flag you as a candidate for blacklisting.

2. Detect malware before search engines. Don’t wait to implement an automated malware scanner until after you’ve been blacklisted. Instead, implement an automated malware scanner to find and remove malware before Google or other search engines find it first. A good scanner should help prevent infection and blacklisting.

3. Properly evaluate external links. Any links being used on your website for advertising, affiliate marketing, or linking to another site should be properly vetted. If Google notices that your links lead to dozens of spam sites, it might blacklist your site, even if you aren’t hosting malicious content. Also, avoid the deceptive black hat SEO practice of purchasing links.

Being blacklisted can cause permanent damage to your small business, but don’t blame Google: It’s only trying to protect web users. You should share that goal. By having robust cybersecurity strategies in place, you can prevent malware from entering your website and avoid having to get your website off the Google blacklist in the first place.

Learn about SiteLock’s malware scanning and removal services today.

While many of WordPress’ core updates happen automatically, major release updates, along with updates to your theme and plugins, do not. People are often nervous to push that update button because there’s a chance it could result in a broken site. However, outdated themes, plugins and core files are a surefire way to a hacked site – so updating WordPress themes, plugins, and core files is necessary to prevent future vulnerabilities. But what should you do if an update breaks your site?

Your first response is probably going to be sheer terror, followed by panic, especially if you’ve just broken your LIVE WEBSITE. (By the way, we recommend making the updates on a staging site first.) This post covers various ways an update can potentially break your site and provides step-by-step instructions on how to fix it as quickly as possible. Just make sure you have the correct WordPress admin permissions to navigate and troubleshoot the following scenarios.

The Update Process

When the WordPress core gets updated, WordPress goes into what we call “Maintenance Mode.” Instead of seeing your website, a visitor will see a message stating that the site is down briefly for maintenance and to check back in a moment. (By the way, this screen is customizable.) This is to make sure nothing looks broken on your site while the update is happening. During this time, WordPress deletes all existing files for that item and replaces them with the new version. Once the update is run successfully, WordPress goes out of Maintenance Mode, and you get a notification confirming success.

The success message of a Plugin update

Stuck in Maintenance Mode?

It is possible for something to go wrong with the update, causing your site to get stuck in Maintenance Mode. If it stalls, the most common issue has to do with a file (called .maintenance) that WordPress uses to put your site into Maintenance Mode. If it fails to be deleted afterward, your site will be stuck with that message.

Fortunately, getting your site out of Maintenance Mode is a pretty easy fix – you just need to manually delete that .maintenance file. But in order to GET TO that file, you need to have access to your site's files via either your hosting account or FTP. So it is important to always have those URLs and logins on hand in case you need them in a pinch. It’s also useful to familiarize yourself with an FTP program – like the free FileZilla – so you can quickly take care of little issues like this when they arise and aren’t scrambling to find passwords. Once you have logged in via FTP, go to the site’s root (usually in a folder called public_html) and delete the file.

If you can’t do it yourself, your host should be able to delete it for you, although sometimes for a fee. It’s a good idea to get familiar with your host’s maintenance and support policies, as some may charge pricey fees to fix your site. You may find that having a developer who can be on-call in times of emergency is a better option.

After getting your site out of Maintenance Mode, it’s always good practice to check your site. The update may have disabled your theme or plugin if it broke during the update.

Fixing your Broken WordPress Site Post-Update

Sometimes updating core files or your themes or plugins can cause other things to break on your site. When this happens, you will need to find the issue and fix it. In the meantime, you can roll back to a previous version of the plugin or theme (or even the WordPress core version) while you work out a fix.

The easiest way to do this is to simply use a backup of your site and revert to the most recent version. This is not a permanent fix – you will still have to run the updates at some point, and likely soon if there are security patches involved. Fixes might involve changing some code in your theme, settings in your plugin, or replacing a plugin entirely.

Aside from backups, you can manually replace the files via FTP or use the WP Rollback plugin, which gives you the ability to roll back to previous versions of a plugin or theme from the dashboard.

When the Culprit is a Core Update

To be frank, a core update is almost never the reason for your site breaking. WordPress puts a lot of effort into maintaining backward compatibility – meaning, it still supports deprecated functions as best it can for those who are running older versions.

WordPress Core updates are carefully vetted. If your site breaks after a Core update, it is most likely a plugin or theme that has not been updated to support the latest version of WordPress. All WordPress developers who have contributed either themes or plugins to the online repository get a direct email for every core update, outlining the things that are going to change. This gives the developers time to update their plugin or theme to support this version. But not all theme and plugin developers are vigilant about this.

You can see when the plugin was last updated and which version it has been tested with in the Plugin Repo on wordpress.com

But it’s not impossible for a core update to go wrong! When it does, the WordPress team will push out another update that fixes things as soon as possible. However, it may require you to manually update WordPress. The Codex has information on how you can run a manual WordPress update.

When the Culprit is a Plugin

Sometimes, you run a bunch of updates at one time and aren’t sure which one broke your site. You can start by deactivating all your plugins and reactivating them one by one to check which one is causing the broken site.

Once you find the plugin responsible for the break, you have a few options:

• Check online to see if anyone else has had the problem. If so, there may be a known fix you can implement.
• Contact the plugin developer about the issue. They will probably like to know when there is a conflict. Tell them which version of WordPress you are running, which theme, and all the plugins and versions you have running. This can help to narrow down the issue. They may have further instructions for you, like checking your server error logs to give them more information.
• Disable the plugin. If it’s not a critical plugin, you can disable and delete it or replace it with another plugin with similar functionality.
• Revert to a previous version of the plugin. While you are looking for a fix, you can revert to a previous stable version of the plugin.
• Hire a developer. A knowledgeable developer may be able to fix it. It’s important to note, however, that you should almost never edit another plugin’s core files. When plugins are updated, all the files will be overwritten by the new version, including your changes. But I say almost never because sometimes the developer will work out a quick fix for you to apply to the plugin yourself while they work on your site’s files to release a new version.

Disabling a Plugin

If you aren’t sure which plugin it was, disable all your plugins and reactivate until you find the culprit. If you don’t have access to the Admin, you can disable the entire Plugin directory to regain access. Rename the Plugins directory to _Plugins. Navigate back to your Admin panel, and go to the plugins directory. Go back to FTP and change the Plugins directory back to Plugins. This disables all your plugins, and you can now go in and reactivate them one by one until you find the broken one.

Delete the offending plugin to restore access to your site.

When the Culprit is Your Theme

Sometimes, theme updates are responsible for a site break. Did you use a child theme to make code changes to your theme? If you made changes directly to your commercial or free theme, running an update will overwrite all of these changes. Never make code updates directly to your theme, unless it is a custom theme and you know what you are doing. Check out the Codex for more information on Child Themes.

It may also be that your theme wasn’t prepared for the WordPress update. This process is similar to the plugin troubleshooting process.

Disabling a Theme

If the theme is the issue, go into your Themes Admin and activate the default WordPress theme. These are typically named by year. For example, in 2017, the default theme was called twenty-seventeen. If you do not have access to your Admin, here is where our trusty FTP client comes in handy. Navigate to your Themes directory [mywebsite.com > wp_content > themes], and rename the offending theme. This will deactivate it and activate the default theme automatically.

Activating the default theme will let you know if it’s a theme issue or not. If the problem still persists after activating the default theme, then it is likely a plugin issue. If it is a theme issue, then check for updates with the theme creator, or choose another theme that supports the current WordPress version. It is also useful to contact Support and notify them of the issue. If the theme was from the WordPress Repo, leave a post in the forums. If it was a commercial theme, contact their support directly to report it.

When Your Host is to Blame

If you see a 500 Internal Server Error on your site, this means you’ve got a hosting issue. Your hosting may be down, or you have run out of memory on your server. Contact your hosting support to solve this problem.

What is the White Screen of Death?

The White Screen of Death is how we WordPressers fondly refer to a site breaking so badly that all you see is a white screen. No website, no code, nothing: just white. If this happens, remember not to panic – you can troubleshoot this by deactivating our plugins and themes, which will reset everything and restore your access to the Admin for troubleshooting. Use the information above to first disable your Plugins directory, and see if your site comes back online. Next, change to a default WordPress theme. If the site is STILL white screening, you may have a corrupt version of WordPress. The best thing to do is a manual WordPress update and replace all your core files with a fresh install.

Information to Always Have on Hand

It’s easy to lose track of key information if your site has never broken before. But the first time it does, you’ll want to have as much information on hand as possible so you, your developer, or your host can troubleshoot. Below is a list of items you will need:

• Your domain registrar
• Your hosting login
• Access to your database and files via cPanel or FTP
• A FTP client like Filezilla
• Your host’s Website Support policy
• The number of a good developer who will work with you in emergencies!

What is a DDoS Attack?

In a DDoS attack, cybercriminals use hacked networks to flood internet servers with traffic, sending more requests than the target server can handle. This includes overwhelming a website with “fake” requests in an attempt to make the site unavailable. These attacks are executed when multiple computers on different networks that have malware — called a “botnet” — send large amounts of requests to your website at once.

Different Types of Attacks

There are three different types of DDoS attacks:

• Volume Based Attacks - Volumetric DDoS attacks send a high volume of traffic to the server, to overwhelm the network bandwidth. Common examples include ICMP and UDP floods.
• Protocol Attacks - This type sends malicious requests to Layer 3 and Layer 4 in the protocol stack, exploiting vulnerabilities that allow it to consume bandwidth of key elements of the network infrastructure (the server, load balancers, etc.). Common examples include SYN floods and the Ping of Death.
• Application Layer Attacks - This type exploits vulnerabilities in the application layer (Layer 7) itself. These attacks can be the most difficult to identify, as they can sometimes achieve their goal (crashing the web server) with a smaller volume of requests than the other two types. Common examples include: low-and-slow attacks and GET/POST floods.

In a particularly memorable instance of a DDoS attack, the Mirai botnet used a large number of hacked internet of things devices to overwhelm Dyn, a domain name system for popular sites such as Amazon, Twitter, Netflix, Etsy, and Spotify.

Even when an attack fails to crash a website, it often slows the site down enough to make it unusable — frustrating customers and causing significant revenue losses. Meanwhile, these attacks are cheap for cybercriminals, which is perhaps one reason they accounted for 35% of cyberattacks in 2017. For as little as $100 a day, certain groups will deploy DDoS attacks on unprotected servers — and that price goes up to $400 a day for protected ones.

Particularly for e-commerce sites, even one day of downtime can be far more costly.

How to Tell if a Site Is Under Attack

Obviously, not all surges in traffic patterns are bad, but when you suspect an DDoS attack is behind a surge, it’s important to correctly identify it as quickly as possible. Unfortunately, it can prove challenging to distinguish between a legitimate traffic spike and one brought on by a DDoS attack. But if slow service continues for days instead of hours immediately following a sale or marketing campaign, your site could be under attack. A significant spike in spam emails can also signal an attack.

3 Ways to Protect Your Website

Instead of simply trying to survive an attack, take steps to prevent one with DDoS protection. Research indicates that about 66% of DDoS-targeted sites are attacked more than once. Here are some essential places to start:

Web Application Firewall

Web application firewalls (WAFs) are a good place to start because they’ll be able to differentiate between DDoS attacks and legitimate traffic. By relying on a WAF, you can protect your website from these attacks and ensure your customers enjoy uninterrupted access to your site.

Content Delivery Network

In addition to improving site speed and SEO, a content delivery network (CDN) can make it more difficult for hackers to find and attack your server. Since a CDN uses a group of servers to deliver your content online, it’s harder for someone to identify your main server. Optimizations via a CDN also help lower the bandwidth that the primary server needs to use, making it less likely for the server to get easily overloaded. A CDN’s secure port protocol will also help prevent bad traffic from coming through.

Have a DDoS Response Plan

Website downtime can cost small and midsize businesses between $137 and $427 per minute, while the attacks that bring them down can be conducted for as little as $1 per minute. You won’t outlast an attack, so the first step is knowing that you need to act swiftly. Let your web hosting service provider know what’s happening, as they may be able to monitor and block the traffic to protect their servers.

In addition, prepare for a surge in customer communications as people report the downtime and ask questions. Automate your responses whenever possible, as you’ll need all hands on deck to respond to the attack.

As IoT devices continue to rise in popularity, DDoS threats and attacks will continue to gain prevalence — and the cost of conducting them will likely go down even further. Prevention is the best method of dealing with these cyberattacks, and it starts with effective cybersecurity tools and a reliable response plan. Want more protection for customers and stakeholders? Explore our website security solutions, and get a quote for automatic DDoS mitigation services today.

Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 12 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.

So, why is your website slow and how do you increase website speed to improve the digital experience? Furthermore, how do you speed up a website while ensuring that it remains secure? To answer those questions, let’s take a look at three major contributing elements: search engine optimization, content delivery networks, and web application security.

The Importance Of Search Engine Optimization

Search engine optimization (SEO) is a crucial method for gaining organic or natural website traffic and growing your online business presence. The more users you can attract, the more trust you establish with site visitors and search engines, and with that, you greatly increase your chances for more qualified leads and sales.

When most people hear “SEO,” they think of things like content, relevancy, header information, and page titles. However it’s important to note that search engines also rank sites based on the length of time they take to respond and load web pages. Therefore, not only does a slow website have the potential to tick off your customers—it might also make it harder for them to find you, in the first place.

An effective SEO strategy takes all of these factors into account, and learning how to speed up a website can make a huge difference in decreasing bounce rates and increasing pageviews.

Increase Site Speed With A Content Delivery Network (CDN)

As technology becomes increasingly efficient, our standards for speed continue to rise. If a page takes more than a few seconds to load, it is likely your visitors are going to leave—that’s the harsh truth.

One way to dramatically increase website speed and improve visitor satisfaction and SEO optimization is to use something called a content delivery network, or CDN. The idea behind a CDN is very simple. If the CDN already has most of the information it needs about your site, it can generate that site much faster. This means that whenever a user or search engine tries to access your website, the CDN can accelerate the loading process because it cuts out the middleman.

In addition to having the ability to increase website speed, a CDN can also help your website become crash-resistant—distributing the load across servers, instead of having 100% of the traffic go to a single server. Because of this benefit, implementing a CDN can prove invaluable for websites with high traffic.

Rather than wait for every single element of your site to load for the very first time, the CDN should already have most of the important pieces in its memory or cached in some way. A good CDN can increase website speed by up to 50%, almost instantly responding to requests and making your website appear much faster. Additionally, using image compression along with a CDN can further reduce common delays and speed up a website.

Speed Up A Website While Utilizing Web Application Security (WAF)

Learning how to speed up a website is key if you’re a business owner. However, one of the problems of making your site easier to find is that you make it easier for bad guys to find, too—and that’s one type of visitor you really don’t want dropping by unannounced.

If you’re going to speed up a website with a CDN, it should always be paired with a protective layer. A web application firewall, or WAF, can filter, monitor, and block suspicious visitors to your site, making sure that any data is not unwillingly compromised and taken by hackers.

As a business owner, you likely don’t have the time or resources to sit guard on your website around the clock to fend off these attackers. If you are going to speed up a website, think of a WAF as your guard dog. A good WAF will help filter out the bad guys, identify suspicious website visitors or behavior, protect against a variety of common attacks, and even block access to certain IP addresses and countries.

With the protection of a WAF, you can speed up a website with the confidence that it will remain secure. And with the speed provided by a CDN, your website will recognize and serve the good guys in the blink of an eye.

Stay Protected With SiteLock

If you’re serious about the role your website plays in promoting your business—and just as serious about protecting your business from the nasty threats that cruise by your digital storefront—a good content delivery network paired with an enterprise-grade web application firewall is your best bet.

Learn more about how a CDN works and how it can help speed up your website. Contact SiteLock’s security experts for details about our WAF and CDN products and how they can help your business. Protect your digital assets and increase your website speed today.

Introduction

In January, we wrote about the importance of knowing your code. In this month’s article, we will talk about a fake plugin that was discovered during an unrelated investigation on a customer site. We will highlight some of the techniques that can be used by site owners to help them determine whether a component is legitimate or not.

Discovery

The SiteLock Malware Research Team (SMRT) detected and remediated numerous phishing kits installed on a customer site in a variety of locations. These were targeting a variety of online resources ranging from the Saudi Post to DHL. During the remediation, we came across several WordPress installations with an unfamiliar plugin named ‘wpyii2’ that warranted additional investigation.

Investigation

PHP Header

The header comment of all WordPress plugins and themes contains information about the component, including the name, the location to download it from, a description, and the author information.

The header comment of our unfamiliar plugin file appears to be legitimate:

On the face of it, a WordPress plugin that integrates the Yii 2 framework could, potentially, make sense. So let us look at the details to see what we can find out.

Author URI

If we take the author URI, yiiframework [.] com, and search for it online, we find that it is, in fact, legitimate.

When we visit that site, we see the Yii Framework website that we would expect:

While this does not appear to be related the authors themselves, it is possible that they are contributors to the framework. So far, so good. This could still be a legitimate plugin.

The Author and Contributors

When we start searching for the author and contributors that are listed, we start to see some questionable results. First, we find a post on the WordPress forums that implies a plugin was “resurrected as malware” with the similar header information.

However, that is tempered by what appears to be a legitimate translation plugin for WordPress called rustolat that has the same authors:

As a result, it is a little hard to come to a firm decision about whether our wpyii2 plugin is legitimate or not. Let us check one more thing before we dive into the code.

The Plugin URI

Plugin URIs point users to the place they can download the plugin or get support. For free plugins, it usually points to WordPress.org. For premium plugins, the URI usually points to where you can purchase it. In the case of our wpyii2 plugin, the URI is claiming that we can find the plugin on WordPress’s own site:

However, when we visit that URI, WordPress tells us that the page could not be found!

Something is not right with this ‘plugin’ that we have. Now we need to look at what it does.

Touring German Cities

A Curious Choice of Names

In the three variations SMRT found, the curious commonality was in the names of classes, variables, and functions, all of which were named for German cities.

That seems like an odd choice for a WordPress plugin and obfuscates their purpose in ways that are frowned upon by the style guides for WordPress and, in general, coding. It is hard to remember if München is a counter or a string or if Berlin is an authorization check, for example.

At this point, it is obvious that this is not related to the Yii Framework, let alone an actual WordPress plugin. But what do these fake plugins really do?

Decoding

The PHP code in these files is encoded in multiple ways and performs slightly different operations if it detects the presence of a DBHOST variable or an HTTP_HOST variable. Fortunately, neither of these are needed to fully decode the payload. We can comment out the evaluation statements (add_action and eval) and add echo statements to have the plugin print out the code instead of executing it.

WordPress Environments

If DBHOST is present, the plugin attempts to run add_action to hook into the WordPress install for persistence before calling a function and then evaluating a different value.

The code, when we print it out instead of evaluating it, makes references to a SMILODON package and performs some billing interaction with the SMILODON_URL:

The google-statik [.] pw URL is another component that attempts to perform a shell upload:

This is not something you want on your site.

Non-WordPress Environments

If DBHOST is not set, then the fake plugin decodes and runs a WSOX ENC shell.

This is, in every way, a typical webshell capable of uploading, modifying, and deleting files, executing PHP code, bruteforcing passwords on the server, modifying databases, and creating connections back to the attacker (backconnects), etc.

There it is. If it was not clear before, this makes it abundantly clear that this ‘wpyii2’ plugin is both fake and malicious.

Summary

Since discovery, SiteLock has removed this fake plugin from almost 200 sites in over 350 distinct install locations. It is always a good idea to review the components you have installed and remove plugins or themes that you are no longer using. However, be mindful as malicious plugins can or will hide themselves from the plugin list, so if you suspect that there are components present which you did not install, log in and check the files that are on your site.

If you suspect that your site has been infected with malware, SiteLock’s experts are here for you. Contact us today for assistance and let our team help you.

About The Author

Maarten Broekman has worked as a system administrator and systems engineer for over 25 years, primarily in the shared web-hosting space. One of the main concerns for web-hosting providers is being able to serve their customers’ websites as quickly and efficiently as possible. As a result, anything that detracts from performance needed to be examined closely and this is where his interest in malware and code analysis sprang from. For over a decade, finding, decoding, and removing malware (and automating that process) has been his primary focus.

What Is A Phishing Kit?

Everyone has heard of phishing emails and phishing sites, but what exactly is a phishing ‘kit’. Put simply, a phishing kit is the set of files that are placed in a website to configure it to receive traffic and relay the data that people enter to the malicious actors. This can be as simple as a single file that does everything or as complicated as a copy of the target website with minor modifications. This article is going to explore two different phishing kits that we have found and highlight the ways in which they can be detected and avoided.

Phishing Kit – Citi Group

Overview

The phishing kit we want to highlight is one appropriately titled the Citi kit. This phishing kit is relatively small, consisting of a couple of files and a single script to send the results out. Likely, targets receive a link to http://<domain>/auth/login.html which presents the following page:

Figure 1: Phishing Site

Aside from the address and the error message this is incredibly similar to the real Citi.com site:

Figure 2: Real Site

It is easy to understand how an unsuspecting person could see the first image and just put in their credentials in the form, thinking that they were logging into Citi.com. However, even a brief pause and examination could save a lot of the future headaches that come from being phished.

Detection

First, the address bar. It is very important that you, as a consumer, know your brands. Sometimes companies will come up with a new domain for something, but if the address bar is not showing the domain name you are used to, you use a search engine to look for something like “Does domain belong to organization?” For the above example, we could search for “Does citi.com belong to Citibank” and we would find that it does. However, the domain for the site in Figure 1 does not belong to Citi and as a result, we know the login page is fake.

Another way to check any suspicions you may have because of the address bar is to look at the page source. Right click on the page, select ‘View Page Source’, and a new tab or window will be opened containing the HTML content that your browser was presented with.

Figure 3: View Page Source

Then you can search (Ctrl-F or Cmd-F) for one of the input fields of the form, ‘User ID’, for example. This will bring you to the first occurrence of that string and then you just look for the HTML form tag.

Figure 4: Page Source from Figure 1

In this case, we can see the form action (the place that the form will send any data) is set to ‘freddy/mainnet.php’ on the third line in the screenshot. Since we also see URLs pointing to explicit citi.com addresses, we now know this form is not going to submit the contents to Citi as intended. Instead, it is submitting the data to a local PHP script and, while we do not have the script itself, the structure and name are similar enough to the other phishing kit we will examine; in which we can make some assumptions about the functionality.

Behind The Scenes

Given the similarity in file structure, the ‘mainnet.php’ script in this Citi phishing kit will likely write submitted data out to files on the compromised server. Depending on the entry page, this will have username and password information (for login pages) or full name, address, and other personal information (for account creation and verification pages).

In addition to logging this data to files, these scripts also send the data via email or even via Telegram messages.

Phishing Kit – Mountain America Credit Union

Overview

This phishing kit is far more complex than the one we just reviewed. The Citi phishing kit utilized HTML pages with a single PHP script for form submission, this Mountain America phishing kit is a complex assembly of PHP scripts that are interconnected and talk back to a Command&Control (C&C) server via APIs.

From the victim’s view, the Mountain America phishing kit presents a webpage that looks very similar to the real Mountain America website, but with some notable differences.

Figure 5: Mountain America Phishing Kit

Figure 6: Real Mountain America Website

While it is missing some elements of the current site, the phishing kit is close enough that it might have been copied from a previous version of the real site.

Detection

As with the Citi phishing kit discussed earlier, detection of this kit by an end-user relies on awareness, suspicion, and curiosity. You need to be aware of the ‘normal’ website address for the brands and companies that you interact with, especially if they are financially oriented. In this case, the domain that the phishing kit was found on was a painting company’s website. This should have been sufficient enough to raise suspicions that this was not the correct site, but it may not have been obvious on mobile devices. Again, looking at the page source reveals the form submission goes to a ‘mainnet.php’ script with a session token as an argument.

Figure 7: Phishing Kit Form Submission

Behind The Scenes

If we look at the functionality of these pages on the compromised server, the first thing that stands out is that they use a rather well-structured framework.

Figure 8: Access.php Header

The script pulls in two class files, ‘Comp.php’ and ‘Antibot.php’, performs some validation, and includes several other scripts. Of particular interest, the ‘zsec.php’ file pulls in the hacking group’s configuration, including API keys and a remote host. The rest of included scripts form a series of checks against hostnames, IP addresses, and user agents and blocking ones that are deemed unwanted. The two class files set up objects with built in functionality to perform similar blocking and application configuration.

After this header, which is present in many of the files in this kit, the file contains the HTML content displayed in the browser above. Unlike the Citi phishing kit, which relied on remote sources for images, JavaScript files, and stylesheets, this Mountain America phishing kit uses relative URIs for those same resources. This suggests they did significant reconnaissance and copying of content to create this phishing kit. A total of four of the links in the files refer to the real Mountain America Credit Union site.

In the end, the victim’s login information, card information, and personal information all get logged to various files on the compromised server, as well as being sent via Telegram messages, by the ‘mainnet.php’ script.

Figure 9: Personal Information Logging

Figure 10: Login Information Logging

Figure 11: Combined Information Logging

Summary

As you can see, phishing kits come a variety of different forms. Detecting a phishing page relies on your own suspicions and keen observation of the URLs that you are directed to. If you suspect a page is part of a phishing kit, the easiest thing to do is to close the browser window and then manually enter the website for the company you want to go to or use a bookmarked page to the company. Alternately, you can reach out to the company to ask if the domain is correct.

If you suspect that you entered your information into a phishing page, it is important to login (if you can) and change your password again. If possible, ensure that you have multi-factor authentication enabled as an additional layer of protection.

Fortunately, SiteLock can detect and remove many phishing kits and we add rules to find more every day. If you are a website owner and you suspect that your site has been compromised, and used as a phishing site, contact us today for assistance in removing the malware.

About The Author

Maarten Broekman has worked as a system administrator and systems engineer for over 25 years, primarily in the shared web-hosting space. One of the main concerns for web-hosting providers is being able to serve their customers’ websites as quickly and efficiently as possible. As a result, anything that detracts from performance needed to be examined closely and this is where his interest in malware and code analysis sprang from. For over a decade, finding, decoding, and removing malware (and automating that process) has been his primary focus.

What is blacklisting?

To encourage a safer internet and protect users from dangerous malware infections, Google and other popular search engines review websites for malware.

• What is malware? Malware is software created for malicious purposes. Website malware can be used to attack websites in a variety of ways.

It’s not always obvious when a website has malware, so these warnings are intended to be helpful to the average website visitor.

Search engines detect malware by sending out bots (the good kind) to crawl or “index” your site. The primary purpose of indexing is to make the crawled pages available to appear in search results, but these bots also look for website malware. If malware is definitely detected on the site, the website will be inaccessible to visitors, or “blacklisted.” Blacklisting means that the site will be removed from search results so that it can’t be found through search, and a warning will prevent direct visitors from entering the site. This prevents visitors from being affected by malware attacks, which could steal their personal data, send spam, or even spread more malware.

Unfortunately, while it may sound like blacklisting makes it easy to know when a website has malware, this isn’t always the case.

Is blacklisting the best way to find website malware?

The truth is, blacklisting occurs only when malware is definitely identified and there is no chance of a false positive. This is done because blacklisting can be devastating to a business’s bottom line and reputation. However, this has two major drawbacks:

• The damage has likely already been done. Search engine bots generally do not crawl websites every day. How often they crawl depends on a variety of factors. Therefore, by the time a website has flagged, it has likely been infected for days, if not weeks.

• Many infected websites go unflagged. Less than one in five infections are caught by search engines, according to SiteLock research. This means that 83 percent of infected websites receive no warning at all from search engines.

Blacklisting is still a valuable service that protects many from harmful malware infections. However, blacklisting is not designed to protect website owners, and it is dangerous to rely on search engines to find malware. Fortunately, whether you’re a website owner or just a visitor, you won’t need to.

How can I tell if a website has malware?

While many types of malware are difficult to detect with the naked eye, some common malware attacks do show symptoms that all visitors should be aware of:

• Defacements. This attack is the easiest to spot, as cybercriminals will replace a site’s content with their own name, logo, and/or ideological imagery.

• Suspicious pop ups. Are you really the lucky one millionth visitor? Think before you click on pop ups ads that sound too good to be true. Clicking on them may cause you to accidentally download malware to your computer.

• Malvertising. We recommend exercising caution when clicking on any ads, as legitimate ads can be infected with malware. However, some malicious ads are more obvious. They typically contain spelling/grammar errors or unprofessional graphic design, feature products that don’t match your browsing history, or promote “miracle” cures/celebrity scandals.

• Phishing kits. This attack tricks users into handing over sensitive information by imitating commonly visited sites, like banking websites. They may seem real at first glance, but spelling and grammar errors will give them away.

• Malicious redirects. Often used in conjunction with phishing kits, malicious redirects take visitors from one site to another, usually malicious, site.

• SEO spam. If you see unusual comments, usually with links, in a website’s comments section, it’s likely SEO spam.

While this can help the average visitor detect an infected site, website owners will need to take it a step further to be sure their website is free from malware.

What is the best way to find website malware?

A website scanner is the easiest, efficient and effective way website owners can look for malware. You’ll also save time and money – you don’t have to look for malware yourself, or hire an expert to look for you. SiteLock offers a powerful website scanning solution that not only works automatically, but also includes the following:

• Accurate and comprehensive detection. New types of malware are created every day, so you’ll want a scanner backed with a threat database that’s updated every day.

• Automatic response. SiteLock reviews your site every day for malware, and will automatically remove known malware as it is detected.

• Detailed reports that are easy to understand. You’ll always know what’s happening with your site’s security.

• Increase visitor trust. Our scanner includes the SiteLock trust seal, which lets your visitors know your website is safe. Get protected instantly. Our cloud-based solutions can be installed in minutes.

For the most accurate and efficient protection against malware, check out our plans and pricing today. To see how SiteLock has protected other businesses from blacklisting, check out our customer stories and SiteLock reviews.

Related Articles

• Google Should Not Be Your Alarm System: Preventing Blacklisted Websites

• SiteLock Reviews Your Website Every Day For Malware and More

In this article, we look at a simple and obvious stylesheet injection attack and discuss how this could have been a lot worse.

Background

During an investigation, we discovered that a block of JavaScript was performing some questionable operations. It appeared, briefly, to be creating a new stylesheet within the rendered page and then using it, along with a large array of integers, to do “something”. In terms of an HTML page, a “stylesheet” is any <link> tags with the rel=”stylesheet” attribute and any text between <style> and </style> tags within the page. In JavaScript, you can access these stylesheets through document.styleSheets, which is an array of all the <link> stylesheets and <style> tags in a page; and, in combination with document.createElement, you can add dynamically created stylesheets to that array and pull it out later with the cssRules and cssText calls on the document object.

The Injection

Code Analysis

The first thing of note in this injection is a huge array of numbers, each of which is followed by /t, without any quotes around them. This means the array is not a set of strings but rather a set of mathematical operations.

Figure 1: Array Of Math Operations

The next important part is at the beginning of the script block, a function named createCSS. With the lack of carriage returns in the original code, it might be a little difficult to read, but after prettying it up, we have a much better idea of what it is doing.

Figure 2: Original Function Code

Figure 3: Easy-to-Read Code

Above we see that the createCSS function receives two arguments: a variable named “selector”, and another named “declaration.” The function begins by taking the browser UserAgent and converting it to all lowercase characters before checking for the presence of three strings. In this case, it is looking for “msie” in the UserAgent string as well as “win” and it is making sure that the string “opera” is not present in the UserAgent. This is essentially a check to see if the browser is an older version of Windows Internet Explorer, setting the “isIE” variable to true if it is an older Internet Explorer and setting it too “false” if it is anything else. It then creates a new style element and, if isIE is false, it creates an HTML stylesheet entry, using the selector and declaration passed in, that gets inserted into the page immediately after the <head> element. If isIE is true, however, the code checks to see how many stylesheets there are. It then finds the last stylesheet and tries to add a new rule to that sheet using the selector and declaration.

So far, this is just odd, but nothing terrible. However, after this point, the code shows its true colors and we can say, with 100% certainty, that this is a malicious injection even before we decode the payload.

Figure 4: There”s no way that this is “good”

Now that the function is defined, the injected JavaScript makes use of it by calling it to set up a new “stylesheet”. The selector is set to “#va” and the declaration is set to “background:url(data:,String.fromCharCode)”. The selector is nothing unusual, just a string that will trigger the declaration values on any element with the id attribute set to “va”, but the declaration itself is a red flag. First, it is setting a background URL to something that is not a URL or URI. Instead, it is setting it to a type-less data object. Setting a background URL to a data object is nothing special, but it is almost always done when the data object is an encoded image, in which case it would have the data tag following by a MIME type such as image/gif followed by a semi-colon and the image as an encoded string. Without a MIME type, the data tag is left incomplete. Even more interesting is that there is a comma following the data tag and then the JavaScript function “String.fromCharCode”.

Uh oh. This is NOT looking good.

If we continue, the code initializes a new variable (ucyq) and then sets another variable to the array of stylesheets present in the page, before entering a loop that will iterate over those stylesheets. As it iterates over the stylesheets, the code sets the “vpm” variables to all the rules for the stylesheet and iterates over those rules. For each of the rules in a sheet, the code checks to see if the selector contains “#va”. It skips all selectors that do not contain the string. If the rule selector contains “#va”, it sets the zio variable to the name of the selector without the “#” and the “ucyq” variable to the part of the declaration that starts with a capital S and continues to the end of the declaration. In the code sample above, that means zio is set to “va” and ucyq is set to “String.fromCharCode”.

This is followed by a curious two lines of code that get the seconds from a Date object and then the huge array mentioned in the beginning.

Figure 5: Create a specific Date object and get the number of seconds

The action of assigning the seconds from this Date object to the variable t is illuminating, however. The seconds are represented by the last argument to the “new Date()” call, in this case, 4, which means that the array is dividing all the values by 4 and brings them well within the range of values for ASCII characters (0-128).

The final section of code simply confirms this is malicious JavaScript that needs to be removed.

Figure 6: The Final Code Block, Where The Magic Happens

Here, the code is initializing a new variable, fme, to an empty string and creates a function reference, g, that simply returns the arguments passed. Then, the code sets the tevq variable to the concatenation of “e,” the value of the zio variable, and “l”. Since we know that zio is the string “va”, we now know that tevq is the string “eval”. Next, another variable, cet, is initialized to an empty string and the variable hj is set to the eval of the ucyq variable. This means that hj is now the same as “String.fromCharCode”. Lastly, the code iterates over the large array, evals each element to perform the math, and appends the character to the cet variable, before eval’ing the resulting string.

This is 100% malicious even before we look at the payload.

The Payload

It is worthwhile to mention that even though the code itself is malicious and needs to be removed, it can be helpful to understand what it was attempting to inject.

If we change the eval at the end to print out the code rather than executing it, we see that it creates this additional chunk of malicious JavaScript.

This code checks to see if there is a pre-existing body tag in the page. If there is one, the code simply creates an iframe element, sets the source to the URL specified, makes it hidden, and appends the iframe to the body tag. If there are no body tags, the code creates a new body and, if successful, executes that same code. If it was not able to create a body tag, the code simply writes out an iframe tag with identical properties.

In the sample that we encountered above; the IP address (belonging to Vodafone Portugal) was no longer responding to requests.

Summary

The Good News

The good news is that this is much easier to detect because of the large array of values that are included as the payload. Additionally, the fact that the supposed CSS is clearly not a stylesheet means that you, as a website owner, can feel confident that you can safely remove the script block that this was in. Overall, this injection was dangerous but easy to spot. However, in combination with the techniques we found in last month’s article, this could have been significantly harder to detect.

The Bad News

The bad news is that web applications are filled to the brim with resources that are located on other servers. Whether it is Google Analytics, Google Fonts, WordPress images, or any number of other services, you will find <link> tags in websites that pull those resources in. A malicious payload could easily be encoded in a stylesheet referenced by a link tag rather than constructed by JavaScript. Similarly, the processing code to turn that payload into actionable code could easily be in JavaScript referenced by a script tag rather than injected into an existing page. With some slick packaging, it could even end up getting distributed through normal CMS channels and made available to unsuspecting users to willingly install on their websites.

The Better News

SiteLock is here to help. Whether it is our informative blog articles or our knowledgeable support staff, SiteLock is here for you if you have questions or need assistance. If you think your website has been infected by malware, give us a call and talk to an agent today.

About The Author

Maarten Broekman has worked as a system administrator and systems engineer for over 25 years, primarily in the shared web-hosting space. One of the main concerns for web-hosting providers is being able to serve their customers’ websites as quickly and efficiently as possible. As a result, anything that detracts from performance needed to be examined closely and this is where his interest in malware and code analysis sprang from. For over a decade, finding, decoding, and removing malware (and automating that process) has been his primary focus.

Some of the most common hacking techniques — SQL injections, CSRF, and XSS — are also the most subtle. They succeed because they avoid raising red flags and because they exploit easy vulnerabilities. In fact, 20% of all sites hosted on WordPress are vulnerable to at least one of these attacks, making cyber attack protection all the more important. Cybercriminals are becoming increasingly stealthy, but they’re not unstoppable. The first step in cyber attack protection is to be aware of cybersecurity threats and the possible consequences of an undetected attack.

The Cost of Overlooked Cyber Attacks for Small Businesses

Did you know it takes an average of 197 days to detect a data breach, then another 69 days to contain it? That’s almost nine months total. Containment times are directly related to the final costs. The Ponemon Institute calculated that the average cost of a cyber attack for companies that can stop a breach within 30 days is $3.09 million, and for those that take more than 30 days, that cost skyrockets to $4.25 million. The cost of a cyber attack for small businesses specifically may not be quite so high, but the consequences can still be devastating. For most small businesses, the cost of a breach exceeds $100,000 — and that doesn’t even factor in the costs associated with rebuilding the brand’s reputation. Over 60% of visitors will not return to a website after an attack.

Compounding the problem, small and mid-sized businesses lack sophisticated defenses or expansive IT budgets, making cyber attacks more likely to be successful. For those same reasons, small businesses are less likely to notice the attack or know how to contain it quickly. Detecting cyber attacks immediately should be a priority, but the real goal is to prevent them in the first place.

How to Protect Your Small Business Against a Cyber Attack

When cybercriminals attacked AdventHealth, the company lacked internal security measures to alert someone about the breach. As a result, it went undetected for more than 16 months. To ensure that cyber attacks don’t fly under the radar, install automated website scanners to detect any abnormalities. This is the fastest, most effective way to find malware and other known security vulnerabilities on your site. As soon as you’re notified of a potential problem, you should investigate and respond immediately to prevent it from spreading further. SiteLock’s 911 plan responds to security breaches for you while our preventative plans ensure there is no repeat hack or vulnerability. Proactive protection from SiteLock automatically monitors and patches vulnerabilities and blocks bad traffic with our web application firewall. This will stop any unwanted visitors from accessing your website, preventing attackers from accessing your data in the first place.

Automated scanners and WAFs can catch a lot of attacks, but cybercriminals are always finding clever new ways to evade detection. Therefore, to protect your small business against a cyber attack, you must guard against the ones you can’t spot or stop. Encryption makes your data unreadable, even if someone gains access to your databases. The data becomes useless to attackers and effectively shuts down the attack. Encryption is critical not only for your database but also for oral communication through your business phone systems. Critical business information is often transmitted through them, making encryption essential.

This strategy only works, however, when all the data is encrypted. To avoid a data breach, be sure to encrypt all of your business’s data, even if it doesn’t seem particularly sensitive or valuable. If there was a cyber attack hiding in your IT infrastructure, how would you know? If the answer is uncertain, the solution is to get serious about cyber attack protection.

SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security. Your small business deserves protection. Use our free website security scan to check your website’s security health now and to stay ahead of cyber attacks.

However, comprehensive business website security solutions also deliver some benefits you might not expect—including some that can help generate substantial business impact.

In this blog, discover the business benefits of a secure website including SEO improvements, increased visitor traffic and increased conversions.

Better website protection can lead to better SEO

Adding an SSL certificate is an easy first step to receive the benefits of a secure site, such as improving your SEO. An SSL certificate marks your site as secure, and it’s one of the factors Google considers when it ranks websites in their search results.

In addition, using a Web Application Firewall (WAF) and DDoS protection on your site can also help improve your SEO efforts. These website security tools prevent malicious bots and swarms from blocking good traffic to your site – including the crawlers that Google and other search engines used to understand and rank your site.

You can also protect your search ranking by safeguarding your site from SEO spammers. Attackers often target sites just to hijack their SEO for their own spam. Regular website scanning for malicious software, combined with a WAF, keeps SEO spam attackers away from your site and protects your hard-earned search rankings.

One of the top benefits of a secure website is more customer traffic

As site security helps your SEO and search rankings improve, customers are more likely to find your website. When they arrive, your site security can help you win their business.

With DDoS protection, website scanning and malware removal on your site, visitors can get to your site without being blocked by bad bots, site takeover attacks or defacements that can damage your brand.

When customers see the SSL padlock symbol in front of your URL, they know that the data they enter is protected, so they’re more likely to stay and shop. In fact, 17% of shoppers say they’ve abandoned online transactions because they didn’t trust the site with their card information. So, earning that trust is the key to making sales.

More traffic plus customer trust = more conversions

By taking these security steps, your business can experience the business benefits of a secure site, such as driving more conversions and helping your business grow. Here are the top ways site security can help generate more conversions for your site:

• Through faster load times and increased trust in your site, visitors are more likely to browse, sign up for your promotions, contact you, or add items to their carts and check out.

• When your site shows PCI DSS compliance, you show customers that you’re using the industry standard to protect their payment data from cybercriminals. That can make customers more comfortable entering card details on your site.

• With malware scans and removal, your site is less likely to suffer a form jacking attack that can silently steal customer data, lead to costly data-privacy fines and destroy customer trust.

• When customers have safe, positive experiences with your site, they’re more likely to return and do business with you again. Additionally, customers are more likely to recommend your site to friends, family and colleagues.

Putting it all together: Website security can drive revenue growth

When customers can find your site easily, trust it, have good experiences and recommend your site to others, you’re on a path to expand your customer base, earn more repeat business and grow your revenue. All these benefits of a secure website start with a solid cybersecurity strategy for your business and evaluating the current health of your site.

SiteLocks website security scanner reviews your website and calculates your website’s risk of compromise, providing you with detailed information regarding the health of your site.

Visit our free web security scanner to get started today.

However, success isn’t always easy when it comes to selling website security. When businesses make decisions that affect the security of their digital assets, they’re often met with questions and concerns from prospective customers. This can create difficult sales obstacles if partners aren’t prepared with a strategy to overcome those objections.

Read on to learn five common web security sales obstacles and how to overcome them.

Start By Educating Customers On Potential Threats

In order to successfully overcome common objections, partners must help their SMB customers clearly understand prevalent website security threats. This helps them understand not only the threat landscape and the impact threats could have on their business, but also the value of taking proactive security measures. A few threats you should ensure your customers are educated on include:

• Malware: This malicious software is designed to steal a company’s money and damage their reputation. Discover the five types of malware all SMBs should be aware of.

• Ransomware: This is a form of malware that attackers use to restrict a user’s access to their data. After a ransom amount is paid—often in cryptocurrency—the user’s locked data is restored; otherwise, the ransomware may corrupt the user’s data, making it unusable.

• Denial-of-service (DDoS) attacks: In a DDoS attack, the assailants band together to take a site down by targeting and disrupting its offered services.

• Spam and phishing: This is when unsolicited emails containing malware links or attachments make their way into a user's inbox.

How To Overcome Common Objections

Your customers may assume they’re already protected against common website security threats—but in reality, they’re not. Below are five common web security sales objections and suggested strategies to help overcome them:

1. “I’m not hacked, and I don’t have any issues.” Most malware is incredibly stealthy and capable of going unnoticed for long periods of time, which can do serious harm to your customers. Just because your customer doesn’t have a known issue at the moment, doesn’t mean their website is free of risk. In fact, numerous factors—like how a website was designed and developed—can increase the risk of their site being attacked. Educating your customers on their risk of attack and how to protect against potential threats can be very effective in overcoming this objection.
2. “I’m too small to be hacked.” Although large enterprises dominate media headlines when it comes to cyber-attacks and security breaches, it's the smaller sites that are actually targeted the most. What are cyber criminals after? Typically, things like network resources and bandwidth are extremely valuable to hackers. The reality is, there’s no such thing as being too small to hack, and every website, regardless of its size, is a target.
3. “I can’t justify the investment.” Small businesses often build and maintain their own websites, but many do not have the technical expertise or bandwidth to ensure adequate protection is in place, which puts them at significant risk. With 60% of small businesses forced to go under following a cyberattack, the question isn’t whether or not your customer can afford website security, but whether they can afford not to have it. Additionally, there are numerous website security options available today that can easily accommodate any SMB’s budget—so investment should never be a cause for objection.
4. “Isn’t my host protecting me already?” It’s a common misconception that hosting providers protect the websites they host. In reality, hosting providers only protect the servers their sites are hosted on, not the websites themselves. Worse yet, if a website is compromised, the host will likely temporarily take a website down in order to protect the rest of the websites sharing that server—which can be the kiss of death for your customer’s business.
5. “I have an SSL certificate, so I don’t need website security.” SSL certificates provide privacy, authentication, and integrity to all data transferred over a network. While SSLs can be a great first step to securing a website, however, they do not offer comprehensive website protection. At the end of the day, your customers still need to protect their site from defacement, resource theft, and other kinds of attacks as listed above.

Surpassing The Competition By Surmounting Web Security Sales Obstacles

With cyberattacks continually on the rise, it’s essential to help customers understand why they need website security. Now that you understand how to overcome some common web security sales objections, discover additional benefits by partnering with SiteLock, a leader in website security. Our program has enabled hundreds of worldwide partners to supercharge their revenue. Get started today with SiteLock.

This abundance of security products comes as no surprise in our digitally connected age. According to the International Data Corporation, by 2025 nearly 56 billion devices will be connected to the internet throughout the world. Meanwhile, Cisco estimates that the number of distributed denial-of-service (DDoS) attacks will nearly double from 7.8 million in 2018 to 15.4 million in 2023. In other words, more connected devices means more opportunities for cyberattacks—so offering your customers strong website security is crucial as a trusted advisor.

Read on to learn which website security products should always be included in your product portfolio.

Website Security Products Every Partner/Provider Needs

Surveying the threat landscape, you might wonder what you can do to stand out from others while reinforcing your role as a trusted security advisor. The answer is simple. Being competitive means ensuring your website security offering addresses two critical areas: the constantly shifting threat landscape, and your customer’s website security pain points.

As a trusted security provider, it's important to offer customers a comprehensive portfolio of website security solutions. We’ve compiled a list of solutions that address today’s most common website security concerns and should be part of any SMB’s security strategy. These include:

• Automated Malware Scanning and Remediation: This solution quickly and automatically scans for malware, instantly remediating any identified malware to keep sites more secure around the clock.

• Vulnerability Patching: This tool identifies, removes, and fixes new vulnerabilities as they arise, offering additional security and protection.

• Website Backup: Website backups help customers encrypt a snapshot of their website’s important files, folders, and databases. These can then be stored in a secure location and reverted to if someone discovers a critical security flaw.

• Web Application Firewall (WAF): WAFs protect customer websites against distributed denial-of-service (DDoS) attacks, where attackers band together to take a site down by disrupting its offered services.

• Secure Socket Layer (SSL): This security protocol provides privacy, authentication, and integrity to all network communications. SSLs ultimately provide more (and better) security to the data which is transferred between a web browser and server.

• Virtual Private Network (VPN): VPNs establish a secure connection for your customers, routing their data traffic through an encrypted channel. The customer’s IP address is then disguised to hide their location from everyone—better securing them against external attacks.

• Spam Filtering: This solution surveys the user’s inbox to check for any unsolicited emails which contain malware attachments or links to virus-infected emails. It then prevents those messages from making their way into the user's inbox, so customers won’t be able to access harmful web resources.

• Compliance and Data Privacy: These tools give customers an in-depth look at the status of their data compliance, regularly monitoring their environment with automated checks based on industry best practices and standards.

Better Education, Better Website Security

Providing excellent website security products is only half the equation. When it comes to delivering long-term value, it's important to ensure your customers are properly educated and fully aware of critical website security risks. Engage them in conversation and help them make informed decisions that drive a strong security posture.

Now that you know which security products to offer customers, discover the proven benefits of partnering with SiteLock, a leader in website security.

In this article, we will explore a malware encoding mechanism that hides the payload in RGB color codes.

Encoding Malware

Why Is Malware Encoded?

Malware authors encode their software for the simple reason that, if they didn’t, people would know that the software is bad and wouldn’t use it. Instead, they encode it to help it evade detection by security tools, but also to mislead people about the true nature of it. Often, they will put comments around it with the ominous phrase, “Reverse engineering is strictly prohibited,” or something like that to scare people off from trying to figure out what it is doing.

In truth, encoding is often detrimental because it increases the size of the malicious payload making it easier to detect. However, some methods, like those described in my article on “interesting” malware, are strange enough they can be overlooked as junk or broken code. In those cases, most people would remove the files just because they don’t look like they work. However, there are encoding mechanisms that are strange and yet look completely benign.

Why You Need A Good Interior (Or Web) Designer

Colors Matter

Every interior designer, along with every marketer and website designer, will tell you that your color choices matter. The colors you choose for your website tell a lot about it and your company, and from that some malware authors pick those specific colors because they use them to harm your site visitors.

How Color Codes Work

We are all familiar with the fact that colors on web pages can be represented in several ways. Sometimes, you just want “red” and so you make sure that your page style sets the “color” to the word “red.” This is great and, if the colors you want to use are some of the 140 defined color names, you can use those.

But sometimes you want a color that is just a little different and doesn’t have a conveniently defined name, what then? Well, then you need to delve into hexadecimal color definitions. These colors come in two flavors:

• Traditional RGB (red, green, blue) definitions like #ffffff which says that the red value is ff (256), the green value is ff (256) and the blue value is ff (256), resulting in white.
• RGBA (red, green, blue, and alpha) definitions which use the same red, green, blue information but also contain an additional two hexadecimal characters with information on the ‘alpha’ or transparency of the color.

You might be thinking “Okay, but why does this matter?” Read on to find out.

It Takes Two To Tango

As noted above, colors can be represented as strings of six or eight hexadecimal characters. Traditionally, these are paired up to represent the red, green, blue, and alpha values between 0 and 255. However, the other thing that is represented by values between 0 and 255 is the ASCII character set. And, when the values are used to represent characters, you can string them together into executable code.

What We Found

Investigation Overview

In an investigation, the Sitelock Malware Research Team found the following JavaScript code in a file along with some additional, already known, malware.

On the surface, this snippet of code looks just like two lists of hexadecimal color codes. And if we look at what these colors would appear as, we can see that they are rather somber.

Depending on what they are used for, these colors could make an interesting set of colors for a website except for the fact that there are just too many of them. Most good websites use, at most, four or five colors, not forty-six. So right there, we have an indication that, if nothing else, this is a highly questionable design choice.

Code Review

If we step into the rest of the code, we can see that there are two functions getting created, “div_pick_colors” and “check_div_styles” along with some additional variable assignments.

The variable assignment is important to understand before we dive into the functions, though. The first thing that happens is that there is an empty array created. Next, the ‘css_colors’ array is processed by the div_pick_colors function into the variable ‘s’. Additionally, the ‘css_indexes’ array is reassigned to the variable ‘c’ for later use. The string that resulted from parsing the ‘div_colors’ array is assigned to the first index of our new array and two counters are initialized before we loop over the ‘css_indexes’ (in the form of the ‘c’ array).

The processing within the loop is straight-forward. It uses the value in the ‘c’ array to determine how long of a substring it needs to extract from the ‘s’ variable, which is then assigned to increasing indices of our ‘ct’ array, before the first index of ‘ct’ is reassigned (uselessly).

If we look at the functions, we can see exactly what the assignments are doing above.

The div_pick_colors function, rather than select colors like its name implies, is the decoding function of the malware. It takes an array of strings as the sole argument and loops (outer ‘for’ loop) over them, assigning each to the ‘c_rgb’ variable. The inner loop then steps through each string, starting at position 1 in the string (skipping over the ‘#’ in each color at position 0) and taking a two-character substring each time. As long as that substring is not ‘00’, div_pick_colors will then convert it from a hexadecimal value to a decimal value (parseInt() with ‘16’ as the second argument) and then subtract 15 from that value before appending it to the variable ‘s’.

After all the colors in the array are processed, the div_pick_colors then returns the entire decoded string.

The check_div_styles function is true to its name, sort of. As the name implies, it does ‘check’ that styles are present in the rendered page. However, it does that by finding tags in the rendered page and creating new elements after them. If it is unable to get, create, or append elements, however, it has a backup mechanism to insert its content and that is using a basic document.write() call with the same content. And lastly, the script sets a half-second delay in case it couldn’t get the initial tag.

Final Analysis

In the end, this piece of malware injects a hidden iframe to another site, but there is nothing to stop an attacker from using this method to install viruses on an end-user’s system or to change where a form submits data to.

Summary

As a website owner, you have enough to worry about between publishing consistent content, ensuring your products are available and keeping your website software up to date. Don’t let your site become infected by malicious colors, contact SiteLock today and talk to a professional about protecting your site.

About The Author

Maarten Broekman has worked as a system administrator and systems engineer for over 25 years, primarily in the shared web-hosting space. One of the main concerns for web-hosting providers is being able to serve their customers’ websites as quickly and efficiently as possible. As a result, anything that detracts from performance needed to be examined closely and this is where his interest in malware and code analysis sprang from. For over a decade, finding, decoding, and removing malware (and automating that process) has been his primary focus.

At SiteLock, we developed a proprietary risk score based on over 500 variables to help website owners gauge the overall risk of their sites on a scale from low to high. Each of the variables can be grouped into three main categories: a site’s complexity, its popularity, and its composition. In general, the more variables a site has, the higher the risk level. Those websites deemed high risk are 26 times more likely to experience a breach.

Unfortunately, as a business grows, the number of variables on its website typically grows with it. For instance, as sales increase, you may decide to give your open-source website additional functionality by utilizing more add-ons, themes, and plug-ins — which adds to the composition and complexity of your website.

Although implementing these tools can make your website easier to use and more appealing to visitors, most come at the cost of heightened security risk. This is primarily because they’re created by third-party developers, which means you’re at the mercy of developers to ensure they properly test their software for any security vulnerabilities and release updates to patch these vulnerabilities. What many website owners may not realize is that it’s their responsibility to install these security updates regularly so potential vulnerabilities are patched in a timely manner.

Additionally, as your site gains popularity and attracts more traffic, you become a more enticing target for hackers looking to steal SEO rankings. Moreover, it’s likely that several of your daily visitors are actually malicious bots. Competitors or cybercriminals might use these bots for competitive data mining purposes — or worse, to conduct brute-force or distributed denial-of-service attacks, gaining unauthorized access to your site.

To protect your business and online reputation, you should follow a cybersecurity checklist of best practices to ensure that your cybersecurity strategy grows alongside your business.

Allocating Your Budget for Cybersecurity

Even as your small business grows, your resources may still be limited. It’s important to carefully consider how to allocate your budget for cybersecurity growth. By choosing the right security partner, you can get the most for your money.

The first step is having a third-party partner perform a cybersecurity risk assessment on your website to determine your greatest vulnerabilities. Then, consider which solutions can best address any weak areas. Automated tools can save you money and time because they can scan more files and tables within your database faster than any security expert could. Additionally, when evaluating vendors, it’s important to consider how much time and effort the company puts into its security research, including the size of its malware signature database.

How to Keep Up With Growing Cybersecurity Needs

After conducting an initial security audit to identify your website’s weak areas and finding the right partner to bolster your cybersecurity growth, the next step is to follow these five cybersecurity best practices to ensure your website stays secure as you grow:

1. Implement a web application firewall. A WAF works as a gatekeeper for your website, letting in legitimate site visitors and keeping bad actors out. Consider that bad bots make up one-fifth of all internet traffic; a WAF is a necessary tool for keeping them from crawling your site’s code. The WAF you choose should have CAPTCHA capabilities, be able to block IP addresses (including geoblocking), and include protection from threats. 2. Install an automated website scanner. A website scanner scans the files on your site for malware and other known security vulnerabilities. Additionally, it removes malware and patches vulnerabilities as it detects them without any extra work from you.

3. Use an automated database scanner. Look for a database scanner that can automatically monitor your database for spam content and malware. A database is a critical component of a website due to the sensitive data that’s stored. It’s the driving force behind a dynamic website, which is why it’s essential to look for an automated database scanner that has the capability to roll back any fixes made to the database. If your site relies on a MySQL database, SQL injection prevention will help prevent attackers from gaining control by inserting arbitrary SQL code into a database query.

4. Make sure you have backup. Find an automated backup solution to ensure that all your important site files are backed up daily. Keep this working backup off-site, as the backup could become infected if it’s stored on the same server as the website in the event of reinfection. This will give you leverage in the event of a ransomware attack and allow you to get your site back up and running quickly after a cybersecurity incident.

5. Include an SSL. A secure socket layer, or SSL, encrypts any data submitted while it’s in transit between a website visitor’s browser and your web server — thus protecting sensitive data if it’s intercepted by an attacker. If you collect any information through your website via contact forms or online orders, it’s best practice to install an SSL certificate on your website, regardless of whether you own your server or rent space through a hosting provider

The first step to cybersecurity growth is understanding your risk. In general, sites that receive significant traffic and incorporate several features are more vulnerable to cyberattack — as are sites that collect valuable data such as visitor and payment information. Be proactive about cybersecurity, and business growth will present more opportunities with fewer headaches.

The Growing Importance Of Website Security

Cyber threats, data breaches, and ransomware continue to dominate media headlines. As the volume, sophistication and persistence of these threats continue to increase, the importance of website security has become a critical priority for today’s businesses.. For example, in 2020, malware attacks increased by 358% from the year prior while ransomware attacks increased by 435%, in part due to widespread remote work attracting unprecedented amounts of bad bot traffic.

Now more than ever, your customers need strong website security to maintain their brand’s reputation and integrity and prevent potentially devastating cyberattacks..

What Are The Different Types Of Website Security Threats?

There are numerous website security threats that reveal the overwhelming importance of website security to your customers. They include:

• Spam: These bothersome attacks damage customer relationships by filling the comments section of a website with links. Spam attempts to either redirect a website’s existing backlinks or plant new phishing links, both of which lead to dangerous malware.

• Phishing: This style of attack uses fake emails that seem as if they come from legitimate senders. These emails contain attachments and URLs that masquerade as friendly, appealing content, but in actuality are usually viruses that can do serious damage to a device, website, and data.

• Man-in-the-middle attacks: This is a form of malware attack where attackers establish fake wireless connections using name conventions that mimic well-known brands and businesses. These connections intercept digital communications, then steal critical information including login credentials and credit card numbers.

• Brute-force hacks: These are simple attacks which employ trial-and-error methods using username and password combinations to determine login credentials and gain access to confidential data.

• Denial-of-service attacks (DDoS): This is an attack that disrupts the operations of a website’s server and network through an overwhelming amount of web traffic hits. Resulting outages can last for days or even weeks, depending on the severity of the attack.

Why Does Website Security Matter To Your Customers?

The importance of website security is simple to your customers: more secure websites are better prepared to positively impact conversion rates, a key factor in any go-to-market strategy. If a website has a reputation for being non-secure, potential visitors won’t shop, transact, or refer to others, thus limiting the growth and success.

Your customers’ SEO efforts can also be damaged by poor website security. For example, content speed is a significant factor in how search engine algorithms rank a website, and malware injected into a website’s code can adversely affect load times—meaning a lack of security directly impacts SEO ranking. If your customers aren’t bolstering their website security, they have a significantly lower chance of being forwarded to users who aren’t familiar with them, but may be interested or searching for the goods and services they offer.

Another reason why customers should improve their website security is to earn users’ trust and see more conversions. By securing their websites, your customers can build their brand reputation and increase the likelihood of visitors recommending their goods and services to others. They can also add security credentials such as TrustSeal to their site to prove they take their visitors’ information and transaction safety seriously, as companies often must display a consistently high degree of website security to maintain active accreditations.

Understanding the fundamentals of website security is also critical as a trusted advisor. Make sure you’re educating your customers on the modern threat landscape by helping them understand how cybercrime can impact them, their business, as well as what they can do to be proactive about their website security efforts. At the end of the day, the importance of website security should be clear to every website owner and partner alike.

Secure Your Website, Secure Your Customer Base

As a trusted partner to your customers, you should always be staying on top of the latest in website security. Choosing a security vendor that offers modern web-based solutions tailored to the needs of you and your customers can empower lasting success, no matter the size of your business.

Now that you understand the importance of website security, discover the proven security benefits of partnering with SiteLock, a leader in website security.

The small business (SMB) movement is anything but small. From sole proprietors to startups, businesses with one to four employees account for over 12 million businesses in the United States. In a world where huge data breaches dominate headlines, many small business owners are aware that they need to invest in cybersecurity to protect their business. However, many more don’t invest at all. Many small business owners feel too “overwhelmed and ill-equipped” to put cybersecurity measures in place – so they put it on the back burner instead.

The solution: make it easy to get expert help. SiteLock reviews how.

SMB website security made easy

SiteLock puts the power of enterprise-level website security in the hands of small business owners at an affordable price. We know that running your business is your top priority, and when it comes to securing your site, you need an expert you can rely on. That’s why SiteLock is the chosen partner of many small business owners who are strapped for resources but need help with website security. In fact, when surveyed about their cybersecurity experience level, 43 percent of SiteLock customers responded with: “that’s why I have you.”

Here’s what easy, expert website security looks like:

Automatic website malware detection and removal. Automatic malware removal looks for malware and other website security issues every day – and removes known malware automatically.

Instant website protection. Our solutions install effortlessly in just a few minutes.

Awareness. With our straightforward Dashboard and platform digest emails, you’ll always know what’s going on with your site.

Always available. Whether it’s lunchtime or three in the morning, we’re here for you 24/7/365 with our U.S.-based customer support team.

Trustworthy. SiteLock reviews show that our customers know we have their back. In fact, 37 percent of customers who found SiteLock through a search engine or recommendation chose us because of positive customer reviews like these:

“I had a quick issue and called them – not only did I get someone to pick up right away, they were knowledgeable and made the process easy. My issue was resolved in under 5 minutes. Fantastic customer service which is almost as important as the product itself – thank you!” L. Leblois, sitelock.com review.

“I have found SiteLock to be very helpful and supportive. Having had malware detected they were able to fix the problem quickly and efficiently. They advised me on the best way to secure my site that fits within my budget. This has given me peace of mind and allows me to get on with my business. I do not hesitate in recommending SiteLock as a security company for your online presence.” F. O’Shea, Trustpilot review.

Want to learn more about SiteLock before making a decision? Check out our SiteLock review on the-blogsmith.com for the ins-and-outs of the SiteLock Dashboard and packages.

Stay protected against cyber attacks

You can take simple, effective steps to protect your company’s sensitive information. Examine your current cybersecurity rules and practices, these are frequent spots of vulnerability for small businesses. Next, have sufficient and effective employee training. Employees may unknowingly harm your business by clicking on a phishing email or downloading suspicious content. Due to inadequate computer and network security, attackers can obtain access to your company’s system in several ways, including unsecured Wi-Fi networks or personal devices, and weak passwords. Lastly, have a plan to stay protected. Once you have reviewed your present risks, you can create new protocols to minimize your exposure to cyberattacks and consistently evaluate your security.

We’re in the business of protecting small businesses

Website security doesn’t have to be a struggle, and it shouldn’t be a second thought. With SiteLock, it can be simple and quick – in fact, 26 percent of SiteLock customers choose us because of our fast service, and another 18 percent choose us because we’re always available. With automated solutions and reliable assistance, SiteLock makes securing your site easy. Struggle no more – check out our plans or call 855.378.6200 to get a custom solution for your business.

2021 also reminded us that bad actors can wreak havoc from anywhere in the world on important, global companies. An attack against the meat processor JBS led to thousands of canceled shifts and delays in meat production, while a hack into the U.S. Colonial Pipeline caused a short-term pause in oil flow. Overall, cyberattacks grew by at least 17%, and the average cost of a cybersecurity breach hit a new, all-time high of $4.24 million.

With the new year comes new threats, and 2022 won’t disappoint. Remote work will continue to leave many companies and employees open to attack, and experts anticipate ransomware attacks will continue to grow in severity over the next year. If that’s not worrisome enough, cybercrime costs are expected to grow by 15% per year over the next five years. Global spending on cybersecurity products and services will likely exceed $1.75 trillion between 2021 and 2025 as a result.

These predictions mean that it’s time to be vigilant—both for yourself and your customers. As your customers’ trusted security provider, you’re in a position to educate them about these looming threats and provide guidance on how to defend against them. With your help, they can make informed, proactive decisions about their website’s security and mitigate any risks this year has in store.

Tips For Accelerating Your Profitability And Website Security Sales In 2022

With the current threat landscape comes the opportunity to build trust and strengthen relationships with your customers. We’ve assembled three top tips to help prepare yourself and your customers for the challenges ahead, maximize website security sales, and have a successful 2022.

1. Audit Your Security Portfolio

Is your current portfolio meeting customer needs? Take time this year to audit your security portfolio and assess whether or not it's comprehensive enough to defend against major web security threats on the horizon. Increasing your website security sales can be as simple as filling holes in your portfolio with:

• Automated malware scanning and remediation: These solutions identify malware and other potential cyber threats and provide automatic remediation, ensuring worry-free protection.

• Web application firewalls (WAFs): WAFs monitor incoming traffic to websites and applications, letting trusted visitors in while keeping bad actors out.

• Vulnerability patching: Vulnerability patching services automatically find, remove, and fix website vulnerabilities hiding within core CMS systems, reducing the likelihood of exploits.

• Secure Sockets Layer (SSL): An SSL certificate is a basic security measure that protects data as it moves from a website to a server.

• Spam filtering: Spam filtering detects suspicious or dangerous emails and prevents them from getting into email inboxes.

If any of these solutions are missing from your portfolio, you have a significant, untapped revenue opportunity in your hands. It’s time to seek offerings that bridge these gaps and fulfill this year’s website security sales potential.

2. Choose A Trusted And Credible Vendor

Once you’ve identified the security offerings you’re lacking, you need to find a vendor who can provide them. It’s important to choose your vendor wisely, as they can make or break your reputation. Anything you recommend or offer to customers will serve as a reflection of your company, too.

To start, look for a vendor with a proven track record who’s recognized across the industry. A track record of good press coverage and consistent thought leadership can point you in the right direction, but you can also ask for recommendations from people in your network. Next, conduct ample research into each vendor’s solutions and technology. Ask prospective providers if they have case studies or statistics that can shed light on the success of their solutions, both in terms of technical efficacy and their partners’ resulting in increased website security sales. These can provide reassurance that the offerings are tried and tested before you start doing business.

3. Perfect Your Sales Strategy

Of course, you need to make sure that the solutions you’ll be offering are profitable. This comes down to several considerations, like whether or not there’s sufficient demand, and how much time and labor they’ll require to implement. It’s also good practice to start thinking about your overall go-to-market strategy before you commit to any solution, helping you gauge how successful the new offering will be.

Finally, check whether the vendor you’re considering has a strong partner program designed to support security sales. A comprehensive program is much more likely to bring value to your customers than a single product, which will sit on a shelf and gather dust.

Make 2022 Your Best Year Yet

Like last year, 2022 will bring countless new and evolved website security challenges, but that doesn’t mean it’s too late to prepare. By partnering with a trusted vendor, you can help your customers face this year’s threats and simultaneously boost website security sales. If you’re just getting started selling website security, check out this webinar to help you hit the ground running.

SiteLock’s proven website security solutions have helped businesses worldwide earn significant revenue and deliver high-quality security solutions to their customers. If you’re interested in becoming a SiteLock partner or simply want to learn more, get in touch with our team.

Overview

Regardless of how your site is constructed, there will always be an operating system behind it. Whether that is Linux or Windows, it still needs to be updated just like your personal computer. If you are running a private server (VPS) or using an Infrastructure-as-a-Service (IaaS) provider, you are responsible for keeping the entire system, and everything on it, up to date.

On the other hand, if you’re using a managed hosting provider, they will handle the updating of things like the operating system, the webserver software (like Apache), and the programming languages. But, as the site owner, you are still responsible for updating the software that your site is made of. This includes the core software, such as WordPress or Joomla, as well as any plugins, themes or libraries that you’ve used to customize your site.

For basic CMS sites (like a WordPress blog), you can use built-in admin functions to identify any out-of-date components and upgrade them. For premium components, you need to check with the retailer or developer to see if there are updates and then apply them if you are not able to update them from within the CMS.

For sites built from frameworks like Django, Laravel, or Node.js, you need to carefully examine all the components that are being used to make sure they are at the latest versions. Additionally, this needs to be performed again for each component to ensure that any of the libraries and components that they require are updated.

For example, if Plugin A requires Plugin B, you need to make sure that both plugins are updated properly. Similarly, if Node.js library A also requires library B, you need to make sure that both libraries are updated. This can get complicated if you use a lot of interdependent libraries or plugins.

Down The Rabbit Hole

At this point, you might be wondering why this is necessary and where it ends.

The simple answer to the first part is that, just like your personal computer or phone, attackers want to use your site for their own purposes. This can include any number of the following activities:

• Processing phishing data – They can set up your site as a phishing site or simply as a location to store data from a phishing site.
• Deploying malware to personal computers – They can use your site to deliver malicious downloads or attack the browsers of visitors
• Cryptocurrency mining – They can set up your site to mine for cryptocurrency, either on your site or through the browsers of visitors
• Stealing your visitors’ data – They can also set up scripts that copy the information that your site collects and then use it to further their own ends.
• Perform attacks against other sites – They can use your site as a jumping off point to attack other sites
• And many other things

Attackers compromise sites by using vulnerabilities in the software used, whether that is in a WordPress plugin or a JavaScript library; or they perform what is known as a “supply chain attack” to abuse the process by which people find plugins and libraries. This could be as simple as finding old plugins and libraries that haven’t been updated in a while and publish their own “update”, hacking into the account of the developer and adding their malicious code to a common library, contributing a code change to a project with ‘invisible’ characters that change how the code works, or publishing new components that use names which imply they are safe, an attack known as “brandjacking”.

As for the second part, “where does it end,” the short answer is that it doesn’t. Much like your personal computer, updating your site never ends because there are always vulnerabilities to patch, new features to add, and old functionality to remove.

However, there are ways that you can make it easier on yourself.

What You Can Do

There are some simple steps that you can take to make securing your site much easier.

First and foremost, remove all components that you no longer use. If you installed a plugin or library “just to try it” and then decided to not use it, MAKE SURE TO REMOVE IT. If it is installed, it can possibly be used to attack your site or others. By removing the unused component, you are removing any chance of that component being abused on your site.

Secondly, enable auto-update features, if available. This will ensure that any updates are applied as soon as they are available.

Third, only use legitimate sources for your components. If you see a premium plugin or theme that you absolutely need to have for your site, don’t go out to find a “free version” of it from someone else. These “nulled” components (called “nulled” because their licensing code has been removed) have been modified from their original code. The groups that perform this “service” are not doing this for free either. Many times, they add in their own code to the components and this additional code is often malicious. So, the next time you see a theme that costs money and think “I’ll just find a free version,” remember that the “free version” might just compromise your site.

Lastly, regularly review your site. Any time you look to update your site with new features and functionalities, also look at what unused features you can remove.

If you use a CMS, we have a few specific pointers here specifically at WordPress, it applicable to all content management systems.

Summary

The new year is a perfect reason to review your site and take out anything that isn’t being used, whether a plugin, theme, library, or user account. However, much like your car, it helps to check it regularly to make it everything is working properly. Be proactive and keep your site up to date and secure. Let SiteLock be your resource for protecting your site from these and other vulnerabilities with our website security solutions. Contact us now to learn more about how we can help keep your site safe and secure today.

About The Author

Maarten Broekman has worked as a system administrator and systems engineer for over 25 years, primarily in the shared web-hosting space. One of the main concerns for web-hosting providers is being able to serve their customers’ websites as quickly and efficiently as possible. As a result, anything that detracts from performance needed to be examined closely and this is where his interest in malware and code analysis sprang from. For over a decade, finding, decoding, and removing malware (and automating that process) has been his primary focus.

Be aware of the negative effects of malware for your business and know how to adequately address them if you find yourself dealing with a malware attack.

What Problems Can Malware Cause?

A few of the particularly tough effects of malware come from defacement, backdoor, redirect, and SEO spam attacks.

Defacements occur when attackers change the appearance of your site. They might add explicit images or offensive text to your homepage in order to erode trust in your brand. Defacement attacks require manual intervention from security experts. Although the matter is usually a quick fix, it can result in a loss of traffic or damage to your reputation that can cause lingering problems for your business.

Backdoors are often more difficult to spot than defacements, as they’re built to blend in with the website’s code. Backdoors allow cybercriminals regular access to your site — likely without your knowledge. These attacks may expose customer data, be used to alter the appearance of your website, etc. Ultimately, they can cause customers to lose trust in your business and impact your overall profits.

Redirects, while also hard to spot, will likely have more short-term consequences. This type of malware redirects visitors from your site and onto other malicious ones. These account for 17% of malware infections and can result in a brief decrease in traffic.

Finally, SEO spam attacks are particularly damaging for small business websites. This is when cybercriminals flood your site with hundreds (or even thousands) of malicious backlinks or unnecessary keywords. Popular search engines can ban sites for SEO spam, decreasing your rankings in the process. This can take months to recover. Having your website banned could cost your company valuable traffic and visitors until you get it back up and running.

Even website issues that are quick fixes can have lasting effects of malware on your small business, especially if you’re slow to nail down and address problems. Even without considering the damages to your business’s reputation, downtime from a cyberattack can cost small businesses as much as $427 per minute.

Getting a Malware Attack Under Control

The longer a threat actor has undetected access to your network, the worse the outcomes will be. With enough time, hackers can steal valuable company and customer data, exploit vulnerabilities, and move laterally in your network in order to gain access to other entryways.

The time it takes to identify and take control of an attack is called “dwell time.” The data breach that landed Marriott International in the headlines in 2018 had a dwell time of four years. With such a massive window of opportunity, it’s no surprise that hackers stole the data of as many as 500 million customers.

The best lesson small businesses can learn from such an event is the importance of minimizing dwell time. The following three steps can help you prevent malware attacks and reduce dwell time should an attack occur.

1. Lean on automation. Performing regular manual website security audits can be time-consuming — especially in a small business environment, where information technology workers have to wear multiple hats. To protect yourself from the effects of malware attacks, rely on automated tools such as website scanners. They can operate on their own and identify threats in real time.

2. Patch vulnerabilities. Update software — including all plug-ins and your core content management system files — on a regular basis. Software developers are constantly releasing patches and updates for a reason: to protect against vulnerabilities. They’ll also include reports about the vulnerabilities each patch addresses. By failing to update your software, you’re exposing yourself to cybercriminals who know how to pinpoint the weak spots in previous versions of software. Don’t put off updates; perform them as soon as possible.

3. Create a response plan. Creating a company wide response plan is a great way to ensure your employees are all on the same page, and it even provides a certain degree of cybersecurity training. The main benefits, however, come to light when the incident occurs. When there’s a documented process in place, your business will respond to a cyberattack with greater efficiency, reducing dwell time and minimizing the consequences of malware.

Though the effects of malware can be damaging and costly to a small business, it doesn’t have to be. Practicing proper “cyber hygiene” can help you prepare for and even prevent a malware attack.

Want to learn more about malware? Check out these additional resources from SiteLock:

• What is Malware?
• Common Types
• The Evolution of Malware
• Ways Malware Can Get Onto Your Site
• The Dangers of Malware
• How to Check Your Website for Malware & Common Signs
  • How to Check for Malware in Databases
• Ways to Protect Your Site
• How to Remove Malware
• Malware Analysis Series:
  • Signature Based Analysis
  • How a Signature Is Born
  • Detection vs Removal

What Is A Supply Chain Attack?

A supply chain attack is when an attacker inserts harmful code or physical components into software or hardware made by a trusted brand. The goal of these sorts of maneuvers isn’t to compromise the individual who is directly attacked in the situation. Rather, it’s to plant a seed which can act as a catalyst to infect machines that come into contact with the compromised program or device—and that can be anywhere along the supply chain, hence the name. In doing so, attackers are able to spy on (and steal information from) potentially hundreds of thousands of unknowing victims.

These kinds of attacks are so insidious because of the nature of their targets—namely, products by well-respected brands in technology that have been audited for security before their release. Take SolarWinds, for example. This IT infrastructure and network management firm was unknowingly the victim of an attack in October 2019, when hackers believed to be directed by the Russian intelligence agency SVR interfered with software update version 2019.4.5200.8890 of the company’s network-monitoring tool, Orion. In doing so, the attackers planted the .NET class necessary to host malicious backdoor code planted as part of Orion’s update version 2019.4.5200.9083.

As a result, anyone—whether on a personal or company machine—installing those particular Orion updates had unknowingly allowed a Russian backdoor into their technological ecosystem. This cyberattack approach violated the security of companies such as FireEye, but also the US Commerce, Treasury, Homeland Security, and Energy departments. All this is to say that the answer to the question of what is a supply chain attack is simple: it’s no joke.

How Do I Detect A Software Supply Chain Attack Before It Happens To Me?

Having answered the important question of what a supply chain attack is, it’s now essential to understand how you can defend against this modern, dangerous threat to cybersecurity. Some actions you and your organization can take to prepare for software supply chain attacks include:

• Develop processes and strategies to ensure a safer use within your software product lineup

• Enable endpoint detection and response solutions to recognize and address any suspicious activities

• Establish code integrity policies allowing only authorized programs to run on your network

• Develop a comprehensive asset inventory to fully understand the flow of data throughout your organization

What Can I Do To Prevent And Combat Software Supply Chain Attacks Once They’re Discovered?

In the unfortunate event that you or someone at your organization discover a supply chain attack has occurred, there are measures that can be taken to combat the attack before it does any significant damage:

• Segment the network to prevent vulnerabilities and exploits from affecting other devices

• Establish a comprehensive incident response approach tailored to your organization’s needs and technology

• Restrict all connections to those on an approved list to ensure that critical devices won’t become infected by the attack

• Employ robust network defenses and monitoring to identify any abnormalities and restrict unsanctioned data flow

• Enact a full security impact analysis to learn how the attack happened, which components were affected, and how to mitigate these faults in the future

It’s also important to be open and honest when updating customers about supply chain attacks that may impact them. By sharing accurate and timely information as it’s available, you can demonstrate that your organization takes customers’ data security seriously.

SiteLock Secures And Protects Websites Against Harmful Attacks

SiteLock offers powerful website security solutions, such as daily site scans, automated malware removal, and vulnerability patching. With SiteLock on your side as your website security provider, you know your site is secure and safe end-to-end.

Now that you know how to secure your company’s supply chain against vicious cyberattacks, learn what ransomware is, and how it works.

It is nothing new for hackers to try and keep consistent access on their victim web servers. There are a multitude of ways that this can be accomplished, however, there are two methods that we encounter the most:

• File upload bypasses.
• File downloads.

If an attacker finds these vulnerabilities, they can use them to continually upload their shells or download their backdoors in order to maintain access. As you can imagine, this can cause severe damage if gone unnoticed and not handled in a timely manner.

“Why does this matter?” Let’s say you are running an online business. When you advertise, search engines index your website so potential customers can see your products, reviews, updates, etc. without needing to visit your website. You may have noticed this when using your favorite search engine. For now, let’s say that your website gets hacked, and the attacker uses a script that will download spam files and edit the robots.txt file to allow search engines to index these spam files; and display those spam links instead of your normal links. This will effectively ruin your search engine ranking, drive away visitors, and potentially get your site backlisted for spam. To protect against these threats, it’s important to understand how these attacks are carried out.

Upload Bypass

One method attackers may use to upload their malware is by manipulating the file extension, such as changing .php to .PhP to avoid basic upload filters that only check that the file extensions are correct. However, a more complex method of avoiding filters is by abusing “magic bytes,” which is how Linux systems determine filetypes, unlike Windows systems which determine filetypes by the extension. Let’s look at an example SMRT found below.

The above file had the file name screenshot_1.png. As you can probably tell, there is PHP code in this image file. Using the file utility in Linux, we can see that this is not being registered as a PHP file or a PNG image file, as shown in the image below.

This will allow it to bypass filters that are not checking metadata and doing in-depth file checks. Now, whenever that file is loaded, the embedded PHP code will execute, downloading the malicious file.

The suspicious file can still be reached and was downloaded to a sandbox for further analysis. A snippet of the malicious code is shown below. Additionally, the SiteLock SMART Scanner already detects 0xmad[.]me should it be present in files on your website.

As stated in the code, this is a webshell used by the attacker to further exploit the website they have infiltrated. Notice the array of additional tools this webshell is able to download to keep access and modify settings.

To see exactly what the shell is doing, we ran the code in a sandbox environment.

As you can see from the image above, this webshell offers a full GUI for the attacker to make further exploitation easier. The webshell offers a wide range of functionalities, including uploading new files, running system commands and modifying existing files. This is a highly damaging malware infection as it can lead to repeat infections, persistent access for the attacker and even full site destruction. This shell will be cleaned by the SiteLock SMART scanner should it find it on the website it scans.

File Downloads

After an attacker figures out they can bypass upload restrictions, their next step is to download their own files to further exploit the website, whether it be for malicious redirects, SEO spam, or defacements.

One method an attacker may use to exploit systems is by using a simple PHP script to call out to their web server, save the code from a file, then run it on the target’s web server. A simple example of how this can be done was shown in the first image in the previous section.

Let’s look at another real-world example the SiteLock Malware Research Team (SMRT) discovered on a customer's website.

Right away, we can see suspicious activity going on. First, we see that there is a system call to the wget utility, which is used to download files or webpages over the internet. In this case, it is calling to the URL netbombers[.]site90[.]com/shell.zip. Once the download is complete, there is a dialogue box that will popup alerting the attacker to a successful download.

Next, the script will extract the malicious file to the directory that the ZIP file was downloaded too. Once that is done, the script will print out the directory listing using the ls command, presumedly to validate that the file was, in fact, successfully extracted.

To easily get to the malicious file, the attacker can include a GET request, that would look something like the example shown below.

If that GET parameter is included, the file will automatically redirect the attacker to the shell that was downloaded to the webserver using the built-in header PHP function.

While investigating the source of the malware, we found that the website hosting it was no longer in service at the time of writing, or at the very least, blocking our requests. This means that while this file is malicious, it will potentially not be able to accomplish its goal of downloading a shell.

We did notice that this malicious site seems to be currently migrating to a new server, so the issues connecting to the website could also be a temporary one for everyone trying to navigate to it.

Trying to manually browse to the site also yields the same results, however it is a Cloudflare error 1020, meaning that the request to the website was blocked. This could also be temporary until the website finishes migrating before it starts distributing malware once more.

How The Vulnerabilities Get Introduced

As stated throughout the article, file upload vulnerabilities are introduced through improper validation of the uploaded file. The file download vulnerabilities can be introduced using unneeded functions being enabled on your website. There is also the threat of vulnerable plugins being installed or not being patched. A quick search on exploit-db for “wordpress file upload” revealed over 100 known file upload vulnerabilities in WordPress plugins. Some of the most recent ones are shown below.

Should you get a notification that there is an update for a plugin you are using, consult with your developer before updating the plugin to avoid any possible compatibility issues. It is recommended to update as soon as possible to mitigate the likelihood of the vulnerability being discovered on your website and exploited.

Summary

To prevent these kinds of vulnerabilities, make sure any file upload features that you use verify the files being uploaded match the filetypes that are expected.

For example, if you are allowing your visitors to upload images, the upload filter should check file extensions and the metadata for a definite answer as to whether the file is an image or an attempted malicious upload. This can be done with built-in PHP functions, such as exif_imagetype as this function will check the first bytes of the file and its signature to determine its image type. While it may be possible to still bypass that filter, it is possible to use additional filters for finding executable code in the file. This can be done using regular expressions to look for opening php tags or other strings that could alert to a malicious upload.

If malware bypasses those filters, some of the functions used, such as file_get_contents can be disabled in the php.ini file to prevent more files from being downloaded. It is recommended you speak with your web developer to ensure that those changes will not affect your website's functionality.

SiteLock’s website security solutions can help proactively prevent these types of attacks, even though these types of vulnerabilities can be difficult to track down and remediate. Our security solutions have the capabilities to find and remove malware that may be downloaded or uploaded because of these vulnerabilities. For example, both malware samples in this article will be cleaned by the SiteLock SMART scanner. However, if you feel your website is hacked or vulnerable, contact us to learn about our website security products or to speak with one of our security professionals about our services today.

About The Author

Adam Morris has worked in the information security field for the past four years, primarily in the web security space. Knowing information security is an ever-changing environment with new threats emerging every day, this evolving space is where his interest of finding new threats and exploits came from. For the past few years, researching new threats and new technologies has been his primary focus.

The good news is there are countless website security providers you can partner with to keep clients protected, and there’s never been a better time to join this profitable industry. The cybersecurity market is expected to reach $345.4 billion by 2026, which means forming a successful channel partnership with a reputable website security provider can boost your bottom line. But despite so many options available, it can be challenging to find a vendor you trust who can provide all the services you and your clients need.

In this blog post, we’ll discuss eight criteria to keep in mind as you identify and evaluate a website security provider, ensuring your clients get a high-quality solution that delivers on all fronts and you get a lasting, profitable partnership.

Tips For Choosing A Website Security Provider

When choosing a website security provider, look for one that offers the following:

1. Strong reputation: Does the website security provider have a track record of delivering reliable, high-quality solutions? While it may be tempting to settle for the first vendor you come across, exercising due diligence will pay off in the long run. Remember: working with an unreliable security vendor can damage your reputation, while partnering with a highly regarded company can give yours a boost by association, instilling confidence in prospects. Strong online reviews, good press, and awards can all attest to the quality of service and indicate you’re on the right track.
2. Proven technology: Just as important as the provider's reputation is the caliber of their technology. Automated malware protection and removal solutions are great, but you also need to know they’re effective and proven to withstand even the most sophisticated attacks before offering them as solutions to your clients. Ask for statistics regarding the efficacy of the provider’s technology or look for case studies that demonstrate their value.
3. Deployment options: Website security providers can offer different deployment options for their services, from on-premises to cloud (SaaS-based) deployment. On-premises software is installed on your own servers and computers, while cloud-based software is hosted by the security provider. If you know which deployment option you want, you can narrow down providers accordingly. If not, look for a provider that offers both.
4. Go-to-market strategies: Ideally, your website security provider will be able to help you with one of the most important aspects of actually making your offerings successful: a go-to-market strategy. A strong partner will share tips they’ve gathered when launching their own products, from questions to explore while creating your plan to metrics for monitoring and improving performance over time.
5. Support assets: It’s key to have a website security partner who will actively support both you and your clients. For your business, this could include marketing materials and other sales enablement resources to help you pitch your new security offerings to existing clients, generate leads, and boost your average revenue per customer. For your customers, it may mean security education and customized campaigns that empower clients to take a proactive role in their site’s overall security.
6. Program maturity: A reputable website security provider isn’t the same as a reputable partner. When scouting a website security provider, look for one that already has a rolodex of long-standing, satisfied channel partners. You can even reach out to a few of the existing partners for another perspective or reference on the effectiveness of their program.
7. Revenue stream: In addition to offering protection to your clients, your channel partnership should generate revenue for your business. For instance, it can boost customer satisfaction and reduce churn, ultimately increasing bottom line revenue. Make sure the prospective website security provider can point to concrete ways the partnership will help grow your company.
8. Product fit: You want to make sure that the products offered by the website security provider fit your clients’ needs and complement your existing product portfolio. For example, if you have many Ecommerce clients, look for a provider that offers automated website scanning, web application firewall, and content delivery network. It’s important to make sure the potential security provider is familiar with the types of businesses your clients run and can offer a comprehensive suite of solutions to meet their website security needs.

Advance Your Business Through A Channel Partnership

If you’re ready to expand your company's product offerings and break into the website and cybersecurity space, consider becoming a channel partner with SiteLock today. Learn more about partnering with us to grow your business and protect clients from threats.

Babuk ransomware was discovered fairly recently, in early 2021, but it hasn’t taken long for this destructive new malware to gain notoriety. Known by its Russian spelling, Babyk, in other countries, Babuk ransomware has made a name for itself through several high-profile attacks, and has extorted at least $85,000 from its victims to date.

Despite its successes, Babuk isn’t considered a sophisticated malware. It has a number of bugs and doesn’t obfuscate its code, a tactic most threat actors use to prevent others from understanding it. But this doesn’t mean Babuk ransomware isn’t dangerous. Some victims have had their files corrupted beyond repair, while others have had their private data published on the internet and dark web.

In order to protect yourself, it’s important to learn more about Babuk ransomware, including what Babuk ransomware is, what it does, and how it spreads.

What Does Babuk Ransomware Do?

So, what is Babuk ransomware and what exactly does it do? Like other ransomwares, Babuk gains access to a system, then holds the system or its data hostage until the victim pays a predetermined fee.

At first, the Babuk group used file encryption to gain leverage over its victims but, because the ransomware wasn’t particularly advanced, they weren’t always successful. The ransomware corrupted some machines beyond repair, which meant that even if the victims paid, they wouldn’t be able to get their files back, essentially destroying any incentive to pay the ransom.

However, after a failed attack on the District of Columbia’s Metropolitan Police Department (MPD) in April 2021, the group experienced an internal divide that eventually led to a new approach. Babuk’s admin wanted to leak MPD data for publicity, but others felt this went too far. The second faction split and formed a new group, Babuk V2. As a result of this event and other failures in the ransomware, the group announced that it would focus on data theft and extortion rather than system encryption. The group would publish the data of any victim who didn’t pay their ransom.

On underground forums, the group has said they won’t target charitable organizations or businesses making less than $4 million a year, but they’ve exempted social justice groups supporting LGBTQ and BLM causes from these rules. These organizations, as well as organizations within the healthcare, manufacturing, and logistics industries, should be on the lookout for potential threats.

How Does Babuk Ransomware Spread?

Babuk ransomware operates under a ransomware-as-a-service (RaaS) model, in which an author creates malware and sells it to affiliates who can use it however they wish. Babuk attacks

tend to occur in three stages—initial access, network propagation, and action on objectives—and Babuk cybercriminals use three entry vectors to deliver the malware payload:

• Email phishing. Some Babuk threat actors use emails to deliver a malware strain like Trickbot to a victim’s computer.

• Common vulnerabilities and exposures (CVEs). Another popular entry vector for Babuk ransomware is exploiting CVEs in widely used softwares.

• Remote desktop protocol (RDP). Threat actors can also break into systems by taking advantage of poorly protected RDP access.

In summary, Babuk uses similar methods as other RaaS products to exploit a system. It’s believed Babuk could even be related to Vasa Locker ransomware due to shared ransom notes, codebases, and dropped artifacts.

How To Protect Yourself From Babuk Ransomware

To avoid a Babuk attack, it's important to have ample protections in place, like updated antivirus software and two-factor authentication for all system accounts. As always, you should avoid opening any suspicious emails or messages, and be extremely wary of any links or attachments within them. Finally, by regularly updating your software, you can make sure any vulnerabilities are patched and your system is protected from threats.

Now that you have a better understanding of what Babuk ransomware is and how it works, it’s now time to learn more about ransomware in general. Check out What Is Ransomware? on our blog for insight into this serious threat.

Become proactive with securing and protecting your digital assets to help prevent being held hostage by bad actors. SiteLock can help with our solutions to detect, remove, or restore a website that's been damaged by malware. Contact us today for details about our web security products.

But doing so can be costly as cyber criminals are becoming deceptively more creative with ways to manipulate and capture website visitors. There are likely to be more inconspicuously dangerous sites during the holidays, and legitimate websites can also fall victim to cyberattacks. If you happen to visit a website that’s been compromised, your computer can quickly be infected by cyber criminals implementing a popular drive-by download attack.

Drive-by downloads are one of the most common methods used by cyber criminals to install malware and gain unauthorized access to your device, so knowing how they work and what steps you can take to avoid them is essential. Here, we’ll look at what a drive-by download is, types of attacks, and how to stay protected this holiday season.

What Is A Drive-By Download?

When a computer becomes infected with malicious software just by visiting a website, it’s known as a drive-by download. The user doesn’t have to stop or click anywhere on the page, so simply visiting the page is enough to cause an infection. Most types of drive-by downloads take advantage of vulnerabilities in web browsers, operating systems, or file editors and viewers like Microsoft Office and Adobe Flash.

In a typical drive-by download attack, the hacker compromises a legitimate website by embedding or injecting malicious objects inside the web pages. While invisible to the average visitor, the infections could be injected through JavaScript code, iFrames, redirects, malvertisements (an ad that triggers malicious code when viewed or clicked), cross-site scripting, and other malicious elements.

When a user visits the infected webpage, the malicious elements are triggered and exploit a vulnerability in part of the software stack on the user’s computer. Malicious files are then downloaded silently onto the user's device, giving the hacker complete control over the device. Hackers then have the ability to extract passwords or other potential sensitive information from the device.

Types Of Drive-By Downloads

Hackers can use a variety of malicious applications to hack a victim’s device, including:

• Trojan horses. These provide remote control of the user’s device, usually through backdoors or rootkits.

• Ransomware. Allows the attacker to encrypt or destroy data on the device.

• Botnet toolkits. Attackers may directly install botnet applications that perform actions like sending spam emails.

• Droppers. Malware built to load more malware without being detected.

• Man in the middle tools. Also known as MitM, these tools enable attackers to eavesdrop on the user’s communications, insert data into forms, hijack sessions, and steal credentials.

• Keyloggers. These perform keystroke capturing that allows the hacker to gain access to passwords and other sensitive information.

• Data transfer. Tools that allow the transfer of sensitive data to its control center.

How A Drive-By Download Attack Unfolds

The growing complexity of internet browsers are contributing to the increase in drive-by download attacks, as the number of plug-ins, add-ons, and browser versions continually rises. This means there are more weaknesses for cybercriminals to exploit—especially during the holiday season, when more retailers are creating new websites, offering online deals, and putting additional time and effort into building their online presence.

In most attacks, the hacker's objective is to compromise the victim’s machine and enlist it into a botnet. Through the initial security breach, hackers can leverage control of the device for lateral movement. Some common methods used by cybercriminals to deploy a drive-by download include 1) installing keyloggers to capture and record the victim’s keystrokes and 2) using ransomware to encrypt data on the infected device and demand payment for recovery.

These cyber criminals also search through the victim’s data, applications, and configuration files for IDs, passwords, account information, and other sensitive data. The malware can often find login credentials and other sensitive information stored in configuration files for browsers or other applications, so the hacker can use them for nefarious purposes such as conducting unauthorized transactions without the victim’s knowledge.

Defending Yourself Against Drive-By Downloads

Drive-by downloads are a major concern, especially during the holiday season when shoppers are spending more time browsing the web searching for great deals. Here are a few steps users can take to protect themselves from these types of attacks:

• Update software quickly and consistently. Cybercriminals rush to reverse software updates, and target users who haven’t applied them. Configure your operating system, browsers, and applications to update automatically whenever this option is offered or available.

• Remove unnecessary software and plug-ins. Computers tend to fill up with applications and browser plug-ins that are never used. Removing them significantly reduces your chances of falling victim to a data breach.

• Use firewalls. Firewalls can be a great line of defense and can block most malware threats and unwanted traffic..

• Use web filtering software. Turning on security features that monitor websites helps contain malicious drive-by download and other cybersecurity attacks.

• Disable Java and JavaScript. Where possible, disable Java and JavaScript— then put trusted sites that require it on a whitelist.

• Install ad blockers. Drive-by download attacks typically use ads as infection vectors, so blocking them will reduce exposure.

Stay Protected With SiteLock

Now that you know how cyber criminals use drive-by-downloads to install malware and gain unauthorized access to your device, learn more about protecting your web assets and defending against cyber criminals. Read What is Ransomware to discover how hackers hold sites hostage—and four steps you can take to ensure yours isn’t one.

The DarkSide ransomware group further made their voice heard by attacking businesses like Toshiba Tec Corp. and Brenntag. But the straw that broke the camel’s back came in May 2021 when they attacked the Colonial Pipeline Company, who operates the Colonial Pipeline which supplies 45% of the US east coast’s fuel. This forced the company to shut down their digital systems for five whole days, which attracted the attention of the FBI. Investigators managed to seize $2.3 million worth of cryptocurrency from the DarkSide ransomware group, who appeared to disband in response.

But cybersecurity experts argue that their dissolution may be a ruse—meaning you and your company may still be at risk when it comes to DarkSide ransomware. Read on to discover more about this harmful ransomware, and learn how you and your company can stay protected from it.

What Does DarkSide ransomware Do?

DarkSide ransomware encrypts and steals sensitive data, typically from large companies with the means to pay the requested ransom. The attackers then threaten to make the stolen data publicly available in the event their stated ransom is not paid in full.

What Makes DarkSide Such A Threat?

But what makes the DarkSide ransomware group such a threat is that they employ a double extortion approach to extract money from DarkSide ransomware victims. Namely, DarkSide ransomware demands one payment to unlock affected devices, and then another payment to retrieve stolen data.

How Does DarkSide Spread?

In order to gain access to a company’s network of devices, the group employed techniques such as phishing, remote desktop protocol (RDP) abuse, and brute force attacks, all in an attempt to exploit the CVE-2020-3992 and CVE-2019-5544 vulnerabilities—both of which have since been patched to fix the vulnerabilities.

Once in, the ransomware checks the infected machine’s default system language and its name. If the infected user has administrative privileges to their devices, it’s down to business; if not, the ransomware is happy to try obtaining privileges with a user account control bypass technique. Next, the ransomware exfiltrates data and encrypts local data on the machine. Finally, it disables security protection services and deletes volume shadow copies. This way, the user can’t revert their encrypted data back to the non-encrypted copies.

With the files encrypted and data exfiltrated, the attackers plant a ransom note instructing the DarkSide ransomware victims that their data will be made publicly available—and the media informed—if the ransom is not paid in full before the specified time.

Help Me Protect My Web Assets From The Dark Side!

We can do that—and you don’t even need to have the Force to pull it off! Here’s a handful of smart, intuitive ways to protect yourself from the DarkSide ransomware group:

• Secure your accounts with strong, unique passwords that aren’t easy to guess

• Update your device software regularly with the latest updates and protections

• Disallow admin privileges to users unless absolutely necessary

• Back up your data to a source that isn’t connected to a network

• Disable RDP when not being used, or switch the RDP port to something non-standard if necessary

• Watch for privileges being granted and software being removed without permission

• Keep track of all outbound network traffic which could indicate your data is being stolen

By adhering to each and every one of these helpful tips, you can help ensure that DarkSide ransomware remains a thing of the past.

Shine Bright With SiteLock

Now that you know all there is to know about staying protected from DarkSide ransomware, you’re ready to defend yourself and your organization against cybercriminals. Read “What Is Ransomware?” to learn how hackers hold sites hostage—and which four steps can ensure yours will be protected.

The question is, how can you effectively stand out to position your business and products, and win the trust of customers? It starts with having a go-to-market strategy. In this post, we’ll explore how to build a go-to-market strategy, its definition and components, and much more.

What Is A Go-To-Market Strategy?

The best way to explain a go-to-market strategy definition is that it’s a framework for launching and selling a product or service. The strategy begins with figuring out exactly what your customers want, how much they are willing to pay for it, determining your value proposition and positioning it to make the most sales. All of which happens before you even launch your sales page.

How Is A Go-To-Market Strategy Used?

Go-to-market strategies are essentially a plan of action. In it a company lays out its plans for reaching target customers and getting a leg up on the competition. From the cost of bringing the product to market to the precise means of marketing, it’s similar to a business plan in many respects. Whether launching new products or relaunching or bundling products and services already in your repertoire, they help sales teams explain to customers why they should buy.

They are also used to help predict potential revenue. When you create your plan, you can reduce time and resources spent in marketing products and services and reduce the potential expense of possible failures. Since you are doing market research prior to launch, you can more easily predict whether or not the product or service you are launching will sell.

Get it right, and you’ll achieve growth in revenue. Get it wrong, and you may have to go back to the drawing board.

Another reason having a go-to-market strategy in place is so important, particularly in the world of cybersecurity is that it increases your ability to adapt to the continuous change of the threat landscape. Everything you do in your framework can be repeated as things evolve.

The same questions will be asked of your customers, and the same research will be curated and evaluated to determine market needs and demand. Now that we’ve answered the question of what a go-to-market strategy is, let’s take a look at how to build one.

Building A Go-To-Market Strategy

There are many ways to approach and develop a Go-To-Market Strategy, but most include some core elements, which we have outlined below:

• Identify target markets: It's critical to understand the type of market you're entering since you'll be able to assess the market's advantages and disadvantages. Ask yourself questions like:

• Which target markets do you want to go after?

• What issues do you want to address? (i.e. general cybersecurity or a more niched down segment such as fintech companies)

• What kind of market are you in, or would you like to be in?

• What is its rate of expansion and how big is it?

• Identify your target customer: Understanding your target customer can also assist you in determining your price and marketing strategy for your product or service. All of your eventual decisions will be based on that ideal persona. Ask yourself questions like:

• Where do your target customers buy?

• What channels do they use?

• Where will you advertise your goods?

• Where can you reach your target consumer more effectively and quickly?

• Define your solution offering: In this element, you’ll consider the cybersecurity solutions you are considering selling. Questions to think about for this include:

• Do you have the products or services your customers need readily available?

• If not, can you develop it or partner with a supplier to help you bring the offering to your market quickly?

• Define your value proposition: The biggest question here is why should your customers buy from you instead of the competition? What sets your cybersecurity solutions apart from what others are selling? For example, if you can provide a one stop shop for everything a customer may need to defend themselves online, you will be much more likely to win the sale than a company who doesn’t.

• Select your sales channels: For this element, you will need to consider whether you will be selling directly to the consumer, or acting as go-between for another supplier (i.e. direct sales, value added reseller, managed service provider, etc…) Once you determine this, you’ll need to explore which channel makes the most sense to reach that target audience such as ecommerce website, online marketplace, retail store, call centres, etc.

• Select a marketing strategy that matches your goals: Where are your customers hanging out online? Will you sell ads to them on Google/Facebook? Or perhaps an organic marketing campaign with blogs and white papers will work better. Do as much research in this phase as possible to avoid wasting hundreds if not thousands of dollars on marketing plans that won’t yield revenue.

• Identify and track key metrics: What metrics will you need to measure to ensure you are meeting your goals? A few metrics you may want to track include, but aren’t limited to:

• Number of sales leads acquired

• Cost per lead (CPL)

• Lifetime Value (LTV) of the customer

• Average sale

• Conversion rates (visitor to subscriber, visitor to customer, subscriber to customer, etc…)

• Churn rate

• Plan how to keep your customers: With so many companies offering similar cybersecurity solutions to your own, how will you keep your customers loyal to you? Consider things like:

• Loyalty discounts

• Retention offers if they try to cancel

• Brand advocacy programs

• Free education and training

Conclusion - Next Steps

We’ve covered a lot in this post. We’ve explained what a go-to-market strategy is, why they are useful, and we even walked you through how to build a go-to-market strategy for your own company. Next, it’s time to put your strategy into action.

It’s important to note that you must give your strategy enough time to see if it was effective or not. Successful implementation of a new go-to-market strategy can take 12 to 36 months. It’s also worth noting that it is a long-term approach to building profitability, decreasing customer acquisition cost, and enhancing the customer experience.

To accelerate your results, it may be beneficial to partner with a security provider with a proven methodology for successfully selling in the cybersecurity market. Look for a partner that can offer a blueprint for success, has case study examples that illustrate their strategies work, and that is a proven expert with credibility and a strong reputation.

If you’re currently looking for a channel partner, look no further than SiteLock. As industry leaders in the cybersecurity space, we can help you bridge the gaps in your own security solutions, and help you develop a go-to-market strategy that can yield more revenue and customers than building your own solutions in-house. Learn about SiteLock’s Channel Partner program.

The name “Petya” stems from the 1995 James Bond film, GoldenEye. In the film, Petya is the name of one of the Soviet weapon satellites that carries an atomic bomb called a Goldeneye.

The new variant of Petya ransomware that caused irreversible damage to Ukrainian businesses was given the name “NotPetya” to differentiate it from the original.

Before diving into how to protect your web assets from Petya ransomware, let’s first answer two important questions: How does Petya ransomware work? And how does Petya ransomware spread?

How Does Petya Ransomware Work?

This type of malware infects the master boot record, essentially taking over the whole computer and causing its data to become inaccessible. When the user tries to access the data, a ransom note appears with a red skull and crossbones on the screen, saying that the disk has been encrypted. The message is simple: pay a ransom (usually $300 to $400 in Bitcoin) for a key to reclaim file access—and this number doubles after one week.

However, it’s important to note that the key in question is randomly generated, meaning that the disk can never actually be decrypted or recovered. This means that the Petya malware is actually a wiper rather than a ransomware, and therefore victims should never pay—as they will not get their files back regardless.

How Does Petya Ransomware Spread?

To answer the question “how does Petya ransomware spread,” we must first understand what a computer worm is.

A computer worm is a type of malware that can copy itself without any human interaction, and can spread those copies from one computer to another. Petya ransomware is a computer worm that self-propagates by building a list of target computers and using two methods to spread itself to those computers, including IP address and credential gathering and lateral movement.

Once installed, the malware hijacks the master boot record during the next system reboot, and then displays the ransom note to the user.

Now that we have answered the questions “how does Petya ransomware work” and “how does Petya ransomware spread,” we can talk about how to ward off this malicious malware.

How To Protect Against Petya Ransomware

Like most ransomware, Petya is difficult to remove after it has infiltrated and ingrained itself into a system. Unlike typical malware, it doesn’t just encrypt files—it takes over the master boot record, making it even more dangerous. The best method of dealing with this type of malware is to prevent it altogether. To do this, we recommend:

• Ensuring regular data backups and restore drills

• Keeping operating systems and security software up to date

• Training and educating users on ransomware

• Investing in robust security solutions

If your system becomes infected or you end up getting attacked, the following steps can help contain and minimize the damage:

• Turn your computer off and disconnect from the network

• Call law enforcement

• Determine the scope of the problem based on threat intelligence

• Have your IT team restore everything from backup

If an attack occurs, it’s vital that you assess the chain of events and determine how the malware got through. Take a close look at your security tools and where your procedures fell short. After determining how the attack occurred, implement proper security awareness training to properly educate and train your employees to help avoid future incidents; along with finding more effective security solutions moving forward.

Stay Guarded With SiteLock

Petya ransomware may be sneaky, but it’s also preventable. Knowing how Petya ransomware works will help your website and web assets remain secure. Check out “What Is Ransomware?” to learn about the other ways in which hackers attempt to hold sites hostage, and how you can prevent yours from being a target.

Ironically enough, for a short period of time security performance was impacted on some sites with the plugin installed. Attackers taking advantage of these newfound vulnerabilities could be allowed full, unmitigated administrator privileges to any WordPress site with the Classic Editor plugin installed, allowing them to do anything an authorized admin could do.

Although the vulnerabilities have since been fixed, the WP Fastest Cache plugin has been downloaded and installed onto WordPress sites over one million times—there’s no telling how many installations have yet to be updated.

Digging Deeper Into WP Fastest Cache’s Exposed Vulnerabilities

The WP Fastest Cache vulnerabilities include:

• SQL injection: This vulnerability directed at the site owner’s database allows any users who are logged into WordPress to be given information—including usernames and passwords—which only administrators should have access to. Often, the intended end result of SQL injections is a complete takeover of the victim’s website.

• Cross-site request (XSS) forgery: This vulnerability involves hackers tricking users into visiting a site to unintentionally execute malicious commands. In the process, these users can have malicious files downloaded to their browser and have their inputted credentials intercepted by the attacker. Any part of the site that allows a user to input something such as a username/password field or a contact form can be vulnerable to XSS attacks if the site owner doesn’t check inputted information for malicious code.

These vulnerabilities affect site owners, and especially their users, by stealing and intercepting critical information such as usernames, passwords, credit card information, and much more. Essentially, for sites that are exposed to these two vulnerabilities due to an outdated installation of WP Fastest Cache, attackers would be able to perform any action a logged in administrator to that site is allowed to do.

After Jetpack contacted the plugin developer about the existence of the vulnerability on September 28, and their development team received a second opinion from the WordPress plugin team in early October, the developer released an update designed to fix the issues for any and all WP Fastest Cache users on October 11.

Update Your Plugins Today To Keep Your WordPress Site Secure

Keeping any plugins you have installed on your WordPress site updated with the latest versions ensures the site will remain as secure as possible. Many plugin developers are responsive to newly discovered vulnerabilities and exploits against their plugins and will release updates to address any and all issues found. Site owners using the WP Fastest Cache plugin for WordPress should immediately update their installment to the latest version—0.9.5 as of this writing—to protect their site against these newly discovered vulnerabilities.

Before you install a plugin, be sure to check what others are saying about it—particularly in regards to how secure it is. Regularly perform audits of the plugins you have previously installed and remove those you’re not using to mitigate potential security risks. Finally, make sure plugins you want to continue using are always updated to keep your device and your data as secure as possible

SiteLock Combats Against Website Vulnerabilities To Keep You Secure

SiteLock helps site owners secure their websites by quickly finding and fixing existing and potential threats and vulnerabilities. Equipped with strong security tools and solutions, our team of experts scan websites, patch vulnerabilities, remove malware, and more for top-tier clients who use and depend on web platforms such as WordPress, Joomla, Magento and more.

Here’s how SiteLock can help defend your website against modern cyberthreats:

• More secure connections: With a secure FTP-based connection, our clients see the highest levels of website security—and we never impact performance.

• Comprehensive site scans: In-depth server and site level scanning helps site owners identify malicious infections, vulnerabilities, and spam listings to optimize the user experience.

• Faster, automatic site fixes: Active infections to your website’s files and databases are quickly identified when they’re introduced, and automatically removed.

• Consistent, continuous site protection: Security threats and vulnerabilities from outdated implementations, themes, and plugins are consistently assessed and patched as new updates arrive.

There will always be new vulnerabilities exposed by curious programmers and malicious actors alike—make sure to stay informed and stay updated. Learn more about how SiteLock can secure it with best-in-class, automatic website threat protection.

First spotted in 2019, Zeppelin ransomware, or Buran V, primarily targeted large tech and healthcare companies in Europe and the United States. Introducing a variant of the Russian ransomware-as-a-service family known as Vega or VegaLocker, those behind Zeppelin ransomware attacks started running a precision campaign that’s much more targeted than its predecessors.

Zeppelin attacks went on a hiatus for several months but popped back onto the scene in late 2020. Researchers found the second string of attacks were poorly detected by legacy anti-virus applications because of new downloader components used in the attack chain. At the time of the first attack, almost 30% of antivirus software couldn't detect this ransomware threat.

While Zeppelin ransomware has nothing to do with Led Zeppelin, it’s a serious threat to tech and healthcare companies. Here, we’ll learn what exactly Zeppelin ransomware is, and who Zeppelin ransomware targets.

What Is Zeppelin ransomware Exactly?

Zeppelin is a simple piece of code that’s distributed by an affiliate business and generated via a GUI wizard. It’s offered to distributors in exchange for a revenue share, and like other ransomware attacks, is designed to lure users into enabling Visual Basic Application (VBA) macros that begin the infection process. Zeppelin ransomware attacks start as phishing emails with Microsoft Word attachments, labeled as medical invoices, that display a blurred image with instructions on how to view the content. If followed, it allows the hidden malicious macros to infect the computer’s infrastructure.

What Does Zeppelin Ransomware Do, And Who Are The Targets?

Like other Russian-based ransomware, Zeppelin checks if the user is located in a Commonwealth of Independent States (CIS) country, such as Russia, Ulkraine, Belorussia, and Kazakhstan by checking the configured language in Windows or default country code. As with other VegaLocker attacks, Zeppelin ransomware won’t encrypt files if the infected system is located in Russia or the former Soviet states of Belarus, Kazakhstan, and Ukraine—and is designed to quit if found running on machines located there.

Once Zeppelin has entered a computer’s infrastructure and passes the checkpoint, it installs itself in a temporary folder named. zeppelin and spreads throughout the infected device. Once spread, it begins to encrypt Windows operating system directories, web browser applications, system boot files, and user files in order to preserve system function. The deployed Zeppelin will also destroy any backups the user has created and track the IP of the victim to access their location. This allows the attackers to run the software with greater privileges.

To evade detection, Zeppelin relies on multiple layers of obfuscation, including the use of pseudo-random keys, encrypted string, code of varying sizes, and delays in execution to outrun sandboxes and deceive heuristic mechanisms.

When the encryption is complete, a note pops up that lets the user know they are a victim of a ransomware attack and must pay for the return of their data. Some researchers have found different versions, ranging from short, generic messages to more elaborate ransom notes tailored to individual organizations. In all cases, the note will contain an email address that the victim can contact for payment instructions and an offer for the free decryption of a single file as proof to encourage payment.

How To Protect Yourself From Zeppelin Ransomware

Zeppelin ransomware can be a nightmare for healthcare and IT companies if not handled correctly and in a timely fashion. Researchers have found that in some cases, files were only partially encrypted after a Zeppelin ransomware attack. This may have been a bug, or an intentional feature to make the files unusable. In one case, data wasn’t even encrypted but rather stolen, to add pressure to pay the ransom or to try and sell the data on the dark web.

While ransomware attacks can be difficult to prevent, your company can take steps to be prepared if ever faced with an attack. Here’s some ways to protect yourself from ransomware and to ensure the only Zeppelin you know about is the English rock band:

1. Do not open suspicious or irrelevant emails. Attached files and links found in suspicious emails should never be opened, as they might prompt ransomware to be downloaded onto your device without your knowledge. Only open emails and download links from trusted sources.
2. Create backups in different locations. Most people create backups on the same computer, but in the case of Zeppelin ransomware that is of no use as these bad actors expect it. Create backups in different locations and store them offline to ensure their safety.
3. Avoid using remote desktop servers. Make sure the data you share on the internet is managed securely.
4. Develop defense systems. Manage these systems properly to avoid ransomware attacks across your company.
5. Use multi-factor authorization. This can help you recover your accounts. You should also change passwords frequently to ensure your data is protected.

Stay Protected With SiteLock

Now that you know more about Zeppelin ransomware, you can keep your organization safe from ransomware attack types such as this one. Want to learn more about ransomware? Read “What Is Ransomware?” to discover other ways that hackers hold sites hostage—and what steps steps can help ensure yours isn’t one.

PCI Noncompliance

If a business accepts credit cards to pay for goods and services, it needs to be PCI compliant. The Payment Card Industry Data Security Standard (PCI DSS) is what determines if a business is compliant or not. The goal is to protect cardholder data by encrypting it so that in the event a bad actor was to somehow intercept data, all they would get is indecipherable data.

Web security issues that can occur when a business is not PCI compliant include, but aren’t limited to:

• Identity theft

• Fraudulent charges

• Sale of credit card numbers

• Medical fraud and more

To combat this, it is critical a business stay up to date on PCI DSS regulations. The PCI Security Standards Council has created a quick reference guide that can help to determine compliance or noncompliance

Unfortunately, becoming PCI compliant can be a time consuming and complicated process, especially if you don’t know where to start. It's helpful to look for partners that offer solutions to help your customers become PCI compliant easily and efficiently. Look for vendors who can help streamline the assessment and application process, as well as provide the solutions needed to protect against any potential security threats or weaknesses.

Installation Of Malicious Web Applications

Web security issues that can be incurred by unknowingly installing malware, ransomware, viruses, and many others. Simply visiting a website that you don’t know is malicious could result in unknowingly downloading extensions and programs that can wreak havoc on your website and computer systems. For example, clicking a link you think is legitimate, either via email or on a website, could lead you to a duplicate page created by a bad actor with the intent of obtaining login credentials and other private data you don’t want bad actors to get their hands on.

Additional examples of how malware and other bad programs can get installed include, but aren’t limited to:

• Spam emails

• Clicking malicious links within comments on a web forum or blog

• Inserting a thumb drive laced with malicious programs

• Engaging with hacked/compromised websites

To combat this, website owners should consider installing a web application firewall (WAF), using malware scanning and removal tools, and a website scanner. It’s also important to turn off automatic downloads and use caution with all installations. Always ensure you trust the sites you are downloading from.

Opening Up Your Website To Every Visitor

Not every visitor to a website is safe. In fact, not every visitor is even human. Infosecurity Magazine explained that 64% of traffic online is robots or bots for short. An alarming 39% of traffic is bad bots. Bad bots are built to infiltrate, steal, and sometimes destroy a website. To thwart web security issues like bad bots, a WAF is key. It’s also a good idea to use Captcha technology to prevent bots from accessing key pages on a website and require signing up for an account to access certain pages as well.

Failure To Monitor Your Website Daily

When people visit your website, they expect a positive user experience. This means they want to feel safe, know that their data is protected, and experience efficient page speed and navigation. In other words, they don’t want to deal with web security issues.

Bad website experiences can damage your reputation, impacting customer satisfaction and sales. That said, it’s important to keep a close eye on the following:

• New login credentials you didn’t create

• Malicious code on your website

• New colors, images, uploads you or your web designer didn’t load

• Load time of your pages - if your uptime increases dramatically, something could be amiss

• Your search engine ranking and/or traffic - a sudden increase or dramatic decrease could indicate something is wrong

The trouble is a business owner is usually too busy running their business to constantly monitor the status of their website. That’s where website security solutions come to the rescue. For example, solutions that can automatically identify and remediate malware can help website owners avoid many of the t web security issues noted above. Leveraging website security solutions like this will keep an eye on things and let you know if anything is amiss. And, the addition of a malware removal tool can further aid in eradicating malicious programs that might be trying to infiltrate and corrupt a website as well.

Using Weak Passwords

Some of the biggest web security issues are the result of weak passwords. This includes bots and bad actors who can guess your weak password and infiltrate the backend of your website. Once they are in, any number of negative scenarios can play out including:

• Loss of control to your website

• Your site going offline

• Cybercriminals gaining access to sensitive data and more

To make matters worse, if someone can guess your website credentials, they might be able to guess your banking and email credentials as well. This can lead to a loss of funds, damage to reputation, and who knows what else. To avoid weak passwords that can lead to web security issues, ensure your passwords are complex, lengthy, include multi-factor authentication, and aren’t used more than once. As a best practice, it’s helpful to use a password manager that makes it easy to have a different password for every website like LastPass or an equivalent. You can create complex passwords that are encrypted and don’t require that you remember all your logins because the software does it for you.

Bottom Line: Online Assets Need Protection

Many web security issues like the examples above can be avoided. It’s never been more important to offer your customers web security solutions to protect themselves and their visitors. Need help educating your customers on the value of web security issues and solutions? Consider joining SiteLock’s Channel Partners program. We’ll give you the tools to help your clients defend their online assets.

How Does Jigsaw Ransomware Work?

After getting over the initial shock of a ransomware based around a puppet, you’ll probably ask yourself: how does Jigsaw ransomware work? This ransomware meets new victims with the tried-and-true ransomware approach: an attachment in a spam email. Once the program is downloaded, the Jigsaw ransomware attack begins, and the user’s files and entire hard drive become encrypted—in other words, completely useless.

So, who has the decryption key? The attacker pulling the strings, so to speak, claims to be the only one who has it (more on that later), and they won’t give it away until the infected user pays up. Specifically, they want their payment in Bitcoin, hence the ransomware’s original name: “BitcoinBlackmailer.”

But if all the Jigsaw ransomware attack did was encrypt your files, it wouldn’t be the end of the world. That’s why after encrypting your files, a window with an ominous black background appears. It contains a picture of Billy the Puppet and the ransom note in eerie green text. A countdown timer beneath the note starts ticking. At the bottom, there’s a blockchain address victims must send $150 worth of Bitcoin to in order to receive a file decryption key.

Finally, there’s a label warning you how many of your encrypted files will be deleted, and a button to view which files are next on the chopping block. Once the countdown timer ends, the Jigsaw ransomware deletes however many encrypted files are on the docket. The timer resets, the number of files to be deleted next time increases exponentially, and the process begins anew. And if you haven’t paid the ransom within 72 hours, the program deletes each and every file on your computer.

This vicious cycle, combined with the unsettling Billy the Puppet, is meant to pressure victims into giving hackers what they want before finding a way to remove the malware from their computer. Worse yet, Jigsaw ransomware has a failsafe built in: when you attempt to close the program or restart your computer, it will automatically delete up to 1000 of your files in an instant.

So, How Do I Stay Safe Against Jigsaw Ransomware Attacks?

The Jigsaw ransomware executable likes to disguise itself on the user’s task manager as either Firefox or Dropbox. So if you see Jigsaw’s creepy face lurking in a window on your home screen, check your task manager if you’ve got any doubts left that you’ve been infected.

If you’re technically savvy, you can actually reverse engineer the Jigsaw ransomware (it’s written in the .NET software framework) to find the decryption key; believe it or not, the malware developer left it in the source code! You can also download a decryption tool found online which is built specifically to combat Jigsaw, then use a malware removal tool to remove the program itself.

Remember: stay vigilant against the threat of Jigsaw ransomware attacks. Only open emails from senders that you trust, and always check the exact spelling of email addresses. If an email purports to be from a respected brand but is riddled with spelling errors, there’s a pretty good chance you are being phished.

If you’re looking to protect your web assets from this killer of a cyberthreat, consider migrating your assets over to a non-Windows-based server solution. Since Jigsaw ransomware is only capable of running on Windows devices, a non-Windows machine containing your files would be insulated from the threat posed by Billy the Puppet.

Slash Hacker Clowns With SiteLock

Now that you know the Jigsaw ransomware is neither trick nor treat, you’re ready to defend yourself and your organization against cybercriminals year-round. Read “What Is Ransomware?” to learn how hackers hijack and hold sites hostage—and which four steps can ensure yours will be protected.

"We have an NGFW, do we need a WAF?" or "Why do we need WAF?" are very common questions. This calls for figuring out the background of such confusion, agreeing once and for all on the terms and definitions, and determining the areas of application of each concept.

Intro

Let us start with the abbreviations that define the categories of information security products: WAF stands for Web Application Firewall, NGFW stands for Next Generation Firewall. The confusion stems from the word Firewall that is present in both terms and initially encourages the comparison and opposition of the two product categories. However, NGFW and WAF are not interchangeable entities. They are designed to address different issues. They are located at different points in the network, and in most cases, are administered by different teams.

Reasons For Confusion

NGFW (or Next Generation Firewall) is an evolution of traditional firewalls and serves to delimit access between network segments. The reality is that the terms NGFW and firewall are interchangeable today as referring to firewall implies NGFW.

Traditional firewalls filter network traffic using parameters such as IP addresses, network protocol identifiers, their attributes such as TCP and UDP port numbers, ICMP types, and other traffic parameters related to layers 3 - 4 of the ISO/OSI.

There is no clear definition of NGFW in the wild, and the functionality of the solutions presented on the market has significant differences. At the same time, we can lay down a set of basic features inherent in products of this category. NGFWs complement the capabilities of traditional firewalls by integrating the functions of a VPN gateway, intrusion detection and prevention (IDS/IPS) based on signatures, traffic inspection, and proxying application layer protocols with basic verification of their correctness and compliance with standards.

It is the IPS and traffic inspection functions implemented in NGFW that are one of the main causes of confusion and the source of the question: "Why do I need a WAF if I already have an NGFW?" Later in this article, I will discuss how these functions differ from what WAF can do.

It should be noted that the NGFW traffic inspection functions are primarily designed to control the actions of internal users during information exchange between segments of the protected network or leaving the protected perimeter. And WAF is designed to protect against malicious external influences on protected services, and its mechanisms working externally are meant only to prevent leakage of confidential data both as a result of external impacts and as a result of errors in the code of protected applications and services. In other words, the NGFW traffic inspection functions are primarily applied to the traffic of users of the protected perimeter, and the WAF tries to protect traffic directed to protected web applications/services.

WAF Functionality

HTTP Traffic Features

In short, WAF is designed to protect specific instances of web applications/services that use the HTTP protocol family as transport. Some vendors' implementations also support SMTP and FTP, but this feature is not determinative. The main battleground for WAF is the traffic of the HTTP family of protocols.

An understanding of the scope of the WAF would be incomplete without understanding the nature of the traffic that must be dealt with and what threats must be countered.

Over the thirty-year history of its existence, HTTP has evolved from a protocol for transferring the content of static HTML documents and images into a transport protocol that not only supports the encapsulation of various data structures but can also be a "backing" for other protocols.

The proliferation of HTML and browser frameworks have turned traditional web browsers into fat clients. The penetration of mobile devices and applications for them into the daily life of a modern person has led to an increase in the share of HTTP traffic related to API services. According to the old Akamai 2019 Traffic Report, back then, 83% of HTTP traffic on the Internet was made up of API calls.

What Does WAF Protect?

WAF protects web applications/services that can be identified by the IP address (L3) and port (L4). In most cases, the scope of the protected web application/service is also characterized by the name of the resource, which is transmitted by the client in the HTTP request in the standard "Host" header.

So, WAF handles HTTP traffic analyzing HTTP requests addressed to a specific instance of a web application/API service and responses to them. Should it detect any illegitimate activities, WAF, subject to its configuration, either blocks the request or logs this activity and transfers information to other systems, for example, SIEM.

What About Attacks?

The broad capabilities of the HTTP protocol have spawned an equally diverse set of attacks on web applications and services. The most significant types of attacks are described in the OWASP Top Ten Web Application Security Risks (for web applications) and OWASP API Security Top Ten (for API services).

Countering such attacks, first, requires decomposition of the HTTP request into individual primitives (uniform resource identifiers, headers, parameters) and analysis of the contents of data structures, as well as the subsequent analysis of their elements. This involves resource-intensive calculations. A good example is the transmission of data in JSON or XML formats.

It is especially worth highlighting the following:

⮚ Attacks on the application's business logic, countering which requires a deep understanding of the normal behavioral patterns of a legitimate user.

⮚ Illegitimate automated actions using bots to collect information, brute-force attacks, attempts to bypass CAPTCHAs, etc.

⮚ Distributed denial of service attacks at the application level exhausting the resources of the application infrastructure components.

It is impossible to effectively counter such attacks using the mechanisms provided in NGFW. Traffic inspection mechanisms have limited functionality, and the use of IPS signatures to analyze HTTP traffic leads to many false positives. Therefore, HTTP signatures are disabled by default in IPS / NGFW of most vendors.

Some of you might argue that signature analysis is also used in most WAFs. In this regard, the following should be noted:

⮚ Signatures in leading WAFs can be applied "pointwise." After decomposition of the content of the request to basic components, the signature is applied to a specific primitive of the HTTP protocol or transmitted data.

⮚ Despite this, WAF signatures, when applied out of the box, give a significant percentage of false positives. So, they require careful testing before being turned on to block malicious requests.

Thus, signatures in WAF are just one of many anti-attack mechanisms. To finish with signatures, let us consider a real example of a vulnerability that signature analysis fails to address. By sending an HTTP request containing JSON data, a key, or keys containing metacharacters, an attacker can trigger a denial-of-service attack.

Security Model

Modern WAFs combine both negative (blacklisting) and positive (whitelisting) security models. The first type makes use of signature analysis and its more advanced variants taking into account, in addition to the patterns and contexts in which they are applied (how and where), the source of the attack (who, what, where from), obfuscation of confidential data transmitted from the web application/service to the client, as well as the prohibition of certain primitives of the HTTP protocol (for example, URI). A positive security model describes the characteristics of requests and their content that can be considered legitimate.

What To Do With HTTPS?

One of the incentives for widespread use of the HTTP protocol is its cryptographically protected version, referred to as HTTPS. According to Google, by the end of February 2021, from 77% to 98% of web pages downloaded by the Chrome browser were transferred via the HTTPS protocol.

To analyze the content of an HTTPS session, WAF needs to decrypt it. In the recent past, when the protection of HTTPS traffic was built upon RSA cryptography, accessing the HTTPS content only required possessing a corresponding key; that is to say, using WAF did not require terminating HTTPS sessions or using WAF as expensive L7 IPS working with traffic copy.

The proliferation of TLS 1.3 and variations of the Diffie-Hellman cryptographic protocols has introduced a compulsory resource-intensive HTTPS termination routine directly on the WAF. Thus, the previously available options for installing WAF in the bridge mode or working with a copy of traffic are no longer applicable. WAF must terminate connections and work in full proxy mode. Nevertheless, there are trade-offs for cloud WAFs whereby traffic is not terminated on the WAF, and a log of HTTP requests is sent from the web application/service itself to the WAF for analysis. The functionality of such a WAF is severely limited, and the admissibility of such an approach is either determined by the requirements for application security or remains at the discretion of the team that secures the application/service.

What Else Can NGFW Not Do?

Leading WAF solutions, in addition to the features described above, have the following capabilities that are not available in Next Generation Fire wall products:

⮚ Protection of complex API services, such as GraphQL.

⮚ Detecting automated HTTP clients (bots) and responding to certain categories of automated activity in accordance with the security policy.

⮚ Protection against distributed denial of service attacks at the application level.

⮚ Detection of attempts to bypass CAPTCHA.

⮚ Detection of credential stuffing.

⮚ Redirecting an attacker to a honeypot.

⮚ Creating an API protection policy by uploading a file containing the API description.

This list is selective and is provided to demonstrate the differences between the tasks faced by NGFW and WAF and methods for solving them.

Conclusion

It is safe to say that you need a WAF if your business depends on the sustainability and safety of your public web applications/services that your customers and partners use, especially if you are engaged in e-commerce, or if you are a bank and you, of course, have online banking, as well as in all other cases when information security/performance of your web applications can cause significant financial or reputational losses.

Do not rule out the possibility that you need a WAF for your internal web applications and services. For large geographically dispersed companies, the answer to the question "Do we need a WAF within the network?" in the overwhelming majority of cases is “Yes, we do." This affirmation, in turn, raises many other questions that must be answered before making a choice in favor of a particular product and a particular WAF deployment model. But that is another story.

About The Author

David Balaban is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation. David runs MacSecurity.net and Privacy-PC.com projects that present expert opinions on contemporary information security matters, including social engineering, malware, penetration testing, threat intelligence, online privacy, and white hat hacking. David has a strong malware troubleshooting background, with a recent focus on ransomware countermeasures.

If you’re wondering what exactly is DopplePaymer ransomware this post will break down everything you need to know about this malicious software. We will look at the tactics it uses to gain control of a system along with a few techniques for DoppePaymer removal and protection.

What Is DoppelPaymer Ransomware?

So, what is DoppelPaymer ransomware? Discovered in April 2019, DoppelPaymer ransomware is a type of malware belonging to the Dridex family of malware. It’s distributed by a cybercrime group called Indrik Spider, which has been in operation since 2014. According to recent speculation by security researchers, the DoppelPaymer group has rebranded themselves as PayorGrief, or Grief for short.

It’s believed that DoppelPaymer is the successor of an earlier type of ransomware called BitPaymer because of their similar code, ransom messages, and payment portals. That said, there are a few differences between the softwares, a major one being that different DoppelPaymer samples require different command-line parameters to execute their code. This is likely a method to avoid detection and analysis by security researchers and sandbox testing.

Over 60 organizations—mainly in healthcare, emergency services, and education industries—have been compromised to date. According to the FBI, DoppelPaymer attacks escalated in late 2020, with a hospital in Germany, a U.S. medical center, a community college, and an E911 center among its targets.

What Does DoppelPaymer Ransomware Do?

Like other forms of ransomware, DoppelPaymer seizes control of a system or data with the goal of extorting money from its victims. DoppelPaymer ransomware is typically delivered through phishing or spam emails—and within the emails are attachments or links containing malicious code. Once the code is executed, the malware is downloaded onto the system where it quickly wreaks havoc.

By locking users out of a system and gaining exclusive access to sensitive files, DoppelPaymer hackers gain leverage over their victims. They use this leverage to their advantage, demanding pricey ransoms ranging anywhere from $25,000 to $1.2 million for the safe return of the files. On some occasions, DoppelPaymer hackers have threatened to publish stolen files on data leak websites unless the victims pay their ransoms.

Generally, a DoppelPaymer ransomware attack follows these steps:

1. Hackers embed malicious code in a file or link and insert it in an email or message.
2. When the victim opens the file or clicks the link, the code is executed. A strain of malware called Emotet is downloaded onto the victim’s system.
3. Emotet kickstarts other malicious software that encrypts files or drives on the network and changes passwords to lock users out of the system.
4. Once the passwords are changed, DoppelPaymer forces the system to restart in safe mode, and replaces Windows’ notice text with its ransom note.
5. Finally, DoppelPaymer runs a tool called Process Hacker, which damages the system’s defenses by terminating security, email server, backup, and database software processes.

Clearly, DoppelPaymer ransomware can cause serious damage to your system, especially if you work for an organization with sensitive data and files. Familiarizing yourself with ways to guard against a DoppelPaymer attack is key to avoiding the high price associated with them.

How Can You Protect Yourself From DoppelPaymer Ransomware?

There are a few simple precautions you can take to prevent a DoppelPaymer attack. First, avoid opening any suspicious emails or messages, as these are common attack vectors for DoppelPaymer cybercriminals. If you do open one, avoid clicking on any links or attachments at all costs.

Other best practices include updating your software and applications so their vulnerabilities don’t remain exposed to threat actors, and, of course, frequently backing up important files. If possible, store at least one backup in a different physical location than your device.

If you’ve already fallen victim to DoppelPaymer ransomware, it may be possible to regain your files through DoppelPaymer removal methods. SiteLock can help you detect, remove, and restore a website or system that’s been damaged by malware.

Interested in learning more about ransomware and how to defend against it? Read “What Is Ransomware?” on our blog.

What Is Ragnar Locker Ransomware, And How Does It Work?

Cybercriminals looking to deploy Ragnar Locker ransomware first compromise their target’s network, then attempt to crack weak passwords or employ stolen credentials purchased from the Dark Web. Throughout this process, the ransomware terminates critical programs which managed service providers use to manage and protect their clients’ important IT data.

Once in, the attackers inject software into the victim’s machine which grabs sensitive data and uploads it via a network connection to their servers. Just like that, their work is done, and the Ragnar Locker ransomware is in place. Attackers proceed to let victims know that their files will be released to the public if the specified ransom amount is not paid. This dual-pronged approach to obtaining your valuable data on clients and partners is what’s known as a “double extortion” tactic.

So, Who Are These Ragnar Locker Hackers, Anyway?

The identity of the Ragnar Locker ransomware hackers has eluded entities like the FBI. According to the FBI, the ransomware actually ceases execution in the event that a victim’s machine is configured as a former country of the USSR, such as Russia and Ukraine. It’s currently unknown whether this is related to the whereabouts of this particular hacker group.

How Do I Defend Against Ragnar Locker Ransomware?

That was a shotgun blast of info all at once. So, let’s recap: what is Ragnar Locker ransomware? Simply put, it’s a massive, undeterred threat to confidential enterprise data and the networks this data passes through.

But knowing is only half the battle. Preparing yourself to quickly and efficiently spot signs of Ragnar Locker threats before the ransomware takes hold is critical to protecting against this threat. By following these comprehensive steps, you and your organization will be ready and alert against Ragnar Locker ransomware threats:

1. Never open suspicious email attachments or web links—if it seems strange, follow your intuition and alert your IT department.
2. Install a constantly running antivirus software solution throughout your enterprise, with auto-updates turned on.
3. Update enterprise software and hardware (operating systems, network devices, phones, etc.) for security.
4. Establish a regularly tested data backup and recovery procedure—and make sure your IT department sticks to it!
5. Conduct tests checking for ransomware preparedness at the enterprise level.
6. Restrict access to shared drives and disable file sharing, since most ransomware tries to access your shared drives and encrypt the files in them to lock the user/enterprise out of their data.
7. Disable any and all remote services which can provide hackers an easier gateway into your enterprise network.
8. Implement company-wide security awareness training to improve organizational education of critical cybersecurity threats and awareness.

To date, victims such as Capcom and Dassault Falcon Jet have answered “what is Ragnar Locker ransomware?” the hard way by having their information published on the Dark Web. Remember: just like with other forms of ransomware, any and everybody can easily search the Dark Web to access the data—and who knows what that sort of person would do with it?

Don’t Be A Victim Of Data Compromise—Protect Yourself With SiteLock

Now that you have a better understanding of Ragnar Locker ransomware, you are ready to properly defend against the ongoing threat of cybercriminals. Want to know more about ransomware? Read “What Is Ransomware?” to learn more about how hackers hold sites hostage—and which four steps can ensure yours will be protected.

Businesses are opting for the cloud more and more. The ongoing Coronavirus is intensifying this transition. Governments, NGO’s and enterprises of any size and profile are now subscribing to cloud provider services. A range of security concerns arise at this background ranging from the responsibilities to be distributed between the parties to the data integrity issues.

Security Of Cloud Services As Expected And As Observed

Cloud performance is subject to its user’s IT skills. A user who has already consumed some cloud services would be more cooperative and ready to perceive how the responsibilities can be delineated. Mature customers tend to have rules implemented governing the relationships with cloud service providers, as well as indicators for evaluating such cooperation.

The best-case scenario implies the customer is fully aware of the security arrangements at their disposal. The worst-case scenario is the customer anticipating the entire range of security measures to be included in the infrastructure as a service while few such services are available, or their quality is too low.

However, the transition to the cloud still provides structural improvements as compared to old non-cloud operations in terms of IT security. A rarely used option is to deploy the cyber protection mechanisms anew by adopting the provider’s up-to-date and protected utilities rather than fully outsourcing them.

Some vendors face criticism for limiting the services to channels, cores, and disks only instead of meeting the actual demands of their customers. Providers think customers are not going to learn the cloud technology from A to Z and that they need only to have features readily available, operating flawlessly, and offering acceptable security levels.

However, this narrative is true as long as the clients operate at the SME level. Big businesses stick to this approach and demand the capacities and features since they already have security strategies, teams, and tools.

Regarding the regulatory impacts in this sector, any intervention by the government establishing a legal framework increases the public cloud cost. Meanwhile, users may misunderstand the strict regulatory framework and require cloud service providers to offer better security.

A Secure Way To Make Use Of Cloud Services

IT security professionals need to be aware that a range of their responsibilities will move to the public cloud provider’s side. The IT staff of a migrating party should focus on the compliance and auditing measures built upon the rules laid down as the cooperation commenced.

Public cloud processes run flawlessly as long as the IT specialists arranging these workflows have adequate management skills and are able to leverage the majority of the measures and security tools at their disposal.

Upon deploying the cloud infrastructure and using it for a while, the organization is coming up with more sophisticated and essential questions and issues to its provider. Safe networks, protected web resources, and monitoring services are gaining significance for IT professionals. They are also becoming more concerned about how the provider monitors security events, responds to malware attacks, and reports on these issues.

Let me offer several measures to be taken when moving your infrastructure to the public cloud. In a nutshell, the sequence of arrangements and actions include as follows:

• Take care of continuity: prepare a fallback scenario and have a plan B procedure in case of switching to another service provider.
• Set clear objectives for your migration to the cloud. Establish the list of security requirements that your provider is to meet.
• Regarding the security services to be provided, pick up the ones that fit your business practices and workflows.

Security inversion is one of the approaches dominating the modern public cloud landscape. It calls for IT staff to focus on the user’s security rather than on the data center. This is reasonable since all IT systems are designed for people, and it is the people who are the most susceptible to attacks. A comprehensive approach to cyber security builds upon the inversion as it encompasses the whole variety of human activities in the IT infrastructure.

How To Trust Cloud Service Providers

Unless trusted, cloud service providers cannot cooperate with their users successfully. Let me review critical and less important trust-building criteria.

The audit process helps the customer ascertain that the provider has implemented and follows all the necessary security procedures, including those that specify rules for interacting with contractors and controlling the work of system administrators. The audit would enable the customer to check whether the provider has introduced and complied with all the required security arrangements, including the procedures for system administrators and contractors.

Generally, a cloud service provider lacking trust is the one who has no trust in its staff members. There is only one way for the provider to prove it can be relied on. It is to show customers the inner world of public infrastructure and how security means work there.

Accreditation and certification as such do not win trust. Although certification does not increase confidence, its importance is out of the question as it ensures standard public cloud workflows.

Talking again about the confidence in service providers, I should remind that things like insider threats apply to every entity and cloud service providers are no exception. An effective way to prevent leaks of sensitive data is to record, store, and analyze all events that occur in the information system of the cloud provider.

Looking Into The Future

It is a good decision to let a provider manage your data and computation power. Providers stick to uniform risk mitigations and abide by most security rules. I expect the migration to the cloud is going to continue. Businesses are going to work together with the providers in establishing trust in each other and building effective mechanisms to control security incidents.

Insurance companies are interested in a complete assessment of the provider’s protection mechanisms. Insurers will act as additional guarantors and auditors that will help to build better relationships between cloud service providers and customers.

Conclusion

Entities migrating to the public cloud are still greatly concerned with numerous security problems. Cloud service providers keep on reassuring these concerns are groundless. What they need to do is to learn how to make their potential clients trust a public cloud. The market is going to increase dramatically once parties settle down their interaction issues and set up a working communication.

About The Author

David Balaban is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation. David runs MacSecurity.net and Privacy-PC.com projects that present expert opinions on contemporary information security matters, including social engineering, malware, penetration testing, threat intelligence, online privacy, and white hat hacking. David has a strong malware troubleshooting background, with a recent focus on ransomware countermeasures.

On the surface, this is simply odd. It is not only denying access to files that end in php, php5, py, and phtml, which are all reasonable standard file extensions, but it also denies access to files that end in ‘suspected’. That’s certainly unusual, too. It makes sense to deny access to files that contain PHP (.php, .php5, and .phtml) and Python (.py) in places where you don’t want users to go, such as upload folders. However, there was no corresponding section that allowed access to specific files, such as an index.php that would be able to handle attempts to reach those locations. Another odd characteristic of this .htaccess file, for sure.

Based on experience, we already knew that this FilesMatch directive, specifically denying access to these five file extensions is bad, so there was no question that we’re looking at a file injection in the site. The only real question was “Have we found everything that was related to the injection?”

That meant painstakingly searching the customer files, which revealed that the .htaccess files were almost everywhere. So where do we start?

Starting The Investigation

The first step was to make sure we detected and removed the .htaccess files. Once that was done, we searched for and found some older 0-byte files. Files that are zero bytes in size are left behind by SiteLock’s SMART® product when it cleans the full contents of a malicious file. This gave us a starting point for looking for more malicious files.

The first interesting file we noticed was a zero-byte index.php file buried deep in the site’s Slider Revolution (RevSlider) plugin, but in an odd location:

wp-content/plugins/revslider/admin/includes/shortcode_generator/wpbakery/wpbakery

WPBakery is a page builder plugin for WordPress that has integrations with a variety of other plugins, including Slider Revolution. These integrations usually add a directory of their own, but the existence of a wpbakery directory nested within another wpbakery directory is unusual.

Examining the directory lead to the discovery of the empty index.php file along with another htaccess file:

wp-content/plugins/revslider/admin/includes/shortcode_generator/wpbakery/wpbakery

WPBakery is a page builder plugin for WordPress that has integrations with a variety of other plugins, including Slider Revolution. These integrations usually add a directory of their own, but the existence of a wpbakery directory nested within another wpbakery directory is unusual.

Examining the directory lead to the discovery of the empty index.php file along with another htaccess file:

Much like the first htaccess file, this one blocks access to all files ending in .php, .php5, and .phtml. However, it then allows access to index.php and system_log.php. Since index.php is currently zero bytes in size, we can assume that it was cleaned by SMART. The system_log.php file is a relatively common name for backdoors that hackers want to disguise and use as an access point. The combination of system_log.php and index.php as the only files that are allowed to be accessed is a good indication that this directory is entirely bad.

Aside from several similar instances throughout the site, the only other “interesting” location was the root directory. There were three zero-byte files in the document root. Additionally, there was an images directory that had one of the original malicious htaccess files.

The images/ Directory

Looking at the images/ directory, there was only a single .jpg file aside from the .htaccess file, not a whole lot to it really. But strangely enough, the modification date on the .jpg was in 1995.

If you’re not familiar with timestamps on files, there are three timestamps that the filesystem keeps track of. The first is the access time, which is the timestamp that the file was last accessed by another program. This gets updated every time the file is read. The second is the modify time, which is the last time that the file contents were changed. On Linux and Unix systems, the modify time is the default timestamp displayed by the ls command. Lastly, there is the change time, which is the last time the filesystem metadata was updated. This can be the time the file was created or the time the file permissions were changed.

For a file’s modification time to be dated in 1995, one of several things would have needed to happen. First, the file would have to have been uploaded to the website and never moved. Second, the file would have needed to have been moved as part of an archive that was preserving the timestamps on them all the time. Over a 26-year period, it’s unlikely that this would’ve been done every single time. Lastly, it is possible to use Linux commands or PHP functions to change the modification time to whatever we want. The touch command (and PHP’s touch function) allows the user to provide a date that will be used to set the access time or modification time of the file.

As such, we can view this 26-year-old timestamp as highly suspect. If we look at the history of this file, as viewed by our scans, the modify time has changed numerous times, ranging from 1995 to 2007 to 2012. Clearly, something was odd about this file.

Decoding The File

The next step is looking at the file content. “It’s a JPG file, though. What would be in there?” JPG files, as well as PNG and GIF files, are often used as containers for malware with the malicious code either directly embedded in the image or embedded in the metadata of the image. There are two commands that are available on almost every Linux system that can help us here: strings and cat.

The strings command pulls all the printable strings from a file that are four or more characters long and displays them. They aren’t necessarily malicious code, but it can make hidden code easier to see.

Similarly, the cat command simply dumps the file contents to the screen. With certain command-line options (in particular, the -v option), it will also turn non-printable characters into plaintext representations of them. For instance, the Ctrl-C character would be displayed as ^C.

On this file, however, you can imagine my surprise when the entire file was displayed and there was no image at all. It was a pipe-delimited file with three fields: an MD5 hash, a series of punctuation marks, and a long string of letters, numbers, plus symbols and forward slashes. That set of characters fits perfectly with the base64 character set, but when I attempted to decode it, I got back gibberish.

However, I felt confident that the long string was base64 text. The character set was right and while the output was gibberish, it included several characters that you don’t see if the output is compressed data.

Following that line of thought, my next step was to use str_rot13 before decoding the text. The str_rot13 function rotates the letters by 13 positions in the alphabet. This means that ‘C’ becomes ‘P’, and so on.

On decoding the string this time, I came face to face with the malware:

Even though this was encoded, a little work on my behalf, I was able to reveal its true nature.

It was an injector, pulling data from a remote site and injecting it into every web request that the site received.

Summary

Fortunately, SiteLock already has signatures for this type of injection malware and the customer site had already been cleaned of the malicious code in the PHP files. This “image file” was all that was left and while it contains malicious code, it is not active malware and SiteLock is able to detect and remove it.

As for the timestamps, they are one more item in the checklist of things to look for when investigating sites. Do they make sense? If not, then they may indicate an issue that prompts further investigation.

Want to learn more about misleading timestamps or other interesting types of malware that can harm websites? Follow Behind the Code today and get informative insights into malware and how they deceptively find their way into websites.

About The Author

Maarten Broekman has worked as a system administrator and systems engineer for over 25 years, primarily in the shared web-hosting space. One of the main concerns for web-hosting providers is being able to serve their customers’ websites as quickly and efficiently as possible. As a result, anything that detracts from performance needed to be examined closely and this is where his interest in malware and code analysis sprang from. For over a decade, finding, decoding, and removing malware (and automating that process) has been his primary focus.

In this post, we intend to give you advice that actually works. Whether you’re a managed service provider, IT consultant, or value added reseller, we hope the words that follow inspire you to rethink your tactics for selling security solutions.

Why Fear Has Been A Common Sales Tactic

Admittedly, using fear to sell products for website security may seem like the easiest path to success. After all, why would anyone purchase a burglar alarm if they weren’t concerned that their property might at some point be broken into? It’s why fear-based sales is an old tactic that has long been the go-to for many companies selling security products.

We’d be remiss if we didn’t state that fear does create a sense of urgency making people think about the consequences of not buying the product you’re selling. And, this tactic can result in sales. However, using fear to sell products is actually counterproductive in the long run. Buying with a sense of urgency can often leave your customer with a sour taste about your company.

It can leave them feeling as though they have been scammed, which could result in refund requests and non-renewals for products. The better choice for selling security solutions is to come to your customer from a place of education instead. While the threats are very real, giving your customer all the facts will allow them to arrive at the conclusion to purchase your products from a feeling of empowerment rather than panic.

How To Sell Security Products The Right Way

Selling security solutions can still be easy when you share the value of your product. Make it clear to your customer that they are purchasing more than just a security product. They are purchasing round the clock service, protection of their online assets, and peace of mind.

You can also add value by educating your customers on ways to protect their websites without even making a purchase. For example, you could create content that teaches the consumer the latest in cyber security best practices, or simple tips they can implement to reduce the risk of being hacked or infected with malware. Knowledge that is common to your staff and the people in your industry isn’t necessarily common to your customers.

If you’re a website hosting provider, perhaps you could create an entire series of educational content that walks the user through building their website and setting up their defenses using a mix of both the security solutions you’re selling as well as those that are freely available. Offering education without expectation sets you up not only as a company of value, but as a subject matter expert in your field. Add to that the fact you’re offering education regardless of whether the conversation ends in a sale, and you instantly become more likeable, trustworthy, and respected.

Set your company up as a consulting and education provider and selling security solutions almost takes care of itself. If you offer more than one security solution you could also create a bundle at a discount to give your customers even more value for their dollar. Implement a quality sales funnel into the mix and leads can start trickling in on autopilot. Your blogs, social media posts, and other content could drive traffic to free classes and digital downloads. Add a simple form that captures customer details, and you’ll be well on your way to building a qualified lead list that you can build a relationship within the hopes of landing more sales.

With a little effort, selling security solutions is possible without fear. Want to learn how to sell security products easily to your customers and end users? Visit our channel partners page today.

REvil ransomware might look and sound strange, but it’s a common weapon used by cybercriminals to target unsuspecting businesses, steal sensitive data, and extort money from companies. Many businesses fear falling victim to a REvil ransomware attack—and for good reason.

So, what is REvil ransomware, exactly? Let’s take a look.

What Is REvil?

REvil (ransomware evil), also known as Sodin and Sodinokibi, is an ambitious criminal ransomware-as-a-service (RaaS) enterprise group that rose to fame in 2019. RaaS groups maintain the code while other groups, known as affiliates, spread the ransomware. Researchers and security firms have linked REvil as a strain of GandCrab, another RaaS group that was wildly popular in 2018.

REvil gained notoriety for stealing sensitive, unencrypted data from computers and networks—then demanding large payments from victims. It’s actively promoted on cybercrime forums as the best choice for attacking business networks (which is a highly lucrative option for cybercriminals).

REvil adjusts its ransom requests based on the annual revenue of the organization or “victim” they are targeting. Their requests have ranged between $1,500 and $42 million, with cybercriminals demanding up to 9% of the victim’s yearly revenue. In 2020, IBM researchers estimated REvil’s annual profits were nearly $81 million.

REvil Ransomware: What Is It Exactly?

Now that you have an understanding of REvil as a group, what is REvil ransomware?

REvil ransomware is a file-blocking virus that encrypts files after infection and shares a ransom request message. The message explains that you must pay a ransom in bitcoin—and if it’s not paid in time, the demand doubles. To make matters worse, a countdown timer indicates when data leaks will be made public, putting added pressure on companies who have fallen victim to an attack.

If REvil’s demands aren’t met, they threaten to release the stolen data by auctioning it off on its website “The Happy Blog”. It lists recent victims of REvil and shows a snippet of the stolen data as proof that the information has been stolen from various organizations.

What Does REvil Ransomware Do?

REvil ransomware is one of the ransomware programs deployed during human-operated ransomware campaigns. After breaking in, hackers use tools and techniques to map the network, gain access to other internal systems, obtain domain administrator privileges, and deploy the ransomware on all computers to maximize their impact.

The ransomware is distributed through phishing emails and kills processes on the infected machines, like email and other database servers, Microsoft Office programs, browsers, and tools that keep important files backed up. It also deletes Windows copies of files and other backups to prevent file recovery.

REvil ransomware stands apart from other types of ransomware programs through its use of Elliptic-Curve Diffie-Hellman key exchange. These cryptographic algorithms use shorter keys and are highly efficient, making them harder to crack.

Protecting Yourself From REvil Ransomware

Wondering how to protect yourself and your web assets from REvil ransomware? Here are a few security measures to keep in mind:

• Run up-to-date security solutions and ensure that your computers are protected with the latest patches against newly discovered vulnerabilities (like REvil ransomware)

• Use unique passwords to protect each of your sensitive data and accounts, while also enabling two-factor authorization

• Use a password manager to generate and track your passwords.

• Secure network shares

• Enforce stricter access controls on folders and processes

• Encrypt your sensitive data wherever possible

• Back up your data and keep the backups off-line so they won’t be impacted by cyberattacks

• Educate and inform your employees/staff on risks and methods used by cybercriminals and groups to electronically infiltrate organizations

Stay Protected With SiteLock

Now that you have an understanding of what REvil ransomware is, learn more about protecting your web assets and defending against cybercriminals. Read “What is Ransomware?” to discover how hackers hold sites hostage—and which four steps can help ensure yours isn't one.

Patchman Real-Time Scanning

SiteLock’s Patchman program is known for thorough scanning capabilities and helping hosts stop abuse before it begins, and it is expanding its coverage. The Patchman program, which was launched in 2014, was developed with the goal of securing CMS applications at the hosting provider level to protect customers who did not update their applications in a timely manner.

Until recently, the program had been providing periodic (nightly) scans. Now, the program has been expanded to feature real time scanning. But what is real-time scanning, and why is it so helpful to website owners?

Understanding The Importance Of Real-Time Scanning

A website that becomes infected can quickly witness that infection spread rapidly. As the infection spreads, the entire site can be abused along with any user that is visiting it while it’s infected. Depending on the nature of the problem, these effects can be disastrous, which is why acting immediately to resolve issues is critical to the overall health of the website.

Real-time scanning, just like it sounds, scans files for changes in real-time, as they occur. Gone are the days of relying on periodic scans, even if they are automatic, to detect changes on the hosting file system. Patchman real-time scanning interfaces with the Linux Audit Framework to allow the Patchman agent to detect changes to files as they occur, evaluate whether the destination file state is malicious, and take immediate action if required.

Why Patchman Implemented Real-Time Scanning

We wanted to provide hosting providers with a means to stop threats in their tracks and ensure the highest level of protection to their customers websites. With our program, malware is cleaned before it has time to act, which also helps prevent infected files from being downloaded and/or from starting to cause problems. The truth is by the time a periodic scan is run, the damage could already be done.

Thanks to this real-time scanning update, files are checked precisely when it matters most, including when they are created or changed. As a result, Patchman can find and root out malware upon its creation quicker than ever before, leaving no window for abuse to occur. It doesn't matter how the file ends up on the website or how it’s delivered - whether it's FTP or uploaded through a website vulnerability, or even a zero-day vulnerability, Patchman will catch and eliminate it. So, what is real-time scanning? It’s an early detection, warning, and elimination system to help protect websites against threats.

Bottom Line - Patchman Real-Time Scanning Is Essential To Server And Website Security

Real-time scanning is available now in Patchman COVERAGE + CLEAN, making it the most powerful security solution available to hosting providers looking to maximize automated proactive server and website security through preventative patching and powerful, real-time malware remediation.

For more information on Patchman COVERAGE + CLEAN and real-time scanning, including upgrade options, contact us at [email protected].

What is an exploit kit, exactly? An exploit kit is a pre-assembled product that bad actors can purchase to quickly and easily execute cyber attacks. You can think of it as a convenient toolbox with everything someone would need to find vulnerabilities in a browser, software, or operating system—and then launch an attack.

Exploit kits—or exploit packs, as they’re otherwise called—quickly rose to popularity after debuting in 2006. They target common softwares with widely known vulnerabilities, like those made by Adobe and Microsoft. To this day, the most infamous exploit kit is one called Angler, responsible for infecting over 90,000 websites between 2013 and 2016.

While secured softwares and web browsers have made exploit kits slightly less effective—and, consequently, less prevalent—they’re still a pertinent threat you need to protect yourself against. Read on to find answers to common questions like how does an exploit kit work and what is an exploit kit attack.

How Does An exploit Kit Work?

Simply put, exploit kits find and exploit a vulnerability in an operating system, software, or browser in order to deliver a malware payload. If the potential victim’s device has the system, software, or browser that the exploit kit is programmed to attack, and if they haven’t patched the vulnerability, they’re a prime target.

What makes exploit kits particularly dangerous is how easy they are to use. Because they come ready-made and automated, they don’t require much technical knowledge to deploy, making them perfect for newbies. What’s more, they’re fairly easy to buy on the dark web.

And given that the kits automatically find their targets based on predetermined criteria, any person or business can be on the receiving end of an exploit kit attack. In essence, even if you don’t think you have information or data that’s desirable to hackers, you can still fall victim.

What Is An Exploit Kit Attack?

An exploit kit attack occurs in a few steps:

1. Choosing a method of attack. First, the attacker decides what method they’re going to use to bait victims onto the exploit kit’s landing page. Some use social engineering, deceiving people into clicking a link they shouldn’t, while others create malvertisements by planting a corrupted ad on a reputable website.

1. Homing in on the target. When the victim clicks on the link or malvertisement, they’re redirected to the exploit kit’s landing page. Now the kit can scan for a particular operating system, browser, or software, as well as geolocation using the victim’s IP address.

1. Infecting the device. If the victim’s system, software, or browser is a match, the exploit kit can find the vulnerability and download malware onto the victim’s device. If the victim’s device doesn’t meet the requirements, or if they’ve already patched the vulnerability, the attack will fail.

Of course, once the exploit kit has delivered a malware payload onto the device, the attacker can record the victim’s keystrokes to learn their passwords, take over system resources, or even render a device inoperable until the victim pays a ransom.

Remedy Your System’s Vulnerabilities With SiteLock

Malware can pose a serious threat to your data, finances, and peace of mind. After learning about exploit kits, you may be wondering about other types of cyber-attacks—and how you can prevent becoming a victim.

For more information on how cyber attackers corrupt your web assets, read “What Is An Attack Vector?” on our blog.

In particular, Maze ransomware attackers love to hit IT service providers that keep large amounts of confidential data on a vast network of customers. Who knows—you could be one of them.

As the name implies, the authors of these kinds of attacks demand some form of payment—often in the form of cryptocurrency—in exchange for returning highly valuable encrypted data. But in this case, the bad actors involved aren’t just holding onto a single entity’s information. If only. On the contrary, Maze ransomware attacks put an entire company's public reputation at risk, because they can concern nearly everyone that organization has ever interacted with.

How Does Maze Ransomware Work?

Maze ransomware attacks can work in sneaky, sometimes unpredictable ways. Attackers will try to slip Maze ransomware onto your device through a number of avenues, including but not limited to:

• Email spam, using deceptive links or file attachments to look like businesses or individuals you trust

• Remote Desktop Protocol (RDP) attacks, where one device connects to another without the need for mutual consent

• Exploit kits, an easy-to-use, all-in-one toolset stringing together security exploits and vulnerabilities

These bad actors will stop at nothing to try and get Maze ransomware onto your device, so make sure to stay vigilant and trust your instincts about weird emails and aggressive pop-ups. Remember: if it seems suspicious to you, it’s probably bad news.

So How Do They Use The Data?

Once attackers have access to a network thanks to their ransomware, they’ll try to get privileged access to data stored throughout each and every drive on your network—not just the accessed device. This data on customers, clients, employees, and any other area of confidentiality becomes the attackers’ bargaining leverage.

Maze ransomware developers operate a website which publicly lists a dossier of victims of Maze ransomware attack victims. In addition to samples of the stolen data, this site even provides download links to the acquired data, which anyone can find.

By providing public access to their maliciously acquired data, Maze ransomware developers attempt to provoke their victims into paying the ransom. It’s all about pressuring the victim into feeling that they have no other choice; after all, this data doesn’t just pertain to top business executives with insurance and money to throw around to make problems go away. The real threat is in releasing data that can permanently destroy an organization’s valuable relationships—the kinds that make a business tick.

In the event that a ransom doesn’t get paid in time, most attackers are happy to take swift, decisive action such as:

• Selling off stolen information to the dark web

• Releasing public information on security breaches, and keeping the media informed

• Driving down the victim’s share price by going directly to stock exchanges

• Leveraging the stolen data to attack the organization’s clients and partners alike

All told, Maze ransomware attacks are no joke. These malicious acts are powerful because they use conventional ransomware distribution techniques—which time and again have been proven to work—to hit large numbers of organizations at the same time. Scary stuff.

Stay Protected With SiteLock

Now that you know about Maze ransomware, it’s time to defend you and your organization against cybercriminals. Read “What Is Ransomware?” to learn how hackers hold sites hostage—and which four steps can ensure yours will be protected.

Financial and Marketing Campaign Metrics

The key financial channel partner metrics that should be measured include:

• Return on Investment (ROI): This is sometimes referred to as return on ad spend (ROAS) because it typically is related to the direct return your company will see from spending money on advertising campaigns. For example, if your company purchases Google Ads, how much money did they make on product sales directly related to those advertising purchases?

• Cost Per Acquisition (CPA): This number is similar to the return on investment but breaks down the total cost of ad spend per customer acquired. So, if your company spends $500 on ads and those ads yield 50 paying customers, your cost per acquisition is $10 per acquisition.

• Cost Per Click (CPC): Like it sounds, this metric is the amount of money your company spends for every click on your ads. For example, if the company has a maximum budget of $1,000 and there are 500 clicks on your ads, your CPC is $2.

Some advertising platforms such as Google charge a flat CPC rate and ask you to set a maximum budget you’re willing to pay. By agreeing to whatever the CPC is from Google, you will never pay more than that amount per click, and once you have exhausted your budget, your ad will no longer be displayed.

• Cost Per Lead (CPL): This number is different from the cost per acquisition in that it focuses on the amount of money spent only to generate a lead, not to generate a paying customer. Having the lead may not necessarily translate into a sale.

• Lifetime Value (LTV): Sometimes called a customer lifetime value (CLV/CLTV), this number refers to the total amount of revenue a business can reasonably anticipate receiving from one customer throughout the “lifetime” of their relationship with a company. By knowing your LTV, you can predict the amount of money your business might earn in a calendar year.

Education/Training

Metrics related to education/training may include:

• Product demos attended/shared: How many product demos did your channel partner provide to help your company’s sales team understand the ins and outs of what they are selling? This may also be measured as how many product demos sales teams provided to customers to demonstrate their understanding of the product being sold.

• Training sessions taken/given: How many training sessions did your channel partner provide? How many sales team members took and passed quizzes related to the training sessions?

• Certifications acquired: If certifications are required for understanding the product and/or selling it, how many team members acquired a certification? In the event your team members aren’t passing certifications, there may be a knowledge gap in how the product works and/or how to sell it that may need to be addressed.

Engagement

The metrics related to engagement can be two-fold. In some cases, engagement metrics can be related to training. However, in others, it’s related to how the audience is engaging with current marketing efforts - both paid and unpaid. In the case of channel partnerships though, engagement metrics are typically focused on things like:

• Partner portal access time and frequency: How many times is the partner portal being accessed, and how long is it being used once logged in? This indicates how vested the partner is in learning about the products being promoted, and whether or not they are knowledgeable enough about these products to successfully sell them to the end-user.

• Percent of content engaged: Are prospects engaging with what’s being promoted? If the partner logs in, and only consumes a small portion of the training and marketing materials, they might not have enough information to promote the products well enough to end in a sale.

Product Satisfaction

The key marketing and performance channel partner metrics that should be measured include:

• End-user satisfaction rate: The goal is for end-users to be happy with their purchases and to be satisfied with the people they engaged during every step of the buyer journey. When the end-user is satisfied, they won’t cancel or churn.

• Partner satisfaction rate: Are both partners happy working together? This is supposed to be a cohesive relationship, so this metric is critical to success.

SiteLock delivers on the above metrics and more. To learn more about our partnership opportunities, visit our channel partners page.

Although the SiteLock website has been refreshed, customers can remain confident that the same products, service, and support they’re accustomed to will remain intact. Additionally, the enhancements are designed to elevate user experience and satisfaction, as well as bolster consumer trust and confidence with its updated design and targeted messaging.

Customers can now better utilize:

• An optimized layout, design, and navigation engineered to help you find what you need quickly and easily

• New website packages and affordable pricing geared toward businesses of all sizes, needs, and types

• Informative and accessible blogs, FAQs, and other valuable resources placed prominently throughout the site, providing cybersecurity awareness tips and training

• Extensive product and platform information empowering customers to make the most informed decisions that best suit their cybersecurity needs

New Packages With Pricing

Cyberattacks are an ever-evolving threat, and they’re only becoming more common—and destructive. To protect your data and your business, implementing cybersecurity best practices is no longer optional, it is imperative As cyberthreats become increasingly prevalent, research shows that the overall demand for cybersecurity solutions is expected to increase over the next three to five years.

Cyberattacks are especially detrimental to small businesses. In addition to the costs incurred from site downtime, security breaches cause substantial reputational damage and erode trust between you and your customers. A staggering 60% of small businesses close after enduring a security breach. Your data—and your customers’ data—is too important to leave unprotected.

The benefits of choosing one of our security packages are substantial. Customers can choose from four new website security packages and affordable pricing options tailored to different business sizes, needs, and types. If customers need assistance with their products, they can reference our help center or one of our FAQs placed throughout our revamped website to quickly and efficiently get an answer, without having to call or chat our support team. The redesign features detailed product details and descriptions to help customers make the right decision for their individual needs. Plus, our updated shopping cart functionality streamlines the online purchase experience, making checkout a breeze.

Looking Ahead

As cyberthreats evolve and cybercrime continues to rise, taking proactive cybersecurity measures to protect your data and your business is essential. SiteLock joined the Sectigo family with a shared commitment to delivering best-in-class security solutions that safeguard businesses worldwide. As part of Sectigo, SiteLock is bolstering its position as an industry leader in website security, and we are excited to offer end-users the best in solutions, education, expertise, and resources they need to make informed decisions about protecting their online assets.

SiteLock customers can look forward to accessing an even broader range of scalable, affordable, and reliable website security offerings, all through a single trusted vendor. Customers can also expect to receive the exceptional 24/7 customer support that has always been synonymous with the SiteLock brand. As always, SiteLock will offer unmatched website security expertise and formidable, proactive web security solutions that defend your website against today’s threats and tomorrow’s.

In 2020, the FBI’s Internet Crime Complaint Center reported that ransomware losses totaled $29.1 million, wreaking havoc on individuals and businesses alike.

Here, we’ll explain what cerber ransomware is, how it works, and—most importantly—how you can protect yourself from these cunning schemes. Let’s dive in.

What is Cerber ransomware?

Cerber ransomware was first produced in 2016, making it one of the oldest and most refined hacking tactics around.

This particular ransomware has a “ransomware-as-a-service” (RaaS) model. Malware developers sell their creations to hackers, who pay them commission for use. By offering their ransomware to others, developers can widely disseminate their creations and passively collect income from hackers’ hard work.

Of course, hackers aren’t known for being trustworthy. To ensure they receive their rightful commissions, developers have built-in encryptions that stop hackers from collecting profits until they pay up.

How does Cerber ransomware work?

The most common way Cerber ransomware spreads is via an infected attachment in a phishing email. When users open the attachment, Cerber is downloaded on their device. Cerber proceeds to make all of your device’s data inaccessible via encryption—and the only way to regain access to your files is to pay the ransom demand.

The ransomware also runs a unique visual basic script, which makes your computer communicate specific instructions. For instance, the instructions might state that users have seven days to pay up before the ransom is doubled. Ransom demands vary, but most are not lower than $500 (or a $500 equivalent in Bitcoin).

Though phishing emails are the predominant form of Cerber ransomware dissemination, downloads disguised as helpful programs are another form of transmission.

What happens after a Cerber ransomware attack?

After a successful Cerber ransomware attack, your device’s data will be inaccessible due to encryption. Some hackers will decrypt the stolen information once the ransom is paid—but many don’t. In fact, paying the ransom can make you a target for a future attack.

If you don’t pay the ransom or have copies of the stolen data, you could suffer a permanent loss. Your data may be sold on the dark web, black market, or used to create a fraudulent online profile.

If you’re a business owner, being a victim of a Cerber ransomware attack could force you to halt company operations, leading to a loss in revenue.

The bottom line? Ransomware can be devastating—and Cerber ransomware protection is essential.

What are some steps to Cerber ransomware protection?

Both individuals and businesses are targets of Cerber ransomware attacks.

The best way to avoid falling prey to this sophisticated malware is to be proactive. Back up your data to ensure that you have access to essential information at all times. If you’re a business owner, employee education is key. Teach your employees safe computer practices and warn them of common tactics employed by hackers.

Another form of Cerber ransomware protection to consider is preventive software that monitors your device for malware and defends against invasive threats.

Stay protected with SiteLock

Now that you know what Cerber ransomware is, want to learn more about defending against cybercriminals? Read “What Is Ransomware?” to discover how hackers hold sites hostage—and which four steps can help ensure yours isn’t one.

Defining Cross Site Request Forgery Attacks

A Cross Site Request Forgery (CSRF) is an attack through which a bad actor forces an end user to submit a malicious request. For the average web user, this request can be anything from transferring funds or purchasing items to changing their login password or email address. But cross site request forgery attacks can occur on a larger scale as well.. For administrative account victims, a cross site request forgery attack can compromise an entire web application in a single strike.

Still asking yourself, “what is cross site request forgery?” continue reading for a breakdown of how cross site request forgery attacks work, a look at different types of CSRF attacks, and CSRF attack prevention strategies.

Understanding How Cross Site Forgery Request Attacks Work

Typically, a cross site request forgery attack is completed with the help of social engineering. The attacker sends a link through text message, voicemail, or email, and either tricks the user into completing the action they desire or inherits the identity and authentication privileges of the user to perform the undesired function on their behalf.

The attacker doesn’t just take advantage of its victim in a cross site request forgery attack, it manipulates the site system as well. In the case of most sites, browser requests automatically include any credentials associated with the site—from the user’s session cookie to their IP address, Windows domain credentials, and more. When the targeted user is authenticated to the site at the time of the attack, the site has no way to determine what is a legitimate request and what is a forged one.

Beyond the basic cross site forgery request attack, bad actors can also perform something called a login CSRF. This is a special form of a cross site forgery request attack in which the attacker forces a non-authenticated user to login to an account the attacker controls. If the victim fails to realize they’ve been targeted, they’re at risk of adding private data—such as credit card information or bank account numbers—to their account, unknowingly putting sensitive information in the bad actor’s hands. The attacker can then log back into the account, obtain the personal data, and view the victim’s prior activity.

It’s worth noting that the negative effects of a successful attack are always limited to both the capabilities of the compromised system as well as the privileges of the victim. The more sophisticated and high-level a victim’s account privileges are, the bigger the impact of the attack will be.

How To Prevent A Cross Site Forgery Request Attack

One of the most dangerous aspects of a successful CSRF attack is that the victim tends not to know about it until it’s too late, and the unauthorized transaction has already been committed. To prevent a cross site request forgery attack, users will have to be proactive. Luckily, there are prevention methods that can help.

The first step to cross site forgery request attack prevention is to check if your system or web application framework has built-in CSRF protection. If it does, you should use it. If it doesn’t, you can use something called a CSRF token. A CSRF token is a secure, random token—for example, a synchronizer token or challenge token—that enables application servers to determine whether an HTTP request is legitimately generated through the application’s user interface, or if it is forged.

In order to work, a unique CSRF token must be assigned to every user session. As the user operates on their browser and submits various requests, the application server tracks whether each browser-generated request includes its associated CSRF token—verifying the legitimacy of the request. If an end-user request fails to match its designated CSRF token, the application server will reject it, preventing the CSRF attack altogether.

To learn more about how bad actors break into web application systems, check out SiteLock’s “What Is An Attack Vector?” blog.

How does Ryuk ransomware work?

Once Ryuk ransomware infects its target, it uses encryption to hold data hostage until a substantial ransom is paid generally in bitcoin or another type of cryptocurrency. Ryuk is a lucrative form of ransomware, typically attacking large organizations in possession of highly sensitive confidential data, like health records and financial data. These organizations generally have the financial resources to pay these bad actors a large ransom payment, which are often six figures or more. Healthcare providers, school systems, local governments, and other mostly public sector organizations running on outdated or unpatched operating systems were common Ryuk targets.

Ryuk ransomware typically gains entry to the targeted organization with a phishing email advising the recipient to download a Microsoft Office document riddled with malware or click a link leading to a malicious site. A common infection chain can involve a malicious download which deploys a banking trojan, such as Emotet, which serves as a dropper for the Trickbot malware. Once Trickbot breaches the system and steals sensitive data, Ryuk ransomware then installs itself to encrypt the data.

Like many forms of malware, Ryuk is an evolving threat, becoming more destructive with each variant. In 2021 a Ryuk variant with worm-like capabilities was discovered, enabling it to automatically infect all Windows-powered devices across an entire network without having to use another form of malware as a dropper.

Notable Ryuk ransomware attacks

The fallout from Ryuk ransomware attacks has been catastrophic. The FBI estimates that bad actors deploying Ryuk ransomware made off with over $61 million in ransom payments in a 21-month period spanning 2018 and 2019. Plus, the damage to just one targeted organization alone can easily reach tens of millions of dollars. For example, Universal Health Services (UHS), a large healthcare provider operating over 400 hospitals reported $67 million in lost revenue following a September 2020 attack which knocked the company-wide network offline.

In addition to financial damages, the attacks halted essential public services. A prime example entails a November, 2020 attack on the Baltimore County’s school system disrupted remote learning for 115,000 students amid the COVID-19 pandemic by forcing schools to shut down for three days.

One of the most prominent Ryuk ransomware attacks involved a targeted hit on major newspapers owned and formerly owned by Tribune Publishing, including the Los Angeles Times and the San-Diego Tribune, and the South Florida Sun Sentinel in December, 2018. The attack disrupted production of several large market daily newspapers and even took the Sun Sentinel’s phone lines out of commission.

Safeguarding your data

Although Ryuk ransomware is exceptionally effective and destructive, organizations who fell victim to it could have been more proactive by implementing company-wide security awareness training, regularly checking and/or installing the latest security updates and following other cybersecurity best practices. Get in touch with SiteLock to learn more about ransomware and how to protect your organization against the next widespread ransomware attack, and other cyberthreats.

Put The Interests Of Your Clients First

Do you remember in the movie Miracle on 34th Street how the competition of Macy’s were shocked to learn that Macy’s was actually recommending department stores other than their own to make purchases? As a result, they had a leg up on becoming a trusted advisor to their customers and rapidly became the top store people wanted to shop at.

It should be the same in your own business. By putting your clients’ interests before your own and giving the pros and cons of the alternatives as well as the best actions to take, you become a company they can rely on. That trust is gold!

Listen Carefully To Clients

Though much of your work is to talk and give advice, sometimes you might be required to just give a listening ear to your clients. Allow them to empty their hearts to you without interrupting or degrading their views. You may find their ideas are better than yours. Similarly, others might just need empathy and compassion. Whatever the case, just listen when they need you to.

Deliver More Than Expected

Becoming a trusted advisor is all about underpromising and overdelivering. Exceeding client expectations is a great way to build rapport. This means things like answering questions, helping with product installations, giving helpful advice, and more even when you’re not being paid to do so.

Communicate Well And Show Appreciation

Showing appreciation is one of the easiest steps in becoming a trusted advisor. People want to feel like they matter to a company, and not like they are just a line item on a budget sheet. Simple actions like a friendly phone call to check in, or a meeting face-to-face to see if they have any additional needs can go a long way in gaining and keeping trust.

Don’t Rush! Take It Slow

Becoming a trusted advisor won’t happen overnight. It takes time. You must be patient and allow them to grow confidence in you first. Only then will they be willing to make more purchases and become loyal customers and brand advocates for your company.

Bottom Line

It won’t always be easy but becoming a trusted advisor will always be worth it. Remember, put your clients first, listen carefully, over-deliver, show appreciation, and take your time. Building up these relationships will pay for themselves eventually. You’ll enjoy massive returns on your investment before you know it.

Want to learn more about becoming a trusted advisor for your clients in the realm of website security? Check out SiteLock’s channel partner program.

Let’s explore some of the common characteristics of this threat before determining how to prevent brute force attacks.

What is a brute force attack?

Simply put, a brute force attack is a trial-and-error method where a hacker or bot simply tries to guess login credentials. The term “brute force” comes from the hacker relentlessly trying every possible password until they stumble upon the one that works, gaining unauthorized access to data by sheer force of will.

How does a brute force attack work?

There are many different types of brute force attacks, each with their own methodology. It’s a good idea to familiarize yourself with the different types in order to best determine how to prevent brute force attacks:

• Simple brute force attacks. This occurs when a hacker tries to guess the password manually, typically by trying common, easily guessable passwords like “password” or by gleaning personal information like birthdays and children’s names from the target’s online presence.
• Dictionary attacks. This occurs when a hacker attempts to break into an account by using a pre-selected list of passwords built with that target in mind.
• Hybrid brute force attacks. As the name suggests, this is a combination of two attack methods, namely dictionary attacks and simple brute force attacks. The bad actor starts with a list of words and then plays around with number and character combinations added to the password. For example, many passwords have a small string of numbers tacked on at the end to denote years, dates, and other personal information.
• Reverse brute force attack. This occurs when a bad actor comes in possession of a password following a network breach and searches for the matching user login.
• Password spraying. Instead of choosing an account and then trying innumerable password combinations until the account is unlocked, the hacker chooses a common password and then tries it out on multiple accounts until one unlocks.
• Credential stuffing. This occurs when a bad actor uses passwords and login credentials stolen from one organization and uses them to try to break into accounts at other organizations. Credential stuffing is successful because people commonly use one password across multiple accounts.

How to prevent brute force attacks

The good news is that brute force attacks are preventable. First and foremost, passwords should be optimized for security. For example, any weak, commonly used password, like “123456,” “password,” or “111111” should be changed immediately. With that in mind, it’s a good idea to bypass passwords containing any dictionary words. A combination of numbers and letters is harder to guess than a password using words and phrases, especially if they contain easily obtainable personal details.

Also, each password should be unique to each account. The last thing you want to do is unwittingly hand over what’s known as “the keys to the kingdom” and allow a bad actor access to all of your professional and personal accounts at once.

On an organizational level, instituting a security feature that locks users out of an account after a handful of unsuccessful login attempts will go a long way towards protecting your business’s data. Two-factor authentication is another popular, not to mention effective preventative measure for combatting brute force attacks and credential stuffing.

Be proactive

The best way to avoid falling victim to cyberthreats is by staying vigilant and following cybersecurity best practices, such as setting your passwords to auto-expire or never containing your personal information within them. SiteLock can help you safeguard your data against brute force attacks and countless other threats. Get in touch today to find out how.

A trusted advisor is either a corporation or an individual who has been given a place at the table with the customer. You’re no longer just another vendor or potential vendor. Instead, you’re viewed as a strategic partner who can help customers achieve their objectives.

Because clients are frequently apprehensive and oftentimes uncertain, they seek someone who can reassure them, ease their anxieties, and inspire confidence. This is the point where a trusted advisor comes in. This person typically bears the responsibility of ensuring that everyone is on the same page. With this in mind, below we’re sharing the characteristics of a trusted advisor.

Qualities Of A Good Advisor:

Competence

Competence is one of the most important characteristics of a trusted advisor because it indicates to your customer that you are skilled at what you do. If you aren’t regarded as a competent resource, you are not going to seem reliable enough to guide your customers’ decision-making. It is critical for a company to know its customers’ business inside and out.

Salespeople who aspire to be trusted advisors must expand their thinking beyond their services and/or grasp the bigger picture in which their customers operate. The greater their expertise, the greater the credibility with customers, and the more likely you are to be considered a trustworthy counsel.

Character

Most people understand that companies must make sales to survive, but to be viewed as a trusted advisor, clients want to ensure that a company is not putting their own interests before that of the customers. That’s what makes your character a must in terms of the qualities of a good advisor. When it seems the salesperson only cares about closing deals, any advice given will be seen as self-serving. If you instead assist a customer in making a decision by objectively discussing the advantages and disadvantages of the numerous options before them, then you are seen as a person of character.

Connected

Trusted advisors recognize the importance of attempting to establish an actual connection with their customers. The ability to form a real relationship is therefore non-negotiable in terms of the characteristics of a trusted advisor. Building rapport can mean sharing personal stories, giving valuable examples, providing visual aids, or even adding light comedy to your interactions. Simple actions like this make the client feel the advisor is connected to them and their businesses. In other words, acting personable allows the customer to feel more at home when relating to you.

Dependable

Trusted advisors must always keep their word. A client wants to know they can rely on you. They will trust that whenever they need you, you will always be up the task. That is why it is imperative that you deliver on even the most trivial promises. The more they can depend on you, the more at ease and relaxed they will be about things like buying decisions.

A SQL-injection vulnerability was discovered in the WordPress plugin called “Spam protection, AntiSpam, FireWall by CleanTalk” could expose user emails, passwords, credit-card data and other sensitive information to an unauthenticated attacker.

A full disclosure of the vulnerability was completed on March 5^th, 2021. The versions of the plugin that had the vulnerability was lower than 5.153.4. The plugin has now been patched. The plugin was installed on more than 100,000 sites, and was mainly used to weed out spam and trash comments on website discussion boards. The vulnerability (CVE-2021-24295) which carried a high-severity CVSS vulnerability rating of 7.5 out of 10, raised due to a fault on how it performed filtering. The plugin maintains a blocklist and tracks the behavior of different IP addresses, including user-agent strings those browsers send to identify themselves.

Functionality

CleanTalk is an all-in-one antispam solution for WordPress that protects login, comment, contact and WooCommerce forms at once. You don’t need to install separate antispam plugins for each form. It allows a blog to work faster and save resources. CleanTalk is a transparent antispam tool, that provides detailed stats of all incoming comments and logins.

Unfortunately, the update_log function in the file structure lib/Cleantalk/ApbctWP/Firewall/SFW.php file is used to insert records of these requests into the database and failed to use a prepared SQL statement.

Vulnerable Code:

Deployment Methods:

By design, the update_log function should only have been executed a single time for each visitor IP address. However, it was possible to manipulate the cookies set by the plugin on the browser, sending an initial request to obtain a ct_sfw_pass_key cookie and then manually setting a separate ct_sfw_passed cookie and disallowing it from being reset. For example, a request might ask the database if the first letter of the admin user’s email address starts with the letter ‘e,’ and instruct it to delay the response by five seconds if this is true, and then try guessing the next letters in sequence. This would a time-based SQL injection attack and can be used in this case.

The vulnerable SQL query uses INSERT rather than SELECT. Since data was not being inserted into a sensitive table, the INSERT query could not be used by an attacker to exploit the site by changing values in the database, and this also made it difficult to retrieve any sensitive data from the database. Finally, the SQL statement used the sanitize_text_field function in an attempt to prevent SQL injection, and the User-Agent was included in the query within single quotes.

During a normal SQL injection, bad actors can simply read text as it is returned. However, when attackers are unable to retrieve information from a database server, they will often employ time-based SQL injections to achieve their results. This works as the operation can take long periods of time (intervals) for the attack to take place.

Time-based SQL injections are commonly used when determining if vulnerabilities are present on a web application or website, as well as in conjunction with Boolean-based techniques during Blind SQL injections. This exploit could be used by unauthenticated visitors to steal user email addresses, password hashes, and other sensitive information. Cybersecurity researchers were able to successfully exploit the vulnerability in ClearTalk via the time-based blind SQLinjection technique.

Conclusion

According to the Common Vulnerability Scoring System the vulnerability was scored a 7.5 rating. The vulnerability has since been patched in version 5.153.4, however it is highly recommended that users update to the latest version of the plugin, 5.156 immediately. If you are using this WordPress plugin, make sure you have the latest version to avoid this vulnerability, or if you are currently using it and believe you may have been exposed to the vulnerability, contact SiteLock today and let us help get your website back on track.

In 2017, one of the largest ransomware attacks in history occurred when over 200,000 computers running on Microsoft Windows across more than 150 countries were infected. The malware was able to spread so far and wide because routine security updates and other maintenance tasks were neglected. The WannaCry ransomware attack hit hospitals, government agencies, banks, and other institutions. Among the largest targets hit were the UK’s National Health Service (NHS), Spanish telecommunications giant Telefónica, and international shipping megacorp FedEx.

WannaCry ransomware stemmed from an alleged National Security Agency (NSA) leak of EternalBlue, a Windows exploit developed by the agency. The leak is believed to have occurred one month prior to the WannaCry ransomware attack. Though this attack occurred nearly five years ago, WannaCry still remains active today.

Is WannaCry Ransomware Still An Active Threat?

Unfortunately, yes, even though a security researcher discovered a kill switch within the WannaCry malware within the first week of the 2017 attack halting its momentum, it continues to wreak havoc today. While variants of the malware without the kill switch emerged, its spread hasn’t approached anything close to the massive scale of May 2017. In fact, the malware has been ramping up quite a bit. Reports indicate that there were 13,000 WannaCry attacks in March 2021, which was a 53% increase from January.

How Does WannaCry Ransomware Work?

This particular ransomware behaves like a worm, which means it spreads on its own through networks. Once it infects one PC, the malware then scans the network looking for other vulnerable devices to attack, allowing it to launch a large-scale attack spanning the globe. In the case of WannaCry ransomware, it was able to encrypt hundreds of thousands of PCs in mere hours. Although Microsoft had released a security update patching the EternalBlue exploit a few months prior to the attack, the ransomware had no problem finding unpatched PCs and devices running on outdated versions of Windows to encrypt.

Once WannaCry ransomware successfully infects a device, a screen appears alerting the user that hackers have encrypted the targeted PC’s hard drive and demanding a $300 ransom is paid in Bitcoin within 72 hours. The price doubles if the WannaCry ransomware victims are late with the ransom payment. Eventually, the encrypted files are destroyed if the victims refuse to pay.

What Were The Effects Of The WannaCry Ransomware Attack?

As one might expect from a cyberattack carried out on such an unprecedented scale, the fallout was massive. Hospitals, businesses, governments, and other sectors ground to a halt. For example, the NHS experienced a massive disruption when an estimated 19,000 medical appointments and surgeries were abruptly canceled because caregivers could not access patients’ medical records. In 2018, the British government revealed that the attack had cost over $100 million in damages. WannaCry ransomware was estimated to have cost organizations over $4 billion total.

The attack also eroded trust in government intelligence agencies. The NSA was criticized for stockpiling vulnerabilities instead of informing software developers and the cybersecurity community at large so they could develop fixes and protections against these threats.

Despite the hundreds of ransom payments made to various Bitcoin wallets, few, if any, WannaCry ransomware targets actually got their data back. Unless the targeted organizations had backups of their files, their vital and sensitive information was lost forever.

What’s The Best Way To Protect Your Data Against WannaCry Ransomware?

Regularly updating and patching your operating systems, software, and the like is a good starting point, but there’s always more you can do to be proactive in protecting your digital assets.

Don’t fall victim to the next cyberattack. Learn more about cybersecurity best practices today with SiteLock or contact us for details about our security products.

What is a Vendor vs a Trusted Advisor?

Generally, vendors don’t take as much time to understand what the customer needs because they are primarily focused on closing the deal. At first, a customer will see you as a vendor and it’s up to you to change their perception and cement your stand as more valuable than just a supplier.

On the other end of the spectrum is the trusted advisor. A trusted advisor is responsible for offering solutions to a customer, based on their needs while also providing insight on the various products and services. They often help with strategy, current industry trends, competition, and are part of critical decision making.

Who Do You Want to Be?

Whether you want to be a trusted advisor or a vendor, the choice is up to you since you are the only one with the power to control how customers see you. In other words, how you act is typically how you will be perceived. If you treat your customers like they are just there for another sale, they will most likely treat you as a salesperson. If instead, you make it clear you want them to succeed in their goals, even if it means giving them a deal that doesn’t make you as much money, you will transition in their minds as someone they can rely on.

Importance of Communication

As a trusted advisor in the sales profession, it’s important work towards adequately solving problems for your customer base. Stay in touch with your customers, show interest in their various business engagements, and offer your expertise, even when you don’t make a sale. While making a sale is important, solving your clients’ problems should be your first priority. And, you’ll enjoy more business in the long run as a result.

Become the trusted advisor your customers are looking for with the SiteLock Channel Partners program.

What is crypto ransomware? Why is it dangerous? And, most importantly, what can you do to protect yourself from the 4,000 crypto ransomware attacks that occur every single day? Let’s take a look.

What is crypto ransomware?

Hackers weaponize encryption by designing crypto ransomware: harmful programs that render files inaccessible and let cybercriminals extort money from hapless victims. In essence, this is a digital hostage scheme. To restore files for regular use, you need a decryption key—which is the hacker’s source of leverage.

Hackers often demand their payment in cryptocurrencies, such as Bitcoin or Ethereum. To pressure victims into complying, they might limit the time window for wiring the desired sum or increase the ransom as time elapses.

Sometimes, these schemes don’t involve actual encryption at all—hackers may just use the threat of encryption to ask for money. Most often, however, malicious activity has already occurred by the time a user discovers that their private information is compromised.

Crypto ransomware attacks

“Your computer has been infected with a virus. Click here to resolve the issue.”

This is just one of many common phrases used in crypto ransomware attacks, designed to inspire panic and fear in the victim.

Crypto ransomware attacks are typically carried out via phishing emails. These messages use professional designs and crafty rhetoric to lure recipients into opening attached files such as Microsoft Word documents or Excel sheets. While the attachments appear to be official, they’re actually covert vehicles for ransomware.

Drive-by downloading is yet another common method of attack. This occurs when users visit a decoy website, and the crypto ransomware is secretly installed. These websites may be mistakenly opened from a phishing email, links on social media, or even internet search results.

In recent years, these nefarious attacks have become incredibly common and disruptive. In some cases, crypto ransomware infiltrates a company’s entire network, halting business activity until the infected devices are repaired.

Crypto ransomware prevention

At the end of the day, the key to crypto ransomware prevention is being proactive. Here are five practical steps for defending against bad actors:

1. Invest in strong, effective security measures—such as malware scanners, antivirus software, and web application firewalls—to evade a hacker’s tricks.
2. Back up important files using both cloud-based services and external hard drives. Also, make sure that these backups are disconnected from your computer. Crypto ransomware will encrypt your backups if it can.
3. Avoid downloading files from suspicious sources, such as emails from unknown senders.
4. Regularly update all the software on your computer. (Operating systems and commonly used applications such as Java, Chrome, and Microsoft Office have automatic update features to help with this.)
5. Educate yourself on best cybersecurity practices.

Finally, if you do fall prey to crypto ransomware, do not comply with a hacker’s demands. By giving in to their demands, you are encouraging them to continue this activity. Plus, in some cases, you might run afoul of laws or regulations about sending money to them because of where the bad actors are located.

Stay protected with SiteLock

Now that you know what crypto ransomware is, want to learn more about defending against cybercriminals? Read “What Is Ransomware?” to discover how hackers hold sites hostage—and which four steps can help ensure yours isn’t one.

What is a privilege escalation attack?

For the most part, privilege escalation is exactly what it sounds like. In the world of cybersecurity, “privileges” relate directly to how much information a system user can access—and how much they can’t. The more privileges one has, the more they’re privy to.

A privilege escalation attack involves a user gaining access to elevated rights or privileges, beyond (or above) what’s intended for their level of access. Whether it’s access to a network, application, or other mission- or business-critical system—and whether it’s executed by an internal or external bad actor—the result is the same: information, data, or power in the hands of someone to which it doesn’t belong.

Types of privilege escalation attacks

Generally speaking, there are two types of privilege escalation attacks—horizontal privilege escalation and vertical privilege escalation. Both fall under the same umbrella, with some key differences:

• Horizontal privilege escalation involves an actor gaining access to the rights of another account—whether human or machine—with a similar level of privileges. These attacks are referred to as “account takeovers,” through which lower-level, standard user accounts are infiltrated and taken control of. Though horizontal privilege escalation may seem less dangerous, the stakes can quickly grow. With each new horizontal account compromised, the bad actor broadens their sphere of influence, along with the amount of damage they can do.

• Vertical privilege escalation involves an actor gaining access to the rights of an account with a higher level of privileges. Sometimes referred to as privilege elevation attacks, vertical privilege escalation involves an attacker moving from a low-level of privileged access to a higher one. While horizontal privilege escalation often results from poor account protection or compromised credentials, vertical privilege escalation can be more complex, requiring bad actors to take multiple intermediary steps to bypass, override, or exploit privilege controls.

How does privilege escalation work?

Regardless of whether it’s horizontal or vertical, a privilege escalation attack typically involves the exploitation of some sort of privilege escalation vulnerability—such as a system bug, misconfiguration, or inadequate access controls.

Every account that interacts with a system has some level of privileges assigned, whether they’re known by the account holder or not. Standard users are typically restricted from accessing a system’s database, sensitive files, or any other sources of valuable information. Part of the reason standard users may not even realize they’re operating under privileges is because, unlike bad actors, they have no reason to access anything beyond what they’re entitled to.

In terms of how privilege escalation works, attackers will typically use one of the following five methods to gain elevated rights or access: credential exploitation (for example, taking advantage of a weak password), system vulnerabilities and exploits, misconfigurations, malware, or social engineering.

By employing one of these strategiesor tactics, bad actors can gain their entry point into a system. Once they’ve infiltrated the environment, they’ll surveil it until it’s time to take their next step—eventually initializing and executing privilege escalation to accounts with greater rights than the account initially compromised. Depending on their goals, they may continue to elevate their privileges to take control of an administrative or root account, or continue to work horizontally, until ultimately, they own the entire environment.

How can privilege escalation be detected?

When understanding how to detect privilege escalation, there’s not one single answer. There are a range of ways a privilege escalation can be detected whether through proven cybersecurity tools and software solutions, or mistakes on the part of the attacker.

Ideally, a bad actor will clean their tracks to remain undetected—masking their source IP address, deleting logs based on the credentials they are using, and more—but there isn’t always time to make every action untraceable. Because of this, a big part of understanding how to detect privilege escalation is learning to identify the most common mistakes bad actors make in these attacks.

Privilege escalation attacks are unpredictable, and even the best cybercriminals can find themselves in a bind. Once an organization detects an indicator that their system has been compromised, they can take the necessary steps to neutralize it—pausing or terminating the access session or monitoring the threat actor to see what exactly they’re after.

How can privilege escalation be prevented?

Of course, prevention is better than detection. When it comes to privilege escalation attack prevention, ensuring that standard, everyday users are up to speed on the basics of cybersecurity is essential. Uninformed users tend to be the weakest link—and their missteps can lead to a whole host of issues down the line.

By implementing consistent security training across your organization, and modifying it over time to ensure its efficacy, you can take the proper steps to prevent privilege escalation attacks on your system. Beyond education, implement cybersecurity solutions that help mitigate vulnerabilities and alert you to any suspicious activity. From system-wide vulnerability management solutions to password management tools, adopting effective technology is important, especially amid a time of increased remote work and organizational attacks.

In addition to the above, putting organizational processes in place to ensure that every user account maintains secure credentials, is set to the least amount of privilege necessary to do their jobs, remains protected through remote access, and is deactivated the moment the user leaves the organization can all help with privilege escalation attack prevention—today and into the future.

To learn more about how bad actors can gain access to your system, check out this article.

What is a Trusted Advisor?

Working together with clients by advising, strategizing, and executing their vision is not the ability of any staff member. It is a skill that a specialist learns and perfects over time by adapting to the changing trends while still delivering on the clients’ needs.

Trusted advisor meaning: A trusted advisor is someone who is considered a partner that the customer wants to work with when making strategic decisions to reach their goal. He/she offers sound and practical advice on the industry or competitive trends without putting their own interests first.

Patience, persistence, and focus are attributes of a trusted advisor who is seasoned in the art of bringing the customers’ needs into the spotlight. They will guide the customers before any decisions are made based on the behavior and projections of their particular industry.

How Do You Know If You are a Trusted Advisor?

There are no blurred lines between an advisor and a supplier. It is very clear when a customer relates to you as a trusted advisor based on the relationship and degree of involvement in their needs and goals.

Customers who only ask about products and services are normally not looking for an advisor. Still, those who inquire about the industry behavior, want specific needs addressed, or seek guidance on realizing their goals are in the market for a trusted advisor.

When you are in the loop for ideation and strategy meetings, that is a good sign. Your input may be valuable during the decision-making process, and your skills may be required to carry out business plans. This puts you in the right spot because it shows the customer is interested in your guidance and not just the products or services you deal in.

What is a trusted advisor in the eyes of the customer? Someone who is familiar with the functions of multiple departments, has a positive rapport with both them and their colleagues, and someone who can work hand-in-hand with them in achieving their goals.

The Benefits of Being a Trusted Advisor

Now that you understand the trusted advisor meaning, and how to tell if you are one, what are the benefits? After all, it will take time and effort to become a trusted advisor, so you need to know if it’s worth it. Ultimately, just providing valuable advice will make your customers happy, which will translate to an increase in the company’s bottom line. In other words, it is certainly worth putting in the work to become one. As a trusted advisor, you’ll enjoy:

● Higher Customer Retention

If customers trust you, they will stick around. They value their business relationship with you because it is beneficial to them, and they feel they are valued. A caring attitude towards them tells them you value their goals and needs. In other words, ‘service above self’ can prevent churn and yield more income over time.

● The Ability to Provide Quick and Direct Feedback

Knowing the industry details will put you in a position to advise appropriately and give feedback the customer needs directly. If there are any concerns, customers can present them early enough to be addressed before they become a challenge.

● Data Prediction

When a customer shares their data and statistics with you, it helps predict the future of their business in the industry. Understanding their current position in the industry will help you as a trusted advisor to forecast future trends and make informed and deliberate decisions for both them and your own company.

● Strengthen Inter-organizational Relationships

Company relationships that are formed based on trust are stronger and can result in better loyalty. Company-wide partnerships are beneficial to everyone involved. The operations flow smoothly most of the time, and changes like organizational restructuring are less likely to result in the end of the partnership.

● Increase the Value of the Customer

You have significant intellectual capital as a trusted advisor, meaning you are in a better position to help customers generate revenues and increase their bottom lines. With the partnership intact and working with real-time statistics, the future of an industry can be more easily predicted, which will give the customer more bargaining power, hence increasing their value.

● Managing the customers’ expectations

A customer will benefit from an advisor’s honesty and trustworthiness, even about things they don’t want to hear. For example, not delivering on what your company needs. Having a knowledgeable advisor who is privy to useful resources and insider information will ensure that expectations are realistically managed, and this may save money from being spent unwisely.

As a hosting service provider, your mission should be for your customers to look to you as a trusted advisor. Empower yourself in the realm of website security by offering your customers the tools they need to protect themselves. Learn more about the SiteLock Channel Partners program today.

As an increasing number of organizations maintain flexible or permanent remote work policies, more and more sensitive personal and business information is migrating onto the web—and cybercriminals are taking advantage. Between 2019 and 2020 alone, web application breaches doubled, and all signs point to the trend continuing throughout 2021.

With cyberattacks at an all-time high, it’s critical for individuals and businesses alike to understand how the majority of attacks occur—identifying what lets bad actors into these systems in the first place.

In most cases, the first step in a cyberattack is called reconnaissance. The bad actor surveys a system’s vulnerabilities and identifies the best one to exploit. The vulnerability they ultimately use to break in becomes the attack vector—the pathway of choice into an external software system. But what is an attack vector, and how exactly do bad actors use them? This article will provide an attack vector definition and answer the questions above, helping you understand the concept at the time it matters most.

What is an attack vector?

Put simply, an attack vector is a method of gaining unauthorized access to a network to launch a cyber-attack. Attack vectors are exploited vulnerabilities that enable cybercriminals to gain access to sensitive data—whether that’s personal information, business information, or other valuable information made accessible by the data breach.

Attack vectors can take various forms, including remote access trojans (RATs), infected email attachments, instant messages, text messages, malicious links, web pages, pop-up ads, and viruses. Often leveraging social engineering tactics, cybercriminals take advantage of more than just computer system vulnerabilities when they launch an attack—they target people’s social and emotional susceptibilities as well.

How do bad actors use an attack vector?

Cybercriminals typically launch cyberattacks to retrieve sensitive personal information from a software system. Most often, this is financially motivated. Bad actors can make money through cyberattacks, exploiting a vulnerability—and rendering it their attack vector—to break into a system and steal bank account credentials, credit card numbers, and more.

Beyond directly stealing money through an attack, some attackers opt for more sophisticated strategies. This can include selling stolen data in underground markets on the dark web or infecting a system with malware to gain remote access to a command-and-control server. By expanding their reach, cybercriminals set themselves up to infect more and more computers, using their network as a basis to launch more cyberattacks, steal more data, and potentially even mine cryptocurrency.

While most cyberattacks are financially motivated, some bad actors break into vulnerable systems for alternate purposes—like accessing personally identifiable information (PII) to commit insurance fraud or stealing healthcare information and biometrics to illegally obtain prescription drugs. Both the reason for a cyberattack and the cybercriminal’s attack vector of choice may vary, but all possibilities are dangerous—with the potential to evolve into more harmful attacks.

Understanding attack vectors

Still asking yourself, “what is an attack vector”? Expanding on the attack vector definition above, it may be helpful to break the concept down further. In general, attack vector uses can be split into two types of attacks—passive and active. Here are some examples of both:

• Passive attack vector uses: Includes attempts to gain system access without affecting system resources. Examples include typosquatting, phishing, and other social engineering-based attacks.

• Active attack vector uses: Includes attempts to alter a system or affect its operation. This can be achieved through malware, the exploitation of unpatched vulnerabilities, email spoofing, domain hijacking, and ransomware.

Differences aside, most cybercriminals follow a similar pattern when launching an attack. Once an attacker identifies a potential target, they’ll gather information using malware, phishing, and social engineering. From there, they’ll use the intelligence to pinpoint possible attack vectors—then put a plan in place to exploit them. Through this point of entry, they’ll gain unauthorized access to the system they’re targeting and leverage it to complete any of the attack vector uses described in the above section. Though use cases vary, the attack vector’s role remains the same: it’s the stepping stone into a system being targeted for an attack.

Now that you have a better understanding of what attack vectors are, how they’re used by bad actors, and the different forms they can take, you can get started on protecting yourself against these malicious threats. For more information on how SiteLock can help, check out our malware removal product.

Malware – A Plethora of Problems

1. Malware can entail code to steal a website’s information and data stored on a server. It can also steal sensitive data i.e. credit card numbers or personal identification information.
2. Malware could alter a website’s appearance, and remove bits of content or code that may be necessary for operation.
3. Ransomware, a form of malware, can appear requiring a party having to pay to regain access to their own data and login credentials if the website is hacked.
4. Hidden content such as malicious links may also appear throughout a website through malware which can damage a website’s reputation and ranking within search engines.
5. Cross-site scripting, another common side effect in many malware attacks. This particular attack is done without any sort of admin access. Essentially, by way of insecure code on the website, an attacker can manipulate the information passed to the visitor’s browser, to make a popup that is not a part of the site appear to be part of the site.

A common example of this would be a vulnerable bit of code allowing an attacker to add a pop up that makes it look like the user was temporarily logged out and needs to log back in. They’re still actually logged in, but they see the popup on the page, and they’ve not left the site or seen anything suspicious, so they “login” again. As a result, their credentials are sent to an attacker. The attacker does not have control over the website, but control over the appearance of the site to the end-user (visitor).

While hackers prefer to attack vulnerable websites that are outdated, malware shows no prejudice and can appear on any website or server – even ones using the most updated versions of WordPress or any other CMS.

What Will You Experience If You’re Attacked By Malware?

Just a few things that could occur include:

• A search engine can penalize you for having malware.
• Your website could develop multiple broken or redirected links. Since the malware will interfere with the website’s code, there’s a chance your site will be broken. Search engine crawlers can flag these broken or hijacked links or pages, further harming your search engine ranking. The worst part is your server might not notice these errors, leaving the damage for weeks or months.
• You could be fined for not complying with anti-malware rules and/or reported as hosting malware on your server.
• Other websites on the same server that are shared could also be impacted. Since malware requires extensive memory, CPU data, and other features to operate, other websites that use those resources on a server might lose access causing possible damage like a ripple effect.
• You can suffer a massive loss to your reputation, as people generally do not want to provide data to you if you’ve been compromised already.

A Challenge to Remove

Another reason malware on a server is dangerous is that it isn’t obvious it’s there and it’s sometimes a significant challenge to remove as a result. That’s why your best defense is a good offense. Enter Patchman – the tool you need to patch up vulnerable websites. While it doesn’t clean up malware, patching these vulnerabilities can often help prevent the elements that would otherwise lead to malware.

The example we often use is a house in the middle of a dust storm. The house is the website, and the dust is the malware. The windows and doors are the vulnerable entry points for malware (dust). Patchman is essentially going through the house and shutting all the doors and windows that shouldn’t be open so there is a significantly smaller chance for the dust to get in.

When you use Patchman, you can ensure Linux server security thereby protecting any website owners utilizing your servers as well. Learn more about what Patchman can do for you, and all of its features by visiting its website.

For starters, trends come and go, but the need for predictable and constant revenue remains. Another obstacle is that with technology growing by leaps and bounds on a daily, if not hourly, basis, startups can pop up and take over the market practically overnight without warning. How can one compete, stay afloat, and not just survive but thrive?

Competitive Advantage Types

Author and business strategist Michael Porter defined several distinct competitive advantage types in his 1985 book, “Competitive Advantage: Creating and Sustaining Superior Performance.” The four most important are Cost Leadership, Differentiation Leadership, Best Cost Focus, and Differentiation Focus.

Cost Leadership

A cost leadership competitive advantage involves having the lowest price point for your product or service. To make this sustainable, the business must find a way to have the lowest costs possible for marketing, customer acquisition, and product distribution.

Differentiation Leadership

Just like it sounds, the competitive advantage of differentiation is centered on a product or service having unique characteristics that consumers want. This requires adding elements that may not yet exist on the market, and/or bundling features into a single product to provide something that customers can’t get elsewhere.

Best Cost Focus

The best cost focus competitive advantage is centered on delivering the maximum value for the lowest possible price in a niche market. While competitors may in fact be cheaper, the best cost focus strategy is not about being the least expensive – it’s more about lowering the cost as much as you can and giving the customer more value to make up for the fact it might be more expensive than the competition. With this strategy, your customer should be able to answer why you’re more expensive and want to buy from you anyway.

Differentiation Focus

Differentiation focus is an evolution of the more broad differentiation leadership competitive advantage. The goal is to ensure your offering is unique compared with your competitors, and this may mean adapting your product or making it even better as new products/services come onto the market.

How SaaS Companies Can Find Their Competitive Advantage

Perhaps the better way to approach this is to get more specific and ask yourself – what is a competitive advantage that will work for our unique SaaS company? You should begin by thinking about what products/services are already available to consumers. Then, take it from there with the following questions:

• Why do people need our software?
• What makes our software different?
  • If nothing, what can we add to it to make it better?
• How expensive are we compared with the competition?
  • If we’re the most expensive, what value can we add to justify the expense to the consumer?
• Are there supplemental products we can bundle to our software that makes it more appealing?
• If a similar product comes on the market, what can we add to our current software to continue drawing in customers?

By considering the current market as well as the potential products that could come out, you have a better chance of future-proofing your company.

How to Use Cybersecurity as a Competitive Advantage

Your current customers and prospects are already thinking about cybersecurity. Are you providing them with a way of protecting themselves from cyberattacks? If not, you could be missing out on a competitive advantage that would not only bring you additional revenue, but would assist your customers in defending their websites.

Is your SaaS looking for sustainable competitive advantages over your competitors? With the ongoing problem of cybercrime, and one that seems to be growing, SaaS companies are using cyber defense systems to gain an edge. Perhaps it’s the key that your business has been looking for to earn and retain more customers. Bring cybersecurity solutions to your clients in less time with SiteLock channel partnerships. Learn more about our channel partner program today.

It is unsurprising to find malware hosted on GitHub. GitHub, being a free website specifically geared towards hosting and deploying code for millions of people and organizations, which makes it an ideal location for malicious actors to hide their own code. Whether pulling from their own repositories or pulling from the handy collections of malware analysts, bad actors have a handy location for their malware to reside.

A recent investigation uncovered two previously unexpected locations where malware could be found:

• The repository description
• Easily parsed Markdown files

A crafty attacker can easily use these innocuous locations to successfully hide and deploy a payload from GitHub than using traditional file-based methods. As such, malware analysts and researchers need to be on the lookout for additional non-traditional retrieval methods from GitHub as well as any manipulation of the retrieved content.

Discovery Method

A recent search of GitHub was run to search for a simple code snippet:

Aside from a wide range of “expected” repositories relating to scanners (Fig 1), there were also a number of repositories that appeared to display PHP code in the repository description (Fig 2).

Fig 1

Fig 2

Investigation

A quick investigation found these repositories either didn’t have any files in them or only had “expected” repository files such as Markdown files, LICENSE, files, and / or Git files. So where was the PHP code?

In the case of the first repository, there were no clues other than the search results. So, we need to take a look at just what GitHub displays in those results. Aside from the repository name, we can get some information about the repository including the code language in use (if any), the license that applies to the repository code, and the last time the repository was updated. Additionally, if the repository owner has added a description to the repository settings, we get an excerpt from that.

So, what is going on with these repositories that have no code? In those cases, what we see in the search results is the repository description.

Now that we know where the code is, we must ask ourselves two things. First, “So what?” Secondly, “How does that get leveraged?” The answer to both questions is “easily.”

Deployment Method 1

The first, and more worrying, deployment method leverages the repository description data to make the malware available without the use of actual files. The description, and everything “about” the repository, is readily available through GitHub’s Repository API. A simple call to the API with the user/repo in the URI and we get a nice JSON blob back.

This, in turn, can be stripped of slashes and executed with a simple PHP snippet.

Unlike the typical GitHub retrieval process which involves the obvious retrieval of a file from GitHub’s “raw content” URL (e.g., https://raw.githubusercontent....;owner>/<repo>/master/<path>), this mechanism simply appears to be retrieving the description of the repository. While the example above makes it clear that we are retrieving code and executing it, a crafty attacker could easily disguise it, so the evaluation happens elsewhere or uses a different method.

The main danger here is that the retrieval and display of a “description” field is, to most people, completely innocuous. In particular, the retrieval and injection of JSON content is completely normal in many cases. No one would think twice about a piece of code that retrieves a JSON blob, grabs a description field, and displays it or, with appropriate verbiage, executes it in some way. The only indicator, to most people, in this case is the repository owner and repository name.

Deployment Method 2

The second deployment method leverages files, but not in the typical fashion.

By retrieving the raw Markdown file, the README.md in the repository I found, the attacker would simply be retrieving an innocuous README. However, as shown below, some simple string replacement will convert the Markdown content into executable PHP code.

Again, there is little about the retrieval of a README file or, more generally, a Markdown file that would raise suspicion. Markdown files are, after all, not scripts or executables and contain numerous formatting characters that would make execution impossible. A crafty attacker could very easily disguise this retrieval in a way that allays suspicion about the purpose of the retrieval. Again, the only indicators where would be the repository owner and repository name if the attacker kept the data in the readme or license file.

Conclusion

Malware analysts around the world know and understand that malicious actors leverage GitHub to deploy their tools. This is nothing revelatory. What is unusual in these cases, is the alternative deployment locations for these samples and the stealthy way in which they reside in GitHub.

The primary danger with them lays in the fact, for all intents and purposes, these repositories appear empty and in innocuous locations which are being contacted to retrieve the payloads. It would take very little effort for a bad actor to store JavaScript or another client-side scripting language within the same field and then leverage it as the payload for a drive-by attack. With millions of people using GitHub to deploy code it is imperative that those who use it understand the risks that go along with it. SiteLock knows how important it is to protect websites from potential threats like hidden malware, even though they may be coming from a trusted source. Contact us to learn about our website security products or to speak with one of our security professionals about our services today.

The Benefits of Using Patchman

As we said, Patchman has come a long way since its inception. Here is a list of the features, and the benefits the user will enjoy with Patchman on their side:

CMS Application Patching: CMS protection is the core of Patchman’s focus. With automatic patching for common CMS applications such as WordPress, Joomla, and Drupal, Patchman will help eliminate the risk vulnerable CMS platforms can present.

Malware Detection & Removal: Hackers generally hack websites to take advantage of your server’s resources for spam runs, DDoS attacks, web shells, etc. With Patchman, these malicious scripts are automatically detected and quarantined, so you don’t need to clean up the mess.

Vulnerability Patching: As more businesses move online, eCommerce protection becomes more critical for the safety of both the company and the users purchasing products. Patchman solutions automatically detect and patch vulnerabilities in eCommerce applications ultimately reducing the attack surfaces stemming from vulnerable web applications.

Plugin Patching: With plugins representing 97% of vulnerabilities, it’s critical to ensure they are closely monitored and patched immediately in the event of an attack. Patchman will patch vulnerabilities with the most popular plugins making them as secure as their latest release.

Dynamic Malware Scanning & Removal: Patchman addresses polymorphic and injected malware in a powerful and automated way across an entire hosting platform while still having access to pinpoint accuracy. If any advanced malware is detected, Patchman will automatically and safely remove the malicious code from legitimate files without compromising their functionality.

Customer Alert Notifications: Building cybersecurity awareness and education is an important focus for Patchman. That’s why the software makes it easy to notify customers of security incidents and outdated applications. Users will be provided with detailed background information related to the various vulnerabilities that are found. In addition, users are offered customization capabilities to add in further education, best practices, or other relevant messaging.

Additional Patchman Features

There are several reasons hosting service providers prefer Patchman over other tools. These reasons include, but aren’t limited to:

Fast Set Up: With Patchman, you can start scanning your server in as little as 60 seconds with our installation and configuration process! The software also offers other integration methods including cPanel, Plesk or API.

User-Friendly Portal: Once set up, log into the Patchman Portal where you can easily configure, manage, and view details of your Patchman install.

Automated Workflow: Set it and forget it! Using automatic policies, you can inform your customers, patch vulnerabilities and quarantine malware.

Roll Back Changes: Quickly and easily roll back any fixes Patchman implements on your servers.

Host Provider Benefits

We covered this extensively in a recent post, however, the top three benefits of using Patchman for hosting providers are that it reduces churn by 20 percent, reduces system admin utilization by 50 percent, and decreases support ticket volume by 50 percent. Bottom line – Patchman makes the job of a website hosting provider much easier. Using tools like Patchman helps you, the hosting provider, actively defend against both new and commonly known cyberthreats that can impact website owners. More threats are popping up every day, and cybersecurity tools are more important than ever to have in your defense arsenal. Want to learn more? Visit the Patchman website today.

Welcome to Behind the Code, a new series of technical articles from SiteLock.

Driven by the efforts of the SiteLock Malware Research Team (SMRT), this series is aimed at providing readers with a unique lens “behind the code,” sharing interesting information regarding malware findings, website advice, and trending security news. This monthly series will also feature technical analysis, observations and statements, all from the perspective of SMRT.

As the world grows more connected, cyber criminals find new ways to breach our defenses and access our most sensitive data. The reason is simple: increased interconnectivity means there’s more data up for grabs. Thus, the cybersecurity landscape continues to expand and evolve, making the internet a more dangerous place. According to our 2020 Annual Security Report (ASR), websites are attacked an average of 94 times per day. The same research found that at any given moment, 12.8 million websites get infected with malware. The threat isn’t slowing down. In fact, these attacks are becoming even more sophisticated and complex—and harder to detect.

The sooner a new threat is detected, the sooner it can be dealt with. That’s where SMRT comes in. Our team of cybersecurity analysts conduct innovative research at the forefront of the cybersecurity industry, by identifying, addressing, and remediating new strains of malware and other vulnerabilities more quickly than competitors. The speed at which we edge out the competition is due, in part, to SiteLock’s extensive threat library: the industry’s largest, consisting of more than 10M signatures (and growing). SMRT continuously reviews suspicious new code to identify burgeoning threats—and also to better serve SiteLock customers as a trusted advisor, keeping them continually protected and proactively informed. Customers are crucial participants in the threat discovery process; simply conducting a routine cleaning on a client’s website allows SMRT research analysts to isolate new malware and other security-related issues that can impact SiteLock’s customer base, or the cybersecurity landscape at large.

A typical day for a SMRT research analyst might include discovering unique exploits, new malware encoding techniques, and a wide range of nefarious software and dangerous applications. Through Behind the Code, we’re excited to share these discoveries with you, from the perspectives of SMRT research analysts on the front lines in the fight against cybercrime.

Each Behind the Code installment features an inside look at the latest discoveries and trends in malware, helping readers stay educated, aware, and proactive within the ever-evolving and ever more perilous cybersecurity environment. Plus, readers can look forward to receiving critical and accessible cybersecurity information on how newly identified malware may affect them—and how they can best protect themselves against these threats..

Follow Behind the Code, hitting the SiteLock blog each month. To learn more about website security, contact us at (866) 218-4302.

Dashboards for Data: Key Benefits

As a channel partner, regardless of who you are partnering with, the goal is simple – make more sales. Not only does it benefit you by adding revenue to your bottom line, it benefits your users because they have gained access to new products and services. When you choose to partner with a company that provides customer dashboards, you’re giving your end users the following benefits:

1. Transparency

Dashboards for data provide a level of transparency to the customer on product performance. The raw information tells them everything they need to know about the state of security related to the products they are using. For example, if they have purchased a web application firewall (WAF), they can see whether or not it is active and view pertinent details related to it. If they have malware scanning and vulnerability scanning products, their dashboard will display critical information at a glance as well.

2. Real-Time Data

In the world of cybersecurity, timing is of the essence. With SiteLock’s dashboards for data, you can provide your end users with real time data. This information lets them know where their site is at risk, performance results of the product, important messages they should be aware of and more.

3. Bird’s Eye View in One Place

Few things are as frustrating for a user than the need to log into multiple accounts to get a full status report of the state of their cybersecurity. When you’re partnering with SiteLock, you can rest assured that your customers will enjoy a one-stop-shop. All of their SiteLock products will be listed in their customer dashboards in one location so they don’t have to hunt and peck to find out if their website is at risk.

Why You Should Use Dashboards for Data as An Evaluating Tool

At SiteLock, we understand that there are many companies that you could partner with. However, we also understand that not all of them are using customer dashboards. Here are a few reasons you should use dashboards for data as an evaluation tool as you debate which companies would be best to partner with:

1. Increased Customer Satisfaction

Customer dashboards provide a seamless user experience that can provide increased customer satisfaction. Your end users want to see that their websites are being defended. They want proof that they are secure. Dashboards for data gives them the evidence that you can back up your promise of defending them with the products you are selling.

2. Decreased Churn

Want to know one of the biggest reasons people cancel product subscriptions? According to Verafast, one of the top seven reasons customers cancel is because they “did not see the short-term or long-term value of your services.”

Dashboards for data give you a visual way to communicate your product value. Users can see, in real-time, how the product is benefiting them. And, with every report of blocked hacking attempts and/or vulnerabilities patched, they are less likely to cancel.

3. Easy to Use

Lack of knowledge is another big reason people cancel their subscriptions – this can mean knowledge of how to use the product and/or how to integrate it. This is where SiteLock will help you in your sales proposition again. Your end users will enjoy simple integration. There is less work and understanding required to build all of that detail in their own dashboard. Cybersecurity doesn’t have to be complicated, and SiteLock helps ensure your customers will be able to see and understand the threats they are being defended from.

Elements Customer Dashboards Should Have For Cybersecurity Products

Just a few of the elements our dashboards for data feature that we dare say every cybersecurity company should offer include, but aren’t limited to:

• Single sign-on (SSO)
• Intuitive look/feel
• Easy to understand product performance details
• Report generator
• Manage products/services
• Ease of contacting support

We are proud to say that SiteLock’s customer dashboards feature all of these elements and more. Ready to partner with a company that cares more about delivering maximum value to your end users? Learn how the SiteLock channel partner program works, and apply today!

President Joe Biden has recently called on international governments to implement better safeguards and measures to deter such attacks as well as calling on international leaders to do more to punish criminal organizations within their countries borders. President Biden has gone so far as to create a new executive order to address the increase of these attacks such as that on the Colonial Pipeline or JBS meat packaging. The hope is that this is the dawn of a new, technologically aware, cybersecurity conscious government; one that responds and works in tandem with the private sector to have better policies and procedures such as “zero trust” models, or follows solid cybersecurity frameworks such as NIST.

The Effects Of Ransomware On SMB And Brands

What does this really mean for SMB business owners though? Surely these criminal organizations have no real want or need to capture and ransom the data of a relatively unknown “mom-and-pop” shop hoping to sell their beloved family recipe cookies? Wrong. What is more evident today now than ever, is that cyber criminals do not discriminate when it comes to targets.

View Post

Criminal hackers’ main objectives are obtaining as much monetary gain through the mass accumulation of sensitive or business critical data. Every “pwnd” server or compromised company is a revenue stream or seed and thus are thoroughly fought for. Hackers do as much as they can to compromise the environments and siphon as much information and data from their targets, regardless of their size. When it comes to ransomware, victims have very few options and sometimes it is easier to simply go back to the attackers to get your precious data back.

Not only is this a logistical nightmare for small businesses, but it also overtly affects the way that your customer’s see and trust your brand. Brand damage is one of the most critical consequences when it comes to ransomware attacks. In fact, recent surveys found that over 59% percent of people would likely not continue to support businesses that were affected by ransomware compromises. Remember the hit that Target took when they got hacked? Even though this was a different type of attack on a large corporation, that broken trust and massive impact can be life or death for a small business owner.

Easy, Everyday Preventative Measures

SiteLock understands that the average business owner might not have a cybersecurity incident response team, let alone the internal expertise, resources or bandwidth to implement their own cybersecurity playbooks and frameworks. However, the best way today’s SMB can maintain a strong security posture is to prevent or deter a ransomware attack altogether. The following are steps to intended to help prevent a ransomware attack on your website, as well as give you better insight on some world class security strategies.

3-2-1 Backups

Although it might just sound like a kitschy phrase, the 3-2-1 backup is the tried-and-true way to maintain any sort of important backup. Always having 3 copies of backups, two being “on-site” in differing formats or mediums, and one being offsite or in the cloud. So, for a standard WordPress site, you could work with your hosting provider or with SiteLock to maintain 2 different backups.

For instance, one could be a host maintained restore from a .zip file alongside a SiteLock download of your database in .sql file format which you can recover from. In most cases you will also want to keep a backup off site. This means you should avoid having your backups in the same network or server that your services are hosted on. You don’t want to keep your backups in a place that an attacker may gain access to and leave you empty handed when disaster strikes.

Having regular backup schedules also helps provide a solid baseline image of your site when it is healthy and uncorrupted. A solid backup of your website can cripple a ransomware attack. If you have an up-to-date backup of your own data offsite, there is (in many cases) nothing of structural value for the attacker to hold for ransom. This by all intents and purposes is only from a purely structural standpoint. Meaning, if you house Personal Identifiable Information (or what we call PII), that information should have additional measures of protection on them such as encryption and salting/hashing.

In most, if not all cases where a ransom was not paid, a company’s backup solution provided critical mitigation efforts to quickly address the compromise and bring back operations quicker than those who did pay a ransom and had to wait for criminals to maybe decrypt your data. You never want this task left to the whims of a criminal hacker. They may return your data, but you can never trust the integrity of the information was left unscathed.

The Principal Of Least Privilege

With many standard content management systems, you will need to have at least one admin account to make updates, post content or moderate the site overall. The Principal of Least privilege is another classic security strategy that can be utilized across all sorts of platforms and services. When we talk about a small business website, we always want to make sure that authorized access is restricted to only a few people and others are only given certain permissions based on their roles. Nothing more, nothing less.

This principle also includes permissions on directories, files and other infrastructure that are necessary for your site to function. It may be quicker and easier to create admin accounts for everyone, but if one of those accounts is compromised, the consequences can be grave. Some areas of concern as well as best practice for using the least privilege principle would be in the following areas:

• Database user privilege’s – In most CMS’s, this is the heart of the content and the belly of the beast. Your sites most important data is stored and served from your database. It is extremely important to make sure that you understand the ins and outs of how your CMS or site interacts with your database. In many cases, you do not need to have your database user with full permissions such as being able to alter a table or worse, drop or truncate your tables.

A good start is to have your database users only be able to READ and Write to the database. Again, every site and CMS is different but having a strong password, keeping your database configuration file hidden and maintaining suitable database user permissions will make it much more difficult for a hacker to seriously compromise or ransom your database.

• Website user and admin permissions – As mentioned above, it might be quicker for your developer to just create a new admin user for the new intern to get in and make quick changes to the site. This is a detrimental flaw in security as usually the path of least resistance leads to a path full of horrible security disclosers. Don’t be that Dev! Instead, always make sure that newly added users and or admins are given the LEAST amount of privileges needed to be able to do their job.

You will have to investigate your CMS or site to determine the best user hierarchy or structure. It is also very important to never share your passwords and to keep strong, random passwords only. If you have a Dev team, make sure that they are using a password management tool to manage their passwords and always use a randomly generated password as this can help prevent hackers from cracking your user’s passwords.

Closely monitoring activity logs will also help you keep an eye on what users are doing and see if irregular changes are being made by certain users. This should also extend to other accounts such as FTP users, users that access your sites server via SSH, or even users from third party platforms. Two-Factor Authentication (2FA) is a great preventative measure to deter would be bad actors from easily taking over an account, so apply 2FA wherever you can!

• File and Directory permissions – Files and directories are often overlooked but especially critical to the safety of your site. Permissions should always be set to the lowest necessary level to make your site function properly. This is never a one size fits all solution but keeping your file permissions weak and open can lead to criminal hackers’ using those files in unsuitable or outright malicious ways.

Outside of setting secure permissions to files and directories, finding ways to hide important directories and files is another great way to deter would be hackers from gaining more insight to how your site is operates along with its potential vulnerabilities. In most sites, you can utilize some .htaccess rules to simply steer people away from directories and files you do not wish them to see or have access to. The use of server environment variables can also help to hide important website or applications configurations from those who might have unauthorized access to your site’s files and directories.

• Updating everything – One of the most common and overlooked issues when it comes to managing sites and content management systems for small businesses, is making sure that all parts of your site are fully updated, and all third-party plugins or modules are running on their latest secure versions. Today’s SMB business owner wears many hats including sales, art director and marketing manager. Add cybersecurity expert and website admin to this list and it’s easy to get overwhelmed.

SiteLock can help by automatically warning you when things are out of date on your site. Over 50% of sites that are cleaned by SiteLock’s Website Security Analysts are compromised due in part to out of date themes, plugins or other third party developed software packages. Also using verified third party software, or packages that are often updated and maintained, help in reducing your susceptibility to vulnerable plugins.

Bringing It All Together

At the end of the day, maintaining regular backups in multiple places that are accessible is one of the strongest ways to mitigate a ransomware attack on your site. Implementing other preventative measures – such as limiting privileges on database users, website users, as well as any admins or developers – can help ensure you have strong user authorization methods and a means to monitor what users are doing on your site. Understanding the least amount of file permissions and directory permissions necessary to have your site functioning also helps to mitigate cyber criminals from compromising your site. Finally, regularly reviewing and updating your site’s CMS as well as any third-party packages or modules can help ensure you’re not leaving the door open for cyber criminals to gain access to your sites important database records or files.

As a recognized leader in the cybersecurity industry, SiteLock is here to help. Speak with a SiteLock Website Security Analyst to learn more about preventing ransomware and other cyber threats and let us help you start protecting your website today.

About The Author

Daniel Convery – Is a Website Security Analyst. When not studying for security certifications or figuring out interesting bash one-liners, you can find him making weird noises with one or more of his synthesizers or playing some boomer-shooters.

Discover an interface redesigned for easier navigation, deeper visibility, and smoother integrations—delivering loyal SiteLock customers a user experience that empowers stronger security awareness in a time of heightened cybercrime.

Introducing the new SiteLock Dashboard, updated to deliver all of the same account, product, and support information you know and love, with enhanced capabilities and features. The latest dashboard innovation offers users a more intuitive interface, visual design, and elevated user experience—bringing simplicity and streamlined navigation to every interaction.

Of course, the improvements are more than just aesthetic. Explore a revamped layout that provides the most important security details you need to understand the health and safety of your domain(s) in real-time and leverage them to make the most informed security decisions possible.

With the new SiteLock Dashboard, users are immediately alerted to any security threats, and easy-to-use, automated controls make managing and neutralizing them easy. With accurate and comprehensive cybersecurity information at your fingertips, you can view any account or product details with the click of a button. Seamlessly access our multilingual dashboard and be empowered to take control of your security once and for all—maintaining a good and stable security posture with ease.

As you explore the new SiteLock Dashboard, do it all with the reassurance that you’re ready to lean into what’s new—and next—in the cybersecurity space. The new dashboard layout will better support the addition of SiteLock product offerings down the line, so you can reap the benefits of a scalable, sustainable solution today, tomorrow, and well into the future.

The State Of Cybersecurity Today

As the internet continues to evolve and more of our lives migrate online, there’s no question that cybercrime is on the rise. But in 2020, what was once a steady shift quickly became an explosion. Virtually overnight, hundreds of thousands of businesses transitioned to remote work in response to the COVID-19 pandemic. Suddenly, there was exponentially more data up for grabs—and cybercriminals were well aware that many of these companies had failed to institute the proper security precautions in the name of speed and convenience. Almost immediately, cybercrime skyrocketed.

According to the Verizon Business 2020 Data Breach Investigations Report, 86% of the investigated breaches in the past year were financially driven. 70% of those breaches were caused by external actors or cybercriminals, and 67% included credential theft and social attacks including phishing and business email compromises. Between 2019 and 2020, web application breaches doubled. Stolen credentials were used in over 80% of these cases, a concerning statistic as more and more business-critical workflows move to the cloud. Given the largely continued—and in some cases, permanent—remote work policies of businesses, these trends are unlikely to let up in 2021.

It’s not just that cybercrime is rising; it’s also getting more sophisticated. The same study points toward smarter ransomware attacks persisting in 2021. Instead of simply locking users out of their systems for ransom, many hackers are turning to data extortion and data leaks to put more pressure on companies. As companies purchase more software solutions to expand their businesses, support digital transformation, and accommodate the growing work-from-anywhere culture, hackers are increasingly attacking companies through the software they use—and they’re getting even better at covering their tracks.

As cyber threats mount and the stakes continue to grow, both individuals and companies need to evolve, gaining the tools, solutions, and knowledge necessary to properly defend themselves and protect their data from bad actors. The good news? Cybersecurity professionals are here to help. With the right cybersecurity measures in place—and a professional team on the job—you can ensure that your threat detection is up to par, that the visibility and insights you need are available, and that if a threat does break through, you and your team are equipped to neutralize and prevent it from happening again.

The bottom line? We are evolving with you to face these threats, and the updated SiteLock Dashboard’s latest developments are a significant piece of that. See below to explore the difference between your current dashboard display and the new and improved, enhanced version—and immediately feel the difference in your cybersecurity confidence.

Old vs. New: The SiteLock Dashboard

The current SiteLock Dashboard delivers instant threat notifications, as well as real-time information including scan summaries, traffic analysis, remediation advice, and various support options. Within the existing SiteLock Dashboard, users are able to quickly and intuitively understand the health and security of their domain(s), review performance details related to active products, and easily manage their services. It’s simple, seamless, and secure—and it’s all available on a single platform.

The current SiteLock Security Dashboard offers the following features:

• Threat detection with real-time notifications.
• Real-time information delivery (product details, account details, billing information, scan summaries, traffic analysis, remediation advice, and various support options).
• Accurate and real-time measure of your domain(s) health.
• Key performance details related to your active products.
• Comprehensive management of services and solutions.

The enhanced SiteLock Dashboard offers all this and more. The updated model takes the best of the existing SiteLock Dashboard and elevates it, delivering users a more streamlined user experience and more intuitive design layout while transforming data into insights through dynamic, at-a-glance displays and reporting. Dive deeper into your data with a revamped product that lets you evolve with the times, and ultimately, do what matters most: better prevent cybersecurity threats.

The updated SiteLock Security Dashboard offers the following enhanced features:

• Powerful product drill-down ability. Gain the ability to “drill down” into product cards for more detailed security information. This includes backup quota usage, scan dates, custom scan statistics, and list of Web Application Firewall (WAF) features.

• Separation between account-level and site-level subscriptions. View your subscriptions in a more intuitive way, easily accessing the information you need, right when you need it.

• New Max Risk Score calculation and display. SiteLock users whose subscriptions include the SiteLock Risk Score will now see the highest risk score across all their account’s domains highlighted at the top of the dashboard, under an icon called “Max Risk Score.” The update enables users to see—with just a quick glance—whether any of their sites are at risk.

How Is The SiteLock Risk Score Calculated?

The SiteLock Risk Score is a proprietary, predictive model used to determine a website’s likelihood of compromise. The solution looks at three main categories to determine risk:

1. Website complexity: Takes into account factors such as size and whether you use a database to store your customer information.
2. Website popularity: Determined by traffic metrics and social media presence.
3. Website composition: Analyzes the software and other components used to build your site.

SiteLock then looks at 500+ different website variables to calculate your risk score on a scale of low, medium, and high. A low-risk score means your site is just as likely to be compromised as the average website, a medium risk score means your site is six times more likely to be compromised than the average website, and a high-risk score means your site is 12 times more likely to be compromised than the average website. For questions about your risk score, contact the SiteLock Dashboard support team.

• Updated layout, design, and color palette. Enjoy a simplified navigation through the revamped visual design and get the most common information you seek with even greater efficiency and ease.

From increased efficiency to stronger customer satisfaction and more, both customers and channel partners are positioned to reap the benefits—one improvement at a time.

Top Benefits For SiteLock Customers And Channel Partners

Here’s how the new dashboard will level up both day-to-day use and long-term ROI for both SiteLock customers and channel partners alike:

• Improved user management. Find important information quicker and easier with a more intuitive navigation and streamlined data presentation.
• Enhanced security education. Build security knowledge and awareness with new features, including a more prominent display of the SiteLock Risk Score and product “drill down” cards to obtain additional details on each SiteLock product.
• Single product dashboard. Rest easy knowing that all updates occur in the same, reliable dashboard you are used to allowing continued and convenient management of all your SiteLock products without any of the growing pains of an entirely new solution.

In addition, the new SiteLock dashboard provides channel partners with the ability to gain a competitive edge in the market by offering a more powerful and proactive security management experience for their customers, while also helping them attract new customers and increase revenue.

The Future Of The SiteLock Dashboard

As a SiteLock customer or channel partner, you know that we’re never done evolving. Continually updating and improving our products is what we do, and it’s a large part of the value we deliver to loyal SiteLock users like you. As we continue to grow as an organization and expand our product portfolio, we will continue to deliver more sophisticated and powerful features and functionalities—driving innovations that allow you to dig deeper into your security data, improve your security awareness, and remain ever-secure in a rapidly changing, increasingly complex cybercrime landscape.

Optimized to accommodate smoother product integrations and better support additional SiteLock products going forward, the newly updated SiteLock Dashboard was created with the future and all of its possibilities in mind. With this update, you’ll gain both a powerful new dashboard design and a steppingstone to all that’s to come in one of the world’s most cutting-edge, high-impact industries. Of course, it goes without saying—every one of these groundbreaking developments will be in the name of one goal: to prioritize your protection.

While we hope you enjoy the new SiteLock Dashboard and the enhanced user experience, customer satisfaction, and data visibility that it delivers, we also hope you know that the new SiteLock Dashboard is only the beginning—and we’re all looking forward to what’s next.

If a cybercriminal has targeted your organization, you may be wondering: What should a company do after a data breach? Who do you report a data breach to? And how much does a data breach cost a company, when all is said and done?

While every cyberattack is different, there are a few trusted steps you can take to bounce back from a data breach. Let’s take a closer look.

What should a company do after a data breach?

In the wake of a data breach, many companies feel paralyzed. Here are five steps to take as the victim of a data breach:

1. Confirm that a breach actually occurred. First things first, you’ll want to determine whether this is a false alarm or a full-blown data breach. Has a hacker really stolen private information from your company, or is this just an elaborate scare plot to extort money from your business? For example, ransomware victims can verify whether an attack has occurred by checking to see if their data has actually been encrypted—or if a cybercriminal is just faking it.

2. Determine what data was stolen. Social Security numbers. Dates of birth. Email addresses and passwords. Pinpointing what information is in your hacker’s hands is a top priority. The last thing you want is to be left in the dark, wondering.

3. Take action to prevent damage. When targeted by a data breach, another one of your first thoughts may be: Who do you report a data breach to? The answer will depend on what information was exposed in the breach. For example, if any Social Security numbers were stolen, you’ll want to contact the major credit bureaus. Were your credit card or bank account numbers leaked? Notify the businesses that maintain those accounts so they can monitor them for fraudulent activity. At the end of the day, quick action can mitigate damage—and prevent further consequences.

4. Communicate with customers and employees. Customer and employee data often gets exposed in corporate data breaches. These parties have a right to know their private data has been leaked—so clear communication is critical. Better yet? Be prepared for crisis communications long before disaster strikes. As noted in one Harvard Business Review article, “When a data breach happens, there is nothing worse than trying to figure out how to manage the crisis on the fly as it is still happening. That’s why every strategic marketing plan, and every company’s overall security strategy, should incorporate a data breach communication plan.”

5. Learn what went wrong. Identify your points of weakness to prevent future data breaches. For example, were your passwords too obvious? Then study the ins and outs of creating an uncrackable password to ensure you don’t make the same mistake twice. Educating employees about best cybersecurity practices can have a tremendous payoff, saving your company from future attacks.

How much does a data breach cost a company?

Wondering how much a data breach might cost your company?

The answer may surprise you. According to IBM’s 2020 Cost of a Data Breach Report, data breaches cost companies an average of $3.86 million per incident. What’s more, it takes businesses around 280 days to identify and contain a breach.

The bottom line? Data breaches cost your company valuable time and money—and strong cybersecurity is essential in the digital age.

Learn more with SiteLock

Now that you’ve answered the questions “what should a company do after a data breach,” “who do you report a data breach to,” and “how much does a data breach cost a company,” you’ve covered the basics. Want to learn more about these malicious attacks? Read “What Is a Data Breach” or contact SiteLock today to discuss how we can help your business protect itself from data breaches.

The biggest takeaway from these threats are that companies that are the most security-conscious are the ones that will win more customers, and enjoy higher profit margins.

Cyber Security for Small Business More Critical Than Ever

If you were to ask nearly any CEO in the United States, if not the world, what they consider their top revenue drivers, it’s doubtful they would respond “cyber security for small business.” However, the reality is that security is more important now than ever before. Consumers need protection, and as they become increasingly aware of the very real cyber threats online, they are becoming more selective about the companies they choose to engage and shop with.

As an indirect result, the companies that are helping their customers to feel safe and secure are the ones earning the highest profits. Security concerns are one of the top reasons that a customer will abandon their shopping cart online, and it’s your job to mitigate threats to website visitors. As the Federal Communications Commission explains, “Every business that uses the Internet is responsible for creating a culture of security that will enhance business and consumer confidence.”

When customers feel safe a company enjoys:

• Consumer loyalty and lower rates of churn
• Enhanced B2C and B2B relationships
• Increased public perception
• Improved reputation
• Less risk to their bottom line thanks to a decrease in the risk of theft/loss of data/files
• Protection of current and future revenue streams

Bottom line – when a company is secure, everyone wins. From the shareholders to the CEO to the employees to the customers – they are all counting on the upper management to maintain a safe website, internal network, and infrastructure overall.

Help your clients protect their end users. If you are not providing solutions related to cybersecurity for small business, you’re missing out on key opportunities to grow and scale your own organization. The SiteLock channel partner program can help you cash in on one of the fastest growing revenue drivers. Learn how today!

While the recent transition to remote work has complicated many businesses’ ability to keep their data secure, you can better safeguard your organization’s sensitive information by following some general guidelines:

• Conduct regular company-wide cybersecurity training. The first step in learning how to prevent a data breach involves recognizing common social engineering tactics bad actors may use to trick your employees into unwittingly sharing their login credentials with a cybercriminal. Training your employees to recognize phishing and spear phishing emails goes a long way towards protecting your organization against dreaded data leaks. Training should also educate employees on how to recognize a data breach after the fact.
• Make sure all security software is patched and up to date. Firewalls, scans, and antivirus software are all effective tools to have at your disposal, but bad actors can exploit their vulnerabilities if patching and security updates aren’t installed. With that in mind, make sure to upgrade mobile devices once the manufacturer stops supporting the software.
• Destroy before disposing. When determining how to prevent a data breach, remember that merely deleting files or reformatting devices doesn’t erase the data they stored. Before tossing your company’s old hard drives and mobile devices into the trash, make sure to take the proper steps in permanently deleting their data. Otherwise, you’re just leaving a treasure trove of potentially sensitive information for malicious actors to find.
• Conduct a security audit. It’s worth consulting an IT professional to perform a complete security audit on your information systems to help identify vulnerabilities and risks that may otherwise go undetected.
• Only send encrypted data. When sending confidential data by email, or otherwise, make sure it’s encrypted. Remote employees should bypass any unsecured WiFi hotspots in favor of a secure network designated for your team’s use.

Plus, it’s always a good idea to stay vigilant. When trying to figure out how to recognize a data breach, make sure to report anything that seems suspicious to IT. That might include experiencing multiple failed login attempts, applications launching automatically, unexpected software installations or file downloads, unexplained system reboots, unexplained changes to files, and the like. Noticing one small detail and detecting a data breach early can pay dividends when it comes to protecting your business’s health and longevity.

Curious to hear more about how SiteLock can protect your data? Get in touch with us today and speak with a security professional about how we can help your website security.

Just a few of the ransomware attacks that have occurred recently include:

• The JBS ransomware attack – they paid $11 million ransom
• The Department of Justice Seized $2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists Darkside
• Colonial Pipeline, the largest fuel pipeline in the United States, suffered a ransomware attack that “crippled fuel delivery for several days in the southeast region”

To make matters even worse, NPR reported the U.S. is now suffering more than seven ransomware attacks each hour making it a national security risk. With stories like this coming out in the news what feels like almost weekly, if not daily, many businesses are looking to cybersecurity companies to offer defense solutions against ransomware and other threats.

Impacts of Ransomware Attacks on Small Business

Harvard Business Review (HBR) reported, “In 2020, the amount of ransom demanded grew to the mid to high seven-figure ranges. At the end of 2020 and into 2021, we have seen some ransom demands reaching into the tens of millions of dollars.” The reality is that numbers like this can disrupt if not bankrupt the average small business. The higher the demands, the more likely a company will be unable to recoup their losses. What’s worse is that in many cases, paying does not ensure a company will recoup stolen data. In some instances, companies lose access to their websites as well.

If that wasn’t bad enough, as Insureon explains, not only is the company on the hook for an untold amount of ransom, but they are often offline in the interim. As a result of their downtime, they suffer lost revenue, and “may also lose customers and potential new business.” After all, customers are weary of buying from a business who can’t keep their data safe.

As HBR so aptly put it, “The company is [often] left between a rock and a hard place — either pay millions of dollars in ransom to criminals or have sensitive and valuable confidential information publicly exposed.”

That leaves many companies flailing and trying to figure out their best course of action. For those that do survive, they will be looking for protection, and those that have not yet been impacted are waiting for the shoe to drop fearing the inevitability that they will ultimately be attacked.

What Partners Can Do to Help Protect SMBs

The good news is companies don’t have to just sit and wait to be attacked. They can take actions to defend themselves in an effort to prevent a ransomware attack from even occurring in the first place. The first and best line of defense is to provide software such as Patchman which simplifies cybersecurity for web hosting providers.

With Patchman, CMS vulnerabilities such as ransomware, a form of malware, are proactively patched before they have a chance to become a problem. The software runs 24/7 looking for and patching up leaks in websites to protect both website owners and hosting providers from potential breaches. It’s more important now than ever that defenses are put in place to protect websites and data from these relentless cybercriminals. Learn more about how Patchman can help you protect SMBs.

Like most people, you hope to avoid hearing the aforementioned words at all costs. However, data breaches happen far more often than you might expect. In 2020 alone, 1,001 data breaches swept the United States—affecting a staggering 155.8 million individuals.

With that in mind, you may be wondering: What are some specific examples of a data breach? Here are three recent data breach examples that shook the corporate world.

Three recent data breach examples:

1. Scripps Health Data Breach

On May 1, 2021, one of San Diego’s main health care systems, Scripps Health, had its technology servers hacked in a sudden ransomware attack—proving that no industry is immune to data breaches. Fallout from the attack disrupted care givers’ access to patient information and the ability to communicate with their patients. An employee of a local hospital, UC San Diego Health, put it this way: “As recent events at Scripps Health illustrate, health care systems continue to be prime targets for cyberattacks.”

2. MultiCare Health System Data Breach

In late 2020, the Tacoma-based health care firm MultiCare Health System fell victim to a data breach compromising the personal information of up to 200,000 patients and workers. This stolen data included Social Security numbers, dates of birth, and insurance policy numbers—and MultiCare Health System had to pay a ransom to prevent the information from being shared publicly.

3. Cancer Treatment Centers of America Data Breach

In early 2021, Cancer Treatment Centers of America alerted 104,808 patients that a data breach compromised their protected health information. The compromised data included patient names, health insurance information, medical record numbers, account numbers, and other medical information—none of which was meant for the public eye.

No target is too small

The data breach examples above may center around large health care organizations—but cybercriminals don’t discriminate by size or industry. They’ll gladly exploit any vulnerability they discover. Across the world, companies large and small fall victim to data breaches on a regular basis: suffering from financial loss, compromised trust between clients and employees alike, and even reputational damage.

According to one PwC report, 85% of consumers won’t do business with a company if they have concerns about the business’s security practices. A 2019 Verizon study backs this point up, with 69% of survey respondents saying they would avoid a company that had suffered a data breach. The bottom line for modern businesses of all sizes? Strong cybersecurity is nonnegotiable.

Now that you’re read a few examples of a data breach, want to learn more to keep your company protected? Read “What Is a Data Breach.”

Marketing Plan vs Marketing Strategy – What Is The Difference?

Simply put, a marketing plan consists of one or more marketing strategies. In other words, a marketing strategy is but a single element of an overarching marketing plan.

Put another way, a marketing strategy is the method by which a business can go about achieving its goals. A marketing plan will use one or a variety of marketing strategies to align a team and help them take cohesive action together towards a common mission.

Think of it like a map from Florida to California. The marketing plan is the road map taking you from point A to point B. The marketing strategy is why you want to get to California from Florida – it’s your purpose for the drive. You need both to make the trip successfully.

Contents Of A Marketing Plan

A marketing strategy will remain constant, but a marketing plan can change and adapt as needed to ensure that the main objectives of the company are being achieved.

A marketing plan will include:

1. Executive summary – Also referred to as the business mission, this section of a marketing plan gives a brief look at how you will map out the steps to achieve the goals laid out in the marketing strategy
2. Key Performance Indicators (KPIs) – These are the metrics you will use to determine if your company achieved its goals. For example, if the goal was to earn more revenue, what KPIs will indicate whether or not this goal was met? The KPIs your marketing plan uses might include:
   1. Conversion rates of visitor to customer, newsletter signups, or repeat purchases
   2. Cost per conversion
   3. Cost of customer acquisition
   4. Number of website visits/clicks from social media/organic search/paid campaigns
   5. Number of inbound links
3. Buyer personas – These are also referred to as an ideal customer avatar. The more specific you can be about the age, sex, socioeconomic status, location, etc… about your buyers the better. It makes your messaging much easier because you only need to write to one or two or a handful of people that want to hear exactly what you have to say.
4. Initiatives and strategies – Consider things like:
   1. The type of content you will create (i.e. videos on YouTube, social media updates, website content, etc…)
   2. If you will use paid campaigns or strive solely for organic reach
   3. Will your primary method of selling be a website/brick and mortar store/eCommerce shop/hybrid of website and brick and mortar
5. Define omissions – This might seem out of place for “contents of a marketing plan” because it’s literally the things you won’t be focusing on. However, by dictating what your company will not be paying attention to, you can keep your eye on the prize as the old saying goes
6. Marketing budget – How much can you afford to spend on your marketing efforts? Knowing how much you have to spend can help you focus your efforts on marketing strategies that will yield the most bang for your buck
   1. Will this budget change by month, quarter, year?
   2. Should the focus be on free campaigns and organic traffic?

7. Competition – You need to know a lot about your competitors including things like:
   1. What they are spending
   2. Their fees for products and services
   3. The messaging they are using
8. Contributors and their responsibilities – Who on your team will be responsible for what? When everyone knows what is expected of them, it’s easier to track what is working and ensure there is no overlapping or repeating of tasks.

Elements Of A Marketing Strategy

A marketing strategy will address the following:

• What are you selling and why do they buy it?
  • Who is your customer?
  • What is your unique selling proposition?
  • How much are you charging?
• Background and marketing analysis
  • What is the market size and segments?
  • Who are your competitors?
• What is your company’s message and how will you spread it?
  • i.e. blogging, YouTube, and social media?
• What are the long and short term goals?

Partnering with SiteLock is the perfect solution for expanding and growing your business. We not only can help you scale your business with additional product offerings, we work with you in developing both your marketing plan and strategy that converts. Click here to learn more about our channel partner programs.

According to Experian, Social Security numbers can sell for roughly $1 each, a single credit card number for up to $110, and a U.S. passport for up to $2,000. But that’s only the beginning. If you or a third-party organization store multiple data points in one place, you may fall victim to a cyberattack that reaps your hacker even greater profits.

In short? The selling of sensitive information can result in significant monetary gains for cybercriminals, and significant complications for you, your business, or anyone else affected by the incident. Doing your best to keep your data secure and protected is essential.

Of course, accidents happen. When a cybercriminal does get access to your data, it’s typically by way of something called a data breach. But exactly what is a data breach, what does a data breach mean, and what is considered a data breach versus a different type of cybersecurity incident?

Read on to learn more about the ins and outs of data breaches, and an answer to the question: “What is a data breach?”

What Is A Data Breach?

So you are wondering, “What is a data breach?” The truth is, you may already have experienced one.

A data breach is an incident in which confidential, protected, or otherwise sensitive information is exposed or accessed without authorization. It can include personal information or business data, and it doesn’t always happen as the result of a targeted cyberattack.

In reality, data breaches occur accidentally all the time, when people unknowingly expose their information online. Regardless of how information is released, it’s likely to find its way into the hands of cybercriminals—resulting in profits at your (or your business’s) expense.

Data breaches may occur as a result of weak login credentials or password security, malware or ransomware attacks, phishing or other social engineering attacks, and any other types of cyberattacks or security vulnerabilities. They may even occur due to lost, misplaced, or stolen hardware such as phones, computers, or hard drives. Once information is in the hands of someone it doesn’t belong to, it’s officially been breached.

Now that you know the answer to “what is a data breach?” and what one entails, you may be wondering about all the potential ramifications. What does a data breach mean in general, what does a data breach mean for you, and what does a data breach mean for a business? Let’s take a closer look.

What Does A Data Breach Mean?

Depending on the specific information at stake and the cybercriminal at play, some data breaches may be more severe than others. Generally, a data breach means your personal or business information has been compromised, and until the threat is handled, you remain at an increased risk of further attacks.

Even just one piece of leaked data—whether that’s an account login, credit card number, or anything else—can cause a snowball effect, giving cybercriminals a key to unlocking more of your data and furthering their agenda, whatever that may be.

So, what does a data breach mean—and what is a data breach’s results? During a data breach, a cybercriminal might do any of the following:

• Withdraws money from your banking or investment accounts (i.e. steals your money)
• Use your benefits
• Use your credit card(s) and its rewards (such as airline miles)
• Open a new credit card under your name
• File a tax return in your name (and steal the tax refund)
• Receive medical treatment through your health insurance
• Apply for government benefits
• Open utility or telecommunication accounts
• Sell your data on the dark web

Just as data breaches can take many different forms, the results of a data breach—along with the severity and future complications—vary case by case. But exactly what is considered a data breach—and how can you tell if you or someone you know has experienced one?

What is considered a data breach?

As mentioned above, a data breach is any incident in which information is accessed without authorization. This can be personal information such as a Social Security number, credit card number, or passport—or business data including anything from corporate bank account information to business credit card numbers and private customer information.

Whether the information is attained through a one-time hack, a large-scale cybersecurity attack, or simply left exposed by a careless individual, the moment it’s accessed by someone it doesn’t belong to, the data breach has occurred. That’s what is considered a data breach, and what threat bad actors do from there—exploiting it, selling it, or further sharing it across the internet—are simply its ramifications.

While unauthorized access to sensitive information is what constitutes and what is considered a data breach, it is by no means the end of the victim’s journey. Once a breach has been discovered, the necessary measures to retrieve or replace what has been stolen, update all associated credentials, and re-secure the sensitive information must be taken immediately—and can span days, months, or even years beyond the initial breach.

Data breaches can result in a range of complications—lost funds, damaged reputations, travel inconveniences, and time-consuming and costly repairs. Unfortunately, data breaches and other similar cybersecurity incidents and attacks are only becoming more common. As more of our lives (and by extension, more of our valuable information) migrate online, opportunities for cybercriminals to profit off of our vulnerabilities proliferate—and data breach attempts become increasingly attractive. To better protect your personal and business information against data breaches, learn more about SiteLock’s security products today.

Website performance and availability are important operational elements. Slow websites can impact search rankings and conversion rates while having it go down may result in serious financial or reputational damage.

What is Website Monitoring?

Website monitoring is the constant examination of its status and capabilities to ensure optimal function. In addition, the information gained from website monitoring could possibly be used to observe trends, contributing to future planning.

Because of the complexity of websites, the tools you put in place to carry out monitoring can vary greatly. For instance, to ensure availability you could make use of an uptime tracker such as Freshping or Uptime Robot.

Top Reasons for Website Monitoring

There are many reasons why you want to make sure that you’re monitoring your website. At the most basic level, it can help ensure your website is always available and running smoothly. Let’s examine some of the top reasons in greater detail.

1. Prevent Loss of Revenue

Websites can have a global reach which means that anyone around the world might be trying to reach your website at any time. Visitors who can’t reach your site typically don’t sit around waiting – they’ll simply go elsewhere.

Each visitor that comes to your site is a potential customer. Whether you’re selling a product, service, or monetizing through ads, you need those customers to generate revenue. If you don’t fix a website that’s out of service quickly it’s simply money lost.

2. Cybersecurity Protection

The digital space has become an increasingly dangerous place. No longer are cybercriminals only going after large corporate sites, but all websites have become fair game. The tools at their disposal have also become increasingly complex, making website security a challenging task.

From malicious scripts to vulnerability exploits, multiple potential threats exist. To defend against them, website owners need to ensure all areas of the website are constantly updated with the latest security patches and that adequate defenses are put in place.

3. Performance Improvement

Knowing how your website performs is the only way you will know what areas to improve performance in. This information can come from ad-hoc tests, but the most reliable information is gathered by monitoring tools over time.

Aside from being a factor in search rankings, website performance is also a contributor to user experience. Netizens today are increasingly impatient and will abandon websites that are too slow to load.

What Website Elements to Monitor

Earlier, we mentioned website ecosystems as being complex. This complexity results in needing to monitor various elements – which may influence the choice of tools you use to keep an eye on things. Key areas to look towards include:

Uptime

Monitoring uptime is generally done by using a service that sends requests to your web server at regular intervals. The moment the server doesn’t reply, the monitoring service can send a notification to the site administration.

Speed

Many uptime monitoring tools include a server response speed indicator. When the tool sends a request to your web server, it conveniently measures the time taken for a response as well. The metric can be used to gauge the quality of your web hosting server over time.

Security

Perhaps the most complex area of website monitoring is where security is concerned. Aside from threat monitoring, you also have to keep an eye on various elements like the updates for individual components such as WordPress and all the plugins chosen by you.

Recommended Tools for Website Monitoring

Caption: Tools like Pingdom can offer free, basic website monitoring features (Img source: Pingdom)

There are so many website monitoring tools available that it can be difficult to choose the right ones. Price also varies greatly, with some tools being free to use while others may come with recurring subscription fees.

To give a better idea of what’s available, here are some tools you can consider using:

SiteLock SMART

One first consideration for website monitoring is naturally for security. SiteLock SMART will not just automate scanning for malware but also remove it for you. Having a tool like this for your site will ensure that any embedded malware won’t cause harm to your site or its visitors. Other similar tools you may consider are Sucuri, SiteGuard, and Astra Security.

Freshping

Freshping is just one of many common utilities you can find to monitor website uptime and server response quality. It works by sending common HTML requests and simply waiting for a website to respond. It’s free and can be used to monitor up to 50 websites.

Ahrefs

Monitoring website ranking is something that many owners tend to overlook. It involves a comparison of your site content with everything else online to see where you stand. Used correctly, Ahrefs can contribute significantly to improving your site ranking.

Pingdom

While Pingdom is in some ways similar to Freshping, it’s a much more complete service. Aside from server response and status, Pingdom can monitor and report more detailed information. For example, various aspects of visitor sessions such as device type and location. It’s even able to monitor transaction metrics.

New Relic

New Relic isn’t something that all website owners will be interested in but offers powerful features. It serves as a monitor for your entire website software stack to ensure that every single element is functioning optimally. The level of detail is simply incredible.

SolarWinds

While Pingdom is part of SolarWinds, the company as a whole offers a more comprehensive technical monitoring solution which may be necessary for some websites. It’s able to keep an eye on many things that normally wouldn’t be considered, such as database and network configuration. For web application-based websites, it offers a strong depth of information.

Monitoring Best Practices

It’s good to know how websites are performing from a technical perspective but it is even more important to understand the wider business impact of site failures and other performance issues. Although monitoring is tweaked to suit individual preferences, there are some generalities to observe.

The first and most important best practice is to keep in mind that your websites and services must not be put at risk in any way. Your key objectives are to maintain good performance and availability while ensuring high levels of security.

As a rule of thumb;

• Close off security loopholes or exploit gaps
• Identify and resolve slow performance
• Reduce load times and increase customer satisfaction
• Reduce storage space requirements
• Regularly update all software to ensure compatibility
• Remove unnecessary components and code

Conclusion

Performance monitoring for websites isn’t a technical need. However, failing to implement basic measures can result in serious consequences to your website. These consequences range from simple unavailability to sustained drops in visitor volume over time. At the very least, have basic monitoring tools in place – even the free utilities provide invaluable support. Used correctly, monitoring tools can even contribute to long-term reduced expenditure simply by allowing website owners to nip potential problems in the bud in a more timely manner.

What is a Pricing Strategy?

Just like it sounds, a pricing strategy is an approach for how you will price your SaaS product. In other words, it’s your chosen policy for how much your customer will be charged to receive your product. The best plan of action in terms of pricing is to determine how much your customer is willing to pay, while also ensuring your business will turn a profit.

Many, if not most SaaS companies opt for a subscription pricing model that yields a constant stream of revenue for the business. It’s important to remember that when it comes to pricing strategies, you must keep in mind the value your product is offering, and find that perfect sweet spot that will yield a healthy profit margin while keeping your customer happy. After all, if they feel you are overcharging, they are likely to seek out a competitor.

Different Pricing Strategies Explained

Now that you have a brief overview of the goals for a good pricing strategy, let’s explore different pricing strategies to help you determine the best one for your SaaS business.

1. Penetration Pricing

The goal of penetration pricing is to enter the market with a low price in an effort to get the attention of customers, and convince them to leave the higher priced competition. The problem with pricing strategies like this however, is that over the long term they are not sustainable. Eventually, the business will have little to no choice but to raise their prices if they hope to be profitable.

2. Skimming Pricing

In stark contrast with penetration pricing, this strategy centers on entering the market at a high price, and then later tapers the pricing down as the product becomes less popular. This strategy is quite common with theme parks. When they are at the highest of their popularity, the price goes up, and suddenly, as crowds thin out, ticket prices go down to bring customers back.

While it’s a great way to hit the ground running in terms of profitability, pricing strategies like this work best when there is little to no competition. To make up for the high price, additional offers may be necessary if you’re in a crowded SaaS space.

3. Premium Pricing

The idea behind premium pricing is to position the SaaS product as a high-end or luxury product. The psychology behind it is that if it’s priced higher, it must have better features, or higher quality customer service. Like high fashion goods that accomplish the same goal of clothing oneself, the goal in technology is to make the product seem like it has an elite status that justifies its cost.

4. Bundle Pricing

Bundle pricing strategies are great for companies that have multiple SaaS products to offer to their customers. By bundling the items together, they can charge less than they would for the single items, while still turning a profit. Insurance companies do this frequently by bundling things like car, house, and boat insurance together. Another example is an internet service provider bundling cable and phone service with their internet pricing.

5. Loss Leading

While pricing strategies like this are most popular in grocery and big box stores, they also make perfect sense in some SaaS businesses. The idea is you sell something at a loss in hopes that you attract a plethora of customers, and upsell them on your higher-priced products.

6. Competition-Based Pricing

Just like it sounds, this pricing strategy is centered on setting your prices based on what your competitors are doing. This is a widely used practice with gas stations. If station X down the street is charging $3.50 a gallon, station Y will likely follow suit with other stations nearby charging the same as well. That is until station Z gets wise and charges just a little lower, and more customers go there to save a little money. It’s important to be careful using pricing strategies like this because sometimes “remaining competitive” can cost you big profits if you’re too focused on undercutting the competition.

7. Cost-Plus Pricing

While it’s not necessarily a good pricing strategy for a SaaS company, this pricing method focuses on how much you want to profit on each “unit” sold. For example, if it cost you $10,000 to produce the software, and you anticipate selling to 1,000 people and want to earn a profit of $10,000 you would need to sell each offer at a minimum of $20 to double your money.

8. Value-Based Pricing

With value-based pricing, you price your software based on what customers will pay for it. This will require market research to determine customer interest, and the base price they expect to pay considering the value they will receive in exchange for their purchase.

9. Freemium Pricing

This is one of the most popular pricing strategies for SaaS. The way that it works is users can obtain the software for free, but they will have to pay extra for certain features. A great example of this is DropBox. You can get free cloud storage up to a certain amount. Then, to get more you have to pay for it.

10. Promotional Pricing

This is also referred to as high-low pricing, or discount pricing. Website hosting companies are notorious for using promotional pricing. They will sometimes slash their hosting by as much as 50% to get you to sign up, and you can enjoy that price for a limited time before the full price kicks in at the end of your promotion period.

11. Free Trial

Just like it sounds, a free trial pricing strategy allows users to try a paid product for free for a specified period. A common example of this is Netflix. You can get a 7-day, 14-day, or even a 30-day trial of the streaming service for free (depending on their current offerings), and then you start being billed at the conclusion of your free trial.

12. Psychological Pricing

This is the most tricky of all pricing strategies because it’s based on common human psychology – which is not always guaranteed to work. The most common is called the 9-digit effect which works under the assumption more customers are willing to pay for a product that ends in the number 9 than in a zero or any other number. For example, instead of $20/month, the fee will be $19.99/month.

Another way psychological pricing works is to put two or three products next to each other with wildly different prices. The goal is to get the customer to purchase the cheaper of the products, but because you have placed it next to the higher priced ones, they feel like they are getting a good deal. Other means of psychological pricing include “buy one get one,” changing the font size, increasing the list of features, and changing the color of your price compared with the rest of the text.

Understanding Pricing Models

In determining your pricing strategies, you also want to think about which pricing model will work best for you. The five most popular are:

1. Flat-Rate: One product, one price, all-inclusive of features and tools

2. Per Usage: Only pay for what you use – stock photo websites are a great example. You can purchase a single image, or several images, and only pay for the images you want

3. Tiered: You can pay for one product and the amount you’re charged is based on the features you want. If a product has 20 features, each price point will add more features with the highest price offering the most features to a user.

4. Per User/Per Active User: This pricing model involves charging a customer based on how many users are on an account.

5. Per-Feature: Similar to tiered pricing, this pricing model involves charging customers based on the number of features they want from your product. For example, if they want all the bells and whistles they will be charged the highest price. However, as they remove features from their account, their fee goes down.

Would you like help growing and scaling your business with the addition of new offerings? SiteLock partners with variety of businesses to provide them with a suite of products to sell to their customers. We even assist them in bundling our products and develop pricing strategies that converts. Become a partner today. Click here to learn more about our channel partners program.

• Updating or installing software. Performing certain housekeeping and maintenance tasks, like updating your software or installing new programs, may require you to learn how to turn off your web application firewall—at least temporarily. In order to do so safely, it’s recommended that you disconnect your device from the internet before shutting off the firewall. Depending on your firewall’s capabilities, it can be programmed to reactivate once the system is restarted, or a set amount of time has passed.
• The firewall inadvertently blocks legitimate traffic. The protection a web application firewall provides is often so strong that it can block valid requests sent to your web application. Instead of turning off the whole firewall, you can disable it for certain applications or modify its rules and permissions to facilitate the safe transfer of data.

When learning how to disable a web application firewall, remember, it is important to recognize the risks that are involved in shutting it off. Every moment your web application firewall is disabled presents an opportunity for a hacker to take advantage of the situation and inject malicious code into your website, compromising or stealing valuable data. Curious to learn more about the protection a web application firewall provides? We’ve got you covered.

1. My company is too small to be attacked by a cybercriminal.

If we had a nickel for every time we’ve heard this one… you know the rest. The sad reality is that size doesn’t matter to a cybercriminal. In fact, malicious actors are counting on the fact you think you’re too small to be breached. The best method for handling objections related to company size is data such as this – CNBC reported, “Forty-three percent of cyberattacks are aimed at small businesses, but only 14% are prepared to defend themselves.”

2. No hacker would care about my data.

With financial incentive being the top reason cybercriminals exploit vulnerabilities, the simplest method for handling objections like this is to explain that all data is valuable to someone. Malicious actors can sell everything from credit card numbers to street addresses to passport numbers. As Real Trends says, “No matter who you are, your personal information has value to criminals.”

3. I can’t afford cybersecurity support.

The best advice for handling objections is to share statistics like these from CSO Online: “$17,700 is lost every minute due to phishing attacks,” and “Data breaches cost enterprises an average of $3.92 million.” The simple truth is, most companies can’t afford not to purchase cybersecurity support.

4. I have a firewall, antivirus software, or some other technology.

While it may seem like this is enough security to some people, the best method for handling objections like this is to help your potential customer understand that there is more than one way to breach a business. Though CSO Online said, “94% of malware is delivered via email,” they also state, “60 percent of breaches involved vulnerabilities for which a patch was available but not applied.” These are two very different methods of breaching security.

Just because you have a firewall preventing some malicious traffic, doesn’t mean your website is protected from a hacker guessing your password. Similarly, a password-protected cloud storage system requiring multi-factor authentication to access it, won’t stop a malicious file from being uploaded and corrupting your network. Bottom line – relying on only one lock to your door won’t prevent a criminal from breaking in through a window.

5. My IT team is more than capable of handling our security.

Overcoming sales objections like this one can be tricky. However, a simple way to address this objection is to ask them if they are equipped with all of the tools they need to defend the business. After all, if you expect a hockey team to win the Stanley Cup, you need to provide all of the equipment to play. Only giving them pucks and forgetting the hockey sticks won’t do them any good. It’s the same for an IT team – they need all of the equipment to play the game if you want them to win.

Interested in partnering with a cybersecurity company that understands the market, and can help you with overcoming sales objections? Click here to learn about the SiteLock Channel Partners program.

Option 1: letmein

Option 2: password

Option 3: bL8%4TO&t9b%

As you probably guessed, the correct answer is Option 3. According to the results of one online password security test, that specific password would take a computer a whopping 46 million years to crack. Meanwhile, the first and second password options could be cracked in a matter of seconds. Yikes!

As the proprietary password manager NordPass notes on their website, weak passwords are the primary cause of data breaches in our digitally connected world. To defend your online identity, it’s essential to choose the most secure password possible—every single time.

But knowing the best from the rest isn’t always easy. That’s where a password security test comes into play.

What Is A Password Security Test?

Built to identify weak options, a password security test can help you optimize your password—and protect against potential threat actors. For example, it can call out passwords that are too short, contain repetitive characters, or are extremely common.

Create The Most Secure Password?

Wondering how to craft an uncrackable password? Here are three tips to ensure you have the most secure password possible:

• Aim for 16 to 20 characters. For utmost security, use a combination of 16 to 20 letters, numbers, and characters.
• Steer clear of repetition. Use unique combinations of letters and numbers rather than repeating the same predictable sequences.
• Avoid common passwords. According to a 2020 study from NordPass, the five most common passwords are 123456, 12345678, 123456789, picture1, and—you guessed it—password.

Together, these steps can keep you protected against potential breaches—preventing a range of devastating consequences, from financial loss to reputational damage. Still wondering how to craft the most secure password? Find more trusted tips in “How To Create A Secure Password: Do’s And Don’ts Of Password Security.”

What To Include in Your Cybersecurity Marketing Strategy

High Quality Content

There are a lot of other cybersecurity companies out there competing for your ideal customers’ attention. If you aren’t producing high quality content that is valuable, you’ve already lost to your competitors. What type of content should you be producing? It includes, but isn’t limited to:

• Blog posts
• Case Studies
• White papers
• eBooks
• Videos
• Webinars
• Infographics

These pieces of marketing cybersecurity content should educate your audience. The goal is to teach your audience something they need to know, and can actually use. Setting yourself up as the subject matter expert (SME) in your field will help your audience get to know you, and as they do they will be able to tell if they like you and trust you enough to make a purchase.

Helpful Email Marketing

It’s not enough to send a free consultation offer or even a coupon giving 10% off purchases these days. People are expecting it, and they are more likely to delete your email if it’s just a coupon or cold sales pitch. What they need is for you to send them the high quality content you’ve produced in an easy to digest message. Rather than just pitch a sale, can you give them an eBook that helps them solve a problem? What about an invitation to a webinar to learn more about the state of cybersecurity?

A solid cybersecurity marketing strategy is about convincing the person to stick around, and encouraging them to learn more. You have to give them things they want before you ever ask them for their credit card information. Think of it like dating. You don’t ask someone to marry you on the first date. You get to know them before making the proposal.

Know How To Bundle

Just like one-size-fits-all rarely works in the clothing industry, it’s also a horrible way of marketing cybersecurity. While you can offer some of your products to one customer, it might not make sense to offer those same products to another customer. Instead, get clear on what your individual audience members need, and make a customized bundle that is just right for them.

There’s a reason “pay as you go,” and “only pay for what you need” campaigns work so well. Your call to action in your content and emails doesn’t have to pitch your entire product line. In fact, you’ll make more sales if it doesn’t.

Mind Your Paid Advertising

When considering a cybersecurity marketing strategy you may be tempted to advertise to everyone. However, if you’re using paid advertising this is the fastest way to go broke. Just like the old adage states, if you try to sell to everyone, you will sell to no one. Not everyone is looking for cybersecurity. Therefore, buying ads for people who don’t want what you’re selling is a fool’s errand. Instead, get clear on your ideal customer, and only advertise to them.

Use data to help you find the right people to promote to. This is sound cybersecurity marketing advice whether you’re using paid ads or not. And, while we’re talking about data – use real facts and figures rather than fear tactics to draw your audience in. While the threats of cybersecurity are very real, positive messaging always goes further than negative ones.

Where To Go From Here

This post barely scratches the surface of what you should be thinking about for your cybersecurity marketing plans. The truth is two heads are better than one, and you don’t have to go about things alone. When SiteLock partners with a cybersecurity company, we work with you to create a game plan that will get you more sales with less effort. Click here to learn about the SiteLock Channel Partners program.

Buyer Personas Explained

Cybersecurity buyer personas is a fancy phrase for what is commonly referred to in marketing as an ideal customer avatar. Effectively, it is an ideal person or target you would like to sell to. The best way to create a buyer persona is to think of a single person you’re targeting. What are their biggest needs? What keeps them up at night? What is their age and occupation? The more details you can develop for your cybersecurity personas, the easier it will be to create content and sales pitches that speak directly to them. Doing so will result in more sales.

The Many Faces of Cybersecurity Buyer Personas

As you might expect, there are multiple buyer personas your marketing materials should speak to. Here are a few sample cybersecurity personas to get you started:

• Uninformed: These are the clients that should probably be thinking about cybersecurity, but don’t really know anything about how to get started. They understand cyber threats exist, but because they have no experience with being attacked or hacked, they are unsure of where to begin.
• Worrier: This person understands the very real threats related to cybersecurity, but they have done nothing to prevent a data breach or an attack. They are somewhat lost on what software to consider, and may have started shopping, but it’s not at the top of their to-do list.
• Skeptic: When it comes to buyer personas, these are perhaps the most difficult people to sell anything to. They are fully aware of the risks related to malware, hacking, and data breaches, but they don’t realize anyone can be a target. In other words, they think their business is too small to need cybersecurity products, and don’t believe anything you’re selling can help them.
• Vigilant: As you might expect, these are the buyers sales teams dream of. They know they need cybersecurity support, they’ve run the numbers and are just waiting for that perfect offer to come along.
• Battle-Scarred: These buyers have been attacked, but are still nervous about committing to cybersecurity products. They know having malware removal tools and firewalls is a good idea, but they’re nowhere near prepared if another attack were to occur.
• Expert: As the name suggests, these buyers have it covered. They have had personal experiences with cyberattacks and malware and have promised it won’t happen again. When it comes to cybersecurity protection, these buyers are all in.

Expanding Your Buyer Personas

The cybersecurity buyer personas examples above are just the beginning of what you should be considering when creating buyer personas for your company. Remember, the more clear you can get on who you are talking to, the easier it becomes to write the exact messages they want to hear.

Interested in working with SiteLock to flush out your buyer personas for your cybersecurity company? Consider joining our channel partners program. Click here to learn more.

This page will tell you everything you need to know about how to share a password securely, send a password securely, and all the do’s and don’ts you’ll want to keep in mind along the way.

Do’s and don’ts to send a password securely

Before we dive into how to share a password securely, let’s cross off the don’ts. While some of these strategies may seem convenient in the short term, they can lead to many long-term challenges—and leave sensitive information compromised.

The Don’ts:

• Send passwords by text message or email. Plain text messages can easily be intercepted, searched, and located in your phone database. From your saved text messages to your email inbox, sent folder, and even trash folder, these communication channels simply aren’t secure. More often than not, sending a password over them can backfire.

• Write passwords on a piece of paper. Not only are papers easy to lose or misplace—they’re also easy for others to find. Whether you leave your password sticky note in your desk drawer, stuck to your monitor, or clipped onto your wall, there’s nothing secure about something another person can walk away with.

• Share them over social media or messaging apps. Similar to text and email, any messaging or social media platform with private messaging poses a security threat. These messages aren’t protected, and leaving your accounts logged in on multiple devices across multiple browsers leaves doors open for bad actors to search your message histories and steal your passwords.

• Store passwords in digital notes apps. You may think your notes app is better than a physical sticky note, but the truth is that note-taking applications aren’t secure, either. Avoid saving your passwords on these non-secure apps if possible.

• Save them in spreadsheets. Spreadsheets might be convenient for organization and collaboration, but they’re also easy to access across multiple devices—and they’re not encrypted, either. The more you share a password spreadsheet with others, the greater the risk you incur.

The Do’s:

• Look for helpful tools. When it comes to learning how to send a password securely, there are many cybersecurity tools that can help. Reliable tools designed to facilitate safe password sharing offer the features below—and all of them can help you share a password securely.

• Use end-to-end encryption. The ideal way to share a password securely is to use a solution with automatic, end-to-end encryption. As you send your password securely, it remains encrypted the entire time—allowing nobody to view it in transit or on the cloud or server. Then, the recipient will decrypt the password with a private user key, keeping it secure the whole way through.

• Consider using a password manager. Beyond more basic cybersecurity tools that help you check your password strength or store your passwords securely; a full password manager solution can facilitate safe password sharing by enabling you to do the following:

• Set sharing permissions. As you send a password securely, you can also set permissions for viewing, editing, and resharing. At times, you may need to provide others with more than just viewing access—but keeping every user to the minimum capabilities possible is always smartest from a security standpoint.

• Track your sharing history. As you learn how to share a password securely, another useful strategy is to track your sharing history. Many password managers enable this by storing information on every password you’ve shared—edits, shares, dates of modification, and version histories. Secure history logs can’t be modified, so if anyone does make a change to your passwords, you’ll know immediately.

As you learn how to share a password securely and send a password securely, keep these do’s and don’ts in mind. Learning how to share a password securely is essential—but doing so will only be effective if your password is secure in the first place. Contact us today and speak with a security expert to learn more about passwords and other security measures as they relate to your website and digital assets.

The simple fact is security needs to be top of mind for every business – now more than ever. This makes it a prime time for anyone in cybersecurity sales to offer their services. That said, in this guide for selling cybersecurity to SMBs, we’re sharing what you need to know to help your current and prospective customers protect their websites from malicious and suspicious activity, remove malware, patch vulnerabilities in their CMS, and more.

Understand Your Customer

The first and most important step of selling security, specifically selling cybersecurity is understanding your customer. What are the jobs they need done? In the video, “The ‘Job’ of a McDonald’s Milkshake,” Harvard Business School professor Clay Christensen explains that people don’t hire (buy) a milkshake because of the taste or the price. They buy a milkshake because the job they need done is to satisfy hunger and boredom on their commute to work.

When you consider the fact that your customers aren’t buying your security products based on price or features alone, and instead focus on the job they need done, it becomes much easier to understand the needs of your customer. As a result, selling cybersecurity becomes much easier. For example, some of the jobs small to medium businesses need done are:

• Protecting their website from malware
• Preventing malicious traffic to their website
• Scanning for and patching vulnerabilities in their CMS
• Protection from DDoS

The goal is to get them to hire your company to assist them in getting these jobs done. With this understanding, the next step is determining who exactly to pitch your offerings to.

Who Are The Decision Makers In The Business?

Odds are, when selling cybersecurity, you won’t be working with the CEO or the top executive of the company directly. Rather, you will be working with the IT personnel and security officers, the risk managers, or even the chief information officer. You’ll need their contact information, and a plan of action for pitching your offerings.

Provide Education On Cybersecurity

It’s not enough to merely think about selling cybersecurity – you must be clear about selling it to your specific audience. For example, you likely know they need malware removal tools on their website, but what else do they need? In truth, your prospective clients and customers might not even be aware of what products and services will best serve them. That’s where education comes in.

A smart way to get someone to know, like, and trust you, and ultimately buy from you, is to offer them value. Teaching them about the threats they face can go a long way in making sales. This education begins before you ever approach a prospect. If you’re selling cybersecurity, your website should feature marketing collateral such as:

• Whitepapers and case studies of real threats
• Blog posts explaining the various facets of security i.e.:
  • No website is too small
  • Anyone can be a target
  • A firewall and antivirus software isn’t enough to fully protect you
  • The types of threats in existence, and how to combat against them
• Educational videos

Then, once you begin reaching out to leads, you can use these materials to back up your claims, and further educate your potential customers.

Implement A Cybersecurity Product Portfolio

Having a top-notch cybersecurity product portfolio makes the task of selling cybersecurity much easier on you. If you don’t currently have enough products in your portfolio, but want to give your customers additional ways to protect themselves and their online assets, you may want to consider working with channel partners. This is a quick way to add products to your arsenal and give you more opportunities for revenue in your business.

When selling security to SMBs, your product arsenal can include, but isn’t necessarily limited to:

• Malware scanning and removal tools
• Web application firewalls
• Website security
• Virtual private networks
• Website backups

Note: You don’t have to sell every product to every customer. However, having options allows you to customize solutions that are unique to each client. This can be beneficial when you hear objections such as, “we already have that.”

Develop A Marketing Strategy

You know who you’re targeting for sales. You know what you’re selling. Your website is filled with amazing educational resources about cybersecurity, and you’ve acquired and/or created an impressive product portfolio. Now, it’s time to start developing a marketing strategy for selling security and get to making money already!

It’s important to remember however, the key is not to make more money. The main goal should be to deliver value. Yes, this will result in revenue for your company, but what matters more to your customer is that you are meeting their needs and solving their problems.

While cold calls and cold emails can work for some people, it’s better to start with building relationships. The best marketing strategy therefore, is to begin by sharing helpful information. You’re not asking for the sale just yet, instead focus on educating. There are a number of ways you can begin marketing.

• Start sharing your educational blog posts, whitepapers, and case studies to Facebook, LinkedIn, Twitter, and Instagram using relevant hashtags where appropriate
  • Join relevant Facebook and LinkedIn groups to engage and network with the types of decision makers you would like to eventually pitch
  • Consider paid ads on social media with the intent being to drive visitors back to your website to give you their contact information – at a bare minimum you should be trying to get their email address
• Offer free trainings on cybersecurity to SMBs – online and in-person
• Ask for referrals from past customers
• Write guest posts on websites, and get featured as a guest on podcasts, and in traditional media whenever possible

Be The Go-To SME For SMBs

Want to know how to sell cybersecurity effortlessly? Work on making your company the subject matter expert (SME) in all things security. Learn everything possible about protecting websites and data. This will make it that much easier to train staff, make sales, and create new opportunities for your company.

Measure And Deliver Results

Once you finally start selling cybersecurity, begin tracking how things are going, and document it for future marketing materials. For example, if you successfully remove malware from a website, ask your client for a testimonial, and if you can feature them in a case study.

It’s also a good idea to create reports of threats that were thwarted with products you have sold, and use that to convince current customers to keep coming back. Being able to prove you are delivering on your promises helps customers justify their purchase of your products, and can be the difference between recurring revenue, and customer churn. We hope this guide for selling security to SMBs has encouraged you to start thinking about your own product offerings, and what you can do to increase revenues in your own cybersecurity company. Want help selling cybersecurity to your current and prospective customers? Consider partnering with SiteLock. We’ll help you understand the best methods for how to sell cybersecurity, and improve your bottom line. Click here to learn about our channel partner program

While working to create a secure password, remember one of the most basic password security tips: anything that’s password-protected is worth safeguarding. A strong password may be the only barrier between you and a cybersecurity threat, so make sure you’re setting yourself up for success.

Here are some basic steps to create a secure password, more password security tips, and some do’s and don’ts to keep in mind along the way:

How To Create A Secure Password

When you create a secure password, it can be intimidating—especially when it seems like the only viable option is an impossible-to-memorize string of letters and numbers. But there is a happy medium between randomly generated passwords and the more predictable one you’re likely using now.

In fact, when you create a secure password you should start by creating more than one. Many of us reuse the same password, but that’s a dangerous habit. Once a cyberattacker cracks the code, they don’t just have access to one of your accounts—they have keys to the whole kingdom. You’ll want to diversify your passwords across websites. Follow the password security tips below to make sure they’re all up to par.

Now that you’re up to speed on our password security tips, you’re ready to create a secure password. To take your website security a step further, learn more about SiteLock’s security products.

Secure Cloud Hosting – What To Look For

At a minimum, when shopping for secure cloud storage for business, you should be looking at:

• How much support the cloud service provider (CSP) can/will provide
• Levels of encryption
• Speed (both in terms of accessibility and in upload/download times)
• Their experience working with companies like yours
• The cost for the services and support offered
  • Note: cheaper is not always better, but more expensive doesn’t necessarily mean more secure either

Types Of Secure Cloud Hosting Environments

There are three basic environment types of secure cloud hosting:

1. Private: in-house
2. Public: built and managed via a third-party, and
3. Hybrid: a combination of public and private

The type of secure cloud storage for business you choose will depend largely on time and resources and the availability of space and personnel to build and maintain storage servers. Because of these factors, many companies choose to partner with third parties to help them with their secure cloud hosting solutions.

Common business models that provide secure cloud hosting include, but aren’t limited to, software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). Learn more about these business models, and environment types in our post “What is Cloud Security?”

Additional Ways For Keeping Cloud Data Secure

How to secure data is not just about the CSP you’re using, but also how you use it. For example, if you have a single login for everyone on your team to use, that’s not very secure. But, if all of your team members have their own credentials, and each person is given only the access they need to specific files, it’s significantly more secure. When using secure cloud hosting it’s a good idea to:

• Require strong passwords and multi-factor authentication
• Only give the users that need access the clearance to view the data most relevant to them
• Utilize a web application firewall (WAF) when accessing your secure cloud hosting to block malicious traffic
• Encrypt data before you load it
• Backup data off-site regularly
• Use website scanning tools

It’s often said that the best defense is a good offense. And, when you have security top of mind, you’re miles ahead of companies who don’t proactively take steps to secure their data.

Would you like to help your users answer the question of how to secure data, as well as give them solutions to their other security needs while scaling your revenue with ease? Learn more about a partnership with SiteLock today.

Sectigo has a long history of delivering innovation to the world’s largest brands with products and services including TLS / SSL certificates, DevOps, IoT, and enterprise-grade PKI management, as well as multi-layered web security. As a combined entity with Sectigo, we are poised to build on our success and accelerate our mission to deliver best-in-class security solutions that protect every website and create a world where we, our communities and our customers can flourish.

What does this mean for existing SiteLock customers and partners?

First, it’s important to note that you will continue to receive the exceptional customer/partner-first service you have come to expect from us. Combining our strengths with Sectigo’s will give you enhanced support and access to additional solutions. No immediate changes are being made to our products, pricing, or web properties while we work to combine the best-of-breed technologies of the two organizations and deliver a unified solution. Under the new ownership, SiteLock will continue to operate as an independent entity under its existing brand and will now be known as SiteLock, A Sectigo Company.

Since 2008, we have helped our partners and customers defend their websites, data, and networks from disruption; we are proud of what we have accomplished, and the journey doesn’t stop here. More and more websites are coming under attack, and cybercriminals are becoming more sophisticated and finding new ways to exploit vulnerabilities. By combining the strengths of SiteLock and Sectigo products, we provide an unmatched, automated website security solution backed by two of the world’s largest brands and an expanded team of industry experts to combat these rising threats. This is an essential next step in our history, and I am excited about the bright future we have as part of Sectigo.

If you have any questions or want to learn more about us.

How Secure Is Your Password If It’s Short?

When choosing or creating a password to your online accounts, it’s best to assign a password that’s difficult for a hacker to guess. When asking yourself “Is my password secure enough?” take the password’s length into consideration. Is your password secure if it consists of the website’s character minimum? Maybe, but not as secure as it could be. A long password is harder for a bad actor to guess than a shorter one. When assessing the question, “Is my password secure?” consider using a password that’s at least 12 characters long. As many as 16 to 20 characters is ideal.

How Secure Is Your Password If It Includes Personal Information?

Is your password secure if it references names or dates? People often insert birthdates, names of pets, and other personal signifiers to create a password that’s easy to remember. Unfortunately, these details can be easily gleaned from social media or other sources by bad actors looking to gain access to your accounts. In fact, you’re better off avoiding dictionary words, or combinations of dictionary words entirely. Your best bet is to construct a password from a lengthy combination of letters, numbers, and characters. If the application is case-sensitive, alternating between uppercase and lowercase letters can also bolster your password’s security. If you’re worried about not being able to remember a lengthy string of seemingly random characters, try using a password manager to safely create, store, and fill in your passwords. That way, you’ll ideally only have to remember one password, the one you use to access your password manager.

How Secure Is Your Password If It’s Common?

Is your password secure? If it’s on this list of most commonly used passwords, then the answer is no—you’re practically inviting bad actors into your accounts. According to the National Institute of Standards and Technology, these are among the most commonly used passwords, and thus, the easiest for a malicious actor to crack:

• “123456”
• “password”
• “12345678”
• “qwerty”
• “111111”
• “123123”
• “abc123”
• “letmein”

Did you notice a pattern between all of these commonly used passwords? While they’re all easy to remember, they also require almost no effort to create. Taking the time and consideration to create a password that’s difficult to guess goes a long way towards safeguarding your data, personal information, and even your finances.

It’s also worth noting that hackers or bots won’t be fooled if you employ a variation of these common passwords, like using “passw0rd” instead of “password.” Substituting “0” for the letter “o,” “3” for the letter “e,” and so on won’t prevent hackers from cracking your password.

How Secure Is Your Password If You Reuse the Same One?

It’s not if you reuse the same password for multiple websites. It’s bad enough if a hacker gains unauthorized access to one of your accounts, but by reusing the same password, you’re making it easier for them to access every account using that same login. So, is your password secure? The answer is likely no. Using a unique password for each site limits the damage should you fall victim to a security breach and saves you the time and stress involved in scrambling to change all of your passwords at a moment’s notice.

How Secure Is Your Password If You Follow This Advice?

So, how secure is your password? Nothing is completely foolproof, but if you’re following these tips, you’re well-positioned to either avoid getting hacked, or experience limited fallout in the event that you are. Next time you wonder “Is my password secure?,” you’ll feel better about the answer.

Curious to learn more about staying safe online? Visit our site for more information, or get in touch with us today!

The questions for most people looking into these types of storage solutions are:

• How secure is the cloud?
• What cloud security threats should I be aware of?
• And, is there a way to prevent cloud security issues/cloud security challenges?

We’re addressing what you need to know below:

What Are the Common Cloud Security Threats?

The most common cloud security issues are: data loss, unauthorized access/breaches, and data leaks. Some of the preferred methods of reducing the risk of cloud security challenges include: limiting user access, implementing stronger passwords and multi-factor authentication, and encrypting data before you ever load it to your cloud service provider (CSP). This isn’t enough to keep your data completely secure, but it’s a good start.

The Robust Security of a CSP

How secure is the cloud service provider you’re using? This likely won’t surprise you, but not all CSPs are alike. Some have stronger security measures in place than others. It’s for that reason some institutions opt for building their own private cloud storage solutions, or at the minimum using a hybrid solution to at least control most of the security themselves. If you are using a third-party CSP, you need to understand their level of encryption, if they will help you meet security compliance standards relevant to your industry, your level of security responsibility, how they will support your unique needs, etc…

Prevent General and Atypical Cloud Security Issues

The best answer to the question “how secure is the cloud?,” is that it’s only as secure as the measures you put in place to prevent data loss and unauthorized entry to your CSP. When you approach your cloud security threats from a proactive rather than a reactive frame of mind, you’re more likely to make better decisions. Thinking about the prevalent risks now, before there is a problem, makes it easier to prevent something from happening in the first place.

This requires taking actions such as:

• Thoroughly vetting your CSP
• Reducing the number of people who can access your storage files and limiting user controls so that only those who need access to specific data can gain entry
• Defining and enforcing stringent security protocols with personnel
• Using web application firewalls to block malicious traffic
• Backing up data off-site to avoid total loss in the event of a breach
• Penetration testing to ensure nefarious outsiders can’t get in

Help Your Users Address Questions Like “How Secure is the Cloud?”

If you’re looking for a means of helping your users with cloud security threats, SiteLock can help. We’re in the business of rooting out cloud security challenges and presenting solutions that can assist in keeping data safe. Learn more about partnering with SiteLock today.

Find a Provider You Can Trust

When it comes to cloud based cyber security, you really can’t be too careful when selecting your cloud service provider (CSP). Look at things like security measures offered, standards compliance capabilities, service level, and manageability. Also ask questions such as how much time will you have to spend, and if you will share responsibility for the implementation of your cloud based cyber security? Whoever you choose as your CSP, make sure to read your contracts thoroughly so you have a thorough understanding of expectations and deliverability.

Train Personnel in Security Protocols

The key reason for including this step in our cloud security best practices is that the safety of your cloud storage begins with the people who will be using it. For example, if you require your users to log out at the end of every work day, leaving the system logged in could result in unauthorized users gaining access to something they are not supposed to see.

Don’t Give Everyone Access

You likely know that not everyone needs administrative access. However, you also don’t need to give everyone access to all system files. Compartmentalizing could be a simple way of reducing risks in your cloud based cyber security.

Encrypt Files Prior to Upload

As an added measure of protection in your cloud based cyber security, you could encrypt files before loading them to your CSP. This way, if somehow data is intercepted, it will be that much harder for the interceptor to read it.

Use Strong Passwords

This isn’t just sound advice for cloud security best practices, it’s a good idea to use stronger passwords for accounts on all systems and applications.

We’ve barely scratched the surface in terms of methods you can use to enhance your cloud based cyber security. Hopefully it has inspired you to look at your own protocols and determine your own best practices for keeping your data safe.

Interested in partnering with SiteLock to help your users keep their data safe? Click here to learn about our Channel Partners program, and how we can help you scale your business and boost revenues.

Defining Cloud Security

Cloud security or cloud cybersecurity is defined as the method or practice of protecting data that is stored online via cloud applications from being stolen, leaked, or deleted. Where the word cybersecurity encompasses the protection of all domains of information technology, cloud security focuses strictly on cloud computing environments.

Now that you have a better understanding of what cloud security/cloud cybersecurity is, let’s take a brief look at the different types of cloud computing environments. They typically fall into one of three categories: private, public, and hybrid.

Private Cloud

Private clouds are usually owned and maintained by a private organization such as a single business. In some cases, their cloud will be physically located in an on-site datacenter. However, in others they will pay a third-party to host and manage it. The responsibility of cloud cybersecurity falls on the third-party host in this case. These cloud types are also on a private network.

Public Cloud

Public cloud environments are owned and maintained by a third-party often referred to as a cloud service provider. Customers pay to have these providers store their data over the internet. In return the providers maintain servers and storage facilities, and are responsible for the cloud cybersecurity. Public cloud service providers can be classified as Software as a service (SaaS), Platform as a service (PaaS), or Infrastructure as a service (IaaS).

• SaaS – Considered the most common type of cloud service provider, SaaS providers manage and host required infrastructure and software applications. The end user doesn’t have to download or install any applications or programs to use it as the SaaS uses the internet to deliver them.
• PaaS – The cloud service provider supplies the runtime, servers, storage, networking, operating system, and infrastructure.
• IaaS – Also referred to as self-service, in this model the user manages applications, data, operating systems, etc…, and the cloud service provider manages servers, storage, networking, and more.

Hybrid Cloud

Just like it sounds, this is a hybrid or a combination of private and public cloud types. With hybrid cloud providers, data and applications can be shared between an on-site datacenter (private), and a public cloud service provider. What is cloud security like in a hybrid cloud? The responsibility is shared between the partners used and the organizations storing data. Some of the reasons an individual or organization might choose a hybrid cloud is to increase computing and processing capabilities, and/or to save time or money costs related to installation and maintenance of servers.

Why Is Cloud Security Important?

At first blush, you might think the reason cloud cybersecurity is important is simply to protect data from being deleted or stolen, but it’s a little more complicated than that. The truth is it’s not just data that is at risk. It’s also time, reputation, and money at risk. Everything stored in the cloud needs to be protected from being intercepted by, tampered with, or leaked by malicious individuals. Cybercriminals that breach a cloud environment could access software and applications you wouldn’t want to see incur a disruption of service as well.

Securing the Cloud is Different from Traditional Security Measures

Another way to answer the question: what is cloud security?, is to understand that it’s essentially about controlling access. You can secure a building by adding extra locks and alarms to prevent and signal intrusions. Securing something over the internet becomes much more difficult. Not only do the measures you use need to be compatible across more than one environment, but they must also protect data both while in transit and at rest. The focus becomes data-centric, rather than merely preventing someone from getting in. Cloud security requires thinking about things like:

• Encrypting data
• Backup and recovery solutions in the event of data loss
• Stronger passwords
• Multi-factor authentication
• Utilizing malware scanner and removal tools

Cyber Defense Magazine reported, “The cost of an average security breach for a company is a cool $3.8 million.” As technology evolves, cybercriminals are only getting more savvy. Failure to protect your assets in the cloud could be costly, but you can avoid most if not all cyber threats before they even become an issue.

Interested in partnering with SiteLock to enhance your cybersecurity and website security offerings for your users? Learn more about our channel partnerships here.

The good news is that they can be avoided. Learning about the most common methods used in social engineering is the best way to start. If that sounds overwhelming, don’t worry—we’re here to help you get up to speed. Here are four of the most common forms of social engineering used by hackers:

1. Phishing. According to the FBI, phishing was the most common type of cybercrime in 2020. We’ve all been there before—checking our emails only to spot an “urgent” message that includes a suspicious link. With a single click, you could fall victim to one of the most common methods used in social engineering.

2. Vishing. “Your credit card has been compromised. Please provide [insert sensitive information here] to fix the issue.” Ever received a phone call like this? Vishing is one of the most common forms of social engineering used by hackers. Odds are, a scammer was on the other end of the line.

3. Baiting. Another one of the most common forms of social engineering used by hackers, baiting preys on human greed and curiosity. During a digital baiting attack, a cybercriminal might prompt you to provide login credentials with the promise of a free reward. In person, you might stumble upon a flashdrive labeled “confidential”—then take the bait, insert the infected device into your computer, and pay the consequences.

4. Scareware. Fear is a powerful motivator. One of the most common methods used in social engineering, a scareware attack might look something like this: A popup appears on your screen, notifying you that there is malware on your computer and providing a link to download “antivirus” software. In a panic, you click the link—and fall right into the hacker’s trap.

Want to take a deeper dive into social engineering? For a more comprehensive overview, read our post on “What Is Social Engineering?” from the SiteLock blog. You can also check out another great post, “Social Engineering Attacks: Different Types And How To Prevent Them” to learn more about the most common forms of social engineering used by hackers—and steps you can take to counteract them.

What The Patchman Extension Means For You

Plesk enables HSPs to manage customers and servers via its easy-to-navigate control panel and vast library of extensions, adding robust functionality to the Plesk user experience. With the new Patchman Extension, licenses for Patchman’s products, like COVERAGE + CLEAN, can be purchased through Plesk, bypassing the need to purchase products and provision servers directly through Patchman or set up a separate billing arrangement at Patchman.co. Patchman Extension customers can take advantage of exclusive prices and features only available through Plesk. This partnership places Patchman’s premium functionality at a price point within reach of smaller users for the first time as the direct billing model through Patchman’s site is scaled for large operations.

Patchman COVERAGE + CLEAN is the preferred solution for web hosts looking to automate proactive website and server security through preventative patching and comprehensive malware remediation. Patchman COVERAGE + CLEAN offers patching for commonly used content management systems (CMS’s), such as WordPress, Joomla, and Drupal, among others. It also automatically patches popular plugins, which is an extremely valuable feature as many site owners fail to update their CMS on their own.

Key features of Patchman COVERAGE + CLEAN include:

• Plugin patching of popular plugins including Jetpack (version 2.7 and later), Google Sitemap Generator (version 4.0.8 and later), and Contact Form 7 (version 3.6 and later), among other applications and plugins.
• Vulnerability patching of common CMS applications, including WordPress, Joomla and Drupal, and e-commerce applications, such as Magento (version 1.9.2.0 and later), WooCommerce (2.1.0 and later), and Prestashop (version 1.6.0.1 and later)
• Dynamic malware scanning and removal designed to address polymorphic and injected malware without compromising functionality
• Customizable email notifications alerting and educating customers on detected vulnerabilities, resolution steps, and best practices for preventing further attacks
• Malware detection and removal designed to keep sites on your servers safe from threats

Curious to learn more about how the Patchman Extension can help secure your server? For more Patchman details click here, or give us a call at 833-715-1304.

What does a web application firewall do? It protects you against potential security hazards. Unlike a classic firewall working at the network level, a WAF protects you at the application level.

Cybersecurity threats WAFs protect against include:

• Malicious bots. A WAF maintains an ever-growing list of bad bots that, once flagged, can no longer compromise a site’s data.
• Damaging uploads. A WAF may provide tools to blacklist known bad actors—or block connections based on suspicious upload or modification patterns.
• Distributed denial of service. Sometimes hackers dispatch an army of bots to paralyze your app. WAFs can combat this.

More on what does a web application firewall do:

WAFs also protect your technology against unwanted SQL injections, cross-site scripting, and the Open Web Application Security Project (OWASP) top 10.

How does a web application firewall work?

WAFs come in several formats: hardware, software, cloud-based, or any combination thereof. How a web application firewall works is by operating a set of policies—instructions, essentially—that analyze inbound traffic and determine whether it’s legitimate or should be blocked.

WAFs recognize suspicious data sent via HTTP/HTTPS—and blocks that data. These policies are typically set up in one of three different models exemplifying how does a web application firewall work:

• Whitelisting:
  • A whitelisted IP can bypass security rules because it’s considered a trusted source. This means that if the firewall would block an action normally, because the source is whitelisted, the action is allowed.
• Blacklisting:
  • A resource that is blacklisted is blocked from making a connection to your site. For example, when a bot is blacklisted it can’t crawl or review any content on the website due to the blacklisting rules.
• Hybrid
  • A combination of whitelisting and blacklisting

The WAF scans your web applicants to filter out any potential threats or attacks—blocking access to the vulnerability. From there, the vulnerability still needs to be addressed directly. In a nutshell, this is how a web application firewall works.

To talk with one of our cybersecurity experts about web application firewalls or other SiteLock website security products, get in touch today.

Rooted in psychological manipulation, social engineering attacks occur when attackers trick users into sharing sensitive security information. With cybersecurity becoming stronger, different types of social engineering attacks allow bad actors to exploit something that firewalls can’t defend against: human weakness. According to a 2019 report, 99% of cyberattacks use social engineering techniques to trick users into installing malware. You’ve likely been the victim of one yourself, even if you didn’t realize it at the time.

There are many different types of social engineering attacks, but all of them exploit more than just a technical vulnerability. By targeting a human vulnerability, they gain victims’ trust—and ultimately use it against them.

Here are some types of social engineering attacks commonly used by these bad actors:

• Phishing. The most popular of all social engineering attacks, phishing attacks use infected email attachments, text message campaigns, malicious links, and more to exploit human error, fear, and curiosity—spreading malware and harvesting victims’ personal information and credentials as a result.

• Baiting. Another common attack, baiting takes advantage of human greed—enticing victims online with free gifts, giveaways, and too-good-to-be-true promotions, or offline with infected flash drives or discs claiming to contain valuable information.

• Scareware. A form of malicious software that often appears as warning popups and banners (but can also occur as emails), scareware alerts victims that their security software is out of date or that malware has been detected on their device—and tricks them into engaging with infected materials.

• Pretexting. Pretexters tend to gain the trust of their victims by impersonating people of authority, and then pretend to “need” victims’ personal information or data for a specific purpose or task—resulting in the sharing of valuable private information.

• Vishing. A targeted social engineering attack, vishing is enacted through the use of voice, most commonly occurring over the phone. Prerecorded messages ask victims to input sensitive information through the phone dialpad, and that’s how the breach begins.

For more detailed descriptions of these tactics, visit What is Social Engineering?

Steps to social engineering prevention

Of course, all types of social engineering attacks are designed to trick you. If you do fall for a scam, you’re not alone. But there are proactive prevention measures you can take—starting with staying aware and alert.

Here are some social engineering prevention tactics:

• Don’t open suspicious messages. If you receive an email from a suspicious source, whether it’s someone you don’t know, or an acquaintance asking for something strange, it’s best not to open any links or attachments. In these situations, take steps to verify the source—and their motives—before engaging any further.

• Don’t skip cybersecurity software updates. It may seem simple, but many victims make this mistake. Be sure that automatic updates are engaged for any antivirus or antimalware software that you have on your devices, and check in regularly to ensure scans and updates are running smoothly.

• Don’t disregard multi-factor authentication. Though it may seem like a superfluous extra step, multi-factor authentication can make a measurable difference in protecting your account login credentials. If you haven’t enabled this feature, don’t wait any longer.

• Don’t be tricked by tempting offers. If an offer sounds too good to be true, it probably is. Always be on guard when you see enticing gifts or giveaways, and do your research on the topic before giving away any personal information. Often, an intriguing offer can quickly turn into a trap.

In the end, effective social engineering prevention starts with understanding what you’re up against, and the different types of social engineering out there. For more information, check out SiteLock’s “What is Social Engineering?” blog post.

Patchman offers a solution to this with automatic patch testing or automating the process of finding and correcting vulnerabilities in outdated CMS applications across entire hosting infrastructures. When an outdated application contains a vulnerability, Patchman will detect and patch this vulnerability within the code, rendering an outdated application for which it provides patches as secure as the latest release.

However, accomplishing this is not trivial. Patchman scans thousands upon thousands of files for its customers, and Patches can have a significant reach and impact; as many as half a million websites per single vulnerability for larger applications such as WordPress — and that is still only a fraction of the total number of websites protected by the Patchman solution.

It follows that proper testing and QA is absolutely essential and hold number one priority for our Research team when a new patch is created. This article will give a brief glimpse into Patchman’s QA practices, specifically the patch validation process, and talk about a key improvement we’ve made in this area recently, automated patch testing.

Creating and validating patches

When a new application release comes to our attention, through (automated monitoring of) official release channels, direct involvement with application developers, or via another route, our work begins. We first evaluate such a new release through code review and examination of the changelog, to establish which changes, if any, address security issues in the application. When identified, these security-relevant changes are candidates to become patches.

When creating new patches we always strive to stay as close as possible to the security fixes implemented by the official developer and backport as far as the presence of the vulnerability and technical viability allow, with a final limitation being that we don’t backport patches to versions of an application that require PHP versions of 5.3 or before. These practices allow the patches we create and distribute to address security issues in affected versions, but without negatively impacting application and website functionality. The latter— the certainty that patches don’t break things— is verified through automated and manual testing, which we collectively refer to as the patch validation process.

To better explain, it helps to look at an example WordPress release, say WordPress 5.5.2 (dated 30th of October, 2020. This added escaping to a variety of admin section elements in two application files to resolve a cross-site scripting vulnerability:

• wordpress/wp-admin/includes/media.php
• wordpress/wp-admin/includes/template.php

As part of the patch validation process we apply a newly created patch to all versions of the application which it affects, on all versions of PHP that version of the application runs on, and then perform extensive testing to ensure that the Patched application remains fully functional, and that the security vulnerability is no longer present or exploitable.

This can be a rigorous endeavor, given that some security vulnerabilities affect dozens of different application versions, with patches spanning multiple files, and each unique patch would have to be set-up and tested against locally. This makes the process very labor-intensive.

Enter automated patch testing

Earlier this year, we built a new internal testing system to replace the previous patch validation process workflows. Internally, we refer to this as automated patch testing, and it is a platform for us to apply and test patches in parallel in a central environment.

Built into our own internal tooling, automated patch testing enables us to concurrently spin up hundreds of containers, each with a fully configured CMS application. Across these containers we employ a unit testing framework to unit test every relevant combination of application version, PHP version, and patch. This lets us move away from the previous manual functional testing in a local environment, and not only makes the testing itself more comprehensive, but also makes the entire process far more scalable.

This leads to faster cycle times because of centralized test automation and parallelization, and improved quality because the former enables us to test more rigorously. These improvements benefit Patchman customers by enabling us to deliver Patches more quickly, and with exceedingly thorough QA.

For more information on Patchman, email us at [email protected] or visit Patchman.co for a free trial.

A WAF is a filter that protects your web application against a plethora of different attacks. These attacks may attempt to pull sensitive data from your site—which is an issue if you routinely work with customers or exchange details such as credit card information. What is a WAF’s advantage compared to other types of cybersecurity measures? WAFs typically work within a fraction of a second, examining incoming traffic and filtering out traffic or files that may be harmful, using a series of rules that are also called “policies.”

So what is a WAF needed for? Well, an average website faces over 50 attacks per day. (Simply put, in the time it takes you to ask, “what is a WAF?”, your website’s security could be utterly compromised.) All it takes is one successful attempt to completely bypass your security measures completely and thoroughly corrupt your site. However, all of this can be easily avoided by employing a WAF, along with other cybersecurity measures, to automatically defend your site from attacks.

Types Of WAFs

What does WAF mean in the context of its different types? There are three types of web application firewalls: hardware-based, software-based, and cloud-based. Every type will protect your site infrastructure, though they may do so differently. The main differences among them entail the implementation and storage procedures.

• Hardware-based: A hardware-based WAF is installed locally on the computer’s hardware. This type of WAF is quick, agile, and effective, but may cost slightly more to install. It also takes up storage space on the hosting device, so you’ll need to factor computer memory into consideration.
• Software-based: This type of WAF is fully integrated into an application’s software, allowing you greater customization. This option sits at the middle price point out of the options. Implementation can be tricky depending on the application you’re working with, but once it’s installed, all that’s left to do is routine maintenance.
• Cloud-based: Cloud-based WAFs are the quickest type to install and come in at the lowest price point. One of the main advantages cloud-based WAFs provide is that they are easy to tune up and update. This option is user-friendly, though users may be less familiar with specific features and controls given they are not running the program.

When it comes to each different type, what is a WAF’s biggest upside—and consequently, the downside? There are pros and cons accompanying every type of WAF depending on the kind of web user you are—and how much time and money you want to dedicate to maintenance. But the fact remains that no matter which option you choose, your website will benefit from greater protection against automated attacks.

In future posts, we will explore what does WAF mean? in further expanded topics such as: what a web application firewall does, what the benefits are, and how to turn a WAF off should you so choose.

Ready to protect your website? Don’t wait until it’s too late. Get SiteLock protection today.

Hopefully, you answered no. If you did click, you may have fallen victim to a common method attackers use to embed malware in devices and harness personal information. By generating a sense of urgency and offering a tempting incentive, these experienced bad actors are

betting you’ll comply before thinking twice. This is one of many types of social engineering tactics that people easily fall victim to. In this article, we answer the question, “what is social engineering?” so you can take steps to protect yourself.

What Is Social Engineering?

So what is social engineering exactly? Social engineering involves the manipulation of human psychology to get access to sensitive information, like credit card numbers and passwords. It involves a wide range of tactics, which we’ll dive into below, but ultimately preys on precisely the things that make us human: emotions, fears, desires, and need for social approval.

Of course, convincing someone to willingly deliver information is much easier than finding system vulnerabilities, which is why social engineering has become a new favorite among highly skilled and beginner cyber attackers. Here are a few types of social engineering—and some social engineering red flags to watch out for.

Common Types Of Social Engineering

Now that we’ve answered the question, “what is social engineering,” let’s dive into a few common types of social engineering.

• Phishing. According to Verizon, 32% of data breaches involve phishing, making them the most common of all types of social engineering. Phishing is when a cyber attacker creates a website, email, or text message that looks credible, but is actually designed to trick people into providing information. Another example? Social media games that prompt you to reply with personal information commonly used for password security questions (pet names, the street you grew up on, etc.).

• Vishing. Vishing is a type of phishing that involves phones or voice emails. A popular vishing method is when an attacker imitates the voice response system of a company to get you to provide sensitive information.

• Spear phishing. In the same way that digital advertisements target your interests, phishing attacks can be customized according to what motivates you—and personalized to seem more legitimate.

• Baiting. Curiosity drives us to do all sorts of things. For example, the question “what is social engineering?” probably popped into your head, so you went to a search engine and typed it in. Some cyberattackers exploit this curiosity through a method called baiting, in which the attacker casually leaves a USB drive in a public place or a link in an unsuspecting corner of the internet in the hopes that you’ll plug the drive into your computer or click the link.

• Tailgating. This form of social engineering happens in physical places when an attacker steals your information by connecting to the same public WiFi network, or by following you into your workplace.

• Scareware. Ever click on a website and receive a notice that there could be malware on your computer, so you’d better download this software for protection? That’s scareware—the use of fear to prompt a person to do what you want.

• Quid pro quo. Who doesn’t love free gifts? With this in mind, attackers may offer you a product or gift card in exchange for some personal information.

Watch Out For These Social Engineering Red Flags

Before you click on an email link or provide anyone with information over the phone, do a gut check. Odds are if you feel something isn’t right, then it probably isn’t. For extra help, follow this quick checklist to make sure there aren’t any glaring social engineering red flags.

• An unexpected message. Beware any message that comes out of the blue. Does it make sense that this person or company is contacting you? Does the email address match their name? Are there people CC’d on the email who shouldn’t be?

• Requests that prey upon emotion. Messages that invoke a sense of urgency or fear are definitely social engineering red flags. An attacker might do this by pretending to be someone with influence over you, like a police officer, bank employee, or colleague. They could also do this by using scareware or quid pro quo.

• Spelling errors. Cyberattacks often contain intentionally misspelled words in email and website addresses. While a link or email address might look legitimate at first glance, make sure the spelling is accurate. Better yet, avoid clicking the link and navigate to the source through a search engine instead.

Think your website has fallen prey to social engineering?

With SiteLock’s malware removal service, you can restore your website and protect it from future attacks. Still wondering: what is social engineering? Contact our team to learn more.

What is Channel Partner Marketing?

Leading CRM platform Hubspot defines channel sales, or channel partners as a business model in which “a company sells through third partners — affiliate partners (who get commission on each purchase), resellers, value-added providers (who typically bundle your product with their own), or another entity that doesn’t work for it directly.” Channel partnerships are an effective and popular way to diversify your income while building long-term relationships with other vendors that can enhance or complement your current offerings to your users.

The Ideal Channel Partner Marketing Strategy

Channel partner marketing is a powerful facet of a successful partnership, but there is a right way and a wrong way to go about doing it. The wrong way is to simply add a bunch of links to your website in hopes of getting a referral commission of some kind. The right way is to be in strategic alignment with your channel partners. Regardless of what you or your partner is selling, it’s best to be on the same page in terms of what you both hope to get out of the partnership and how you will execute your marketing goals.

For example, some companies that work with channel partners have unique messaging and phrasing they prefer used in their sales copy. The partnerships that are the most successful have a synchronistic combination of (manufacturer) access to product experts and “corporate” marketing expertise with the (reseller) understanding/expertise on their customer/market.

How can you make sure that you’re in strategic alignment with your channel partners to ensure a successful marketing program? It all begins with communication.

• Reach out to your channel partner and outline the responsibilities and expectations of the partnership.
• Discuss the product/service that is being sold including why it’s sold a certain way, the current and future plans for the product, and the preferred method of selling the product.
• Leverage brand guidelines and marketing support for go-to-market (GTM) effectiveness. Most companies taking on partners have an idea of how they would like to take their products to market based on what they’ve seen work well. On the other hand, many resellers and affiliate partners know what their audience needs to hear in order to make the sale.
• Both parties should present their ideas for how to best market the product/service in question, and then develop a strong outbound or inbound marketing plan to drive awareness and bring in sales leads.
• From there, the next step is to execute the plans, and measure and report results, and then adapt where necessary to increase revenues for both parties.

Is your company seeking a partner to offer solutions such as Website Security, Remote Network Security, Risk Compliance, Data Protection, or Education and Training to your audience? SiteLock would love to discuss working with you. Learn more about our channel partner opportunities by visiting our channel partners page.

Thankfully, renewing an SSL certificate is easy. In this post, we will explain how to renew an SSL certificate in a few steps.

1. Generate a new Certificate Signing Request (CSR)

The first step in renewing an SSL certificate is generating a CSR, which validates your server’s identity. You’ll be asked to provide contact information to validate the domain ownership, and then you’ll receive a CSR code from your web host. Keep this on hand because you’ll need it for the next step.

2. Activate the renewal process

Access the dashboard provided by your host to view your products, including domains and SSL certificates. Clicking this button will start the renewal process and you’ll be prompted to enter information, including the CSR code. Once you confirm your information is correct, you’ll be brought to the next step.

3. Validate your SSL certificate

Next, you’ll have to verify ownership of your domain again. You can do this by email, HTTP validation, or DNS validation. The easiest way to validate ownership is by entering the email associated with the domain, if there is one. After ownership has been confirmed, you’ll receive a validation email with a link that includes your new SSL certificate files.

4. Install your new SSL certificate

Some hosts will ask you to contact them in order to install your new SSL certificate. The ability to carry out this process manually varies based on the software you use. Each host is different, so see what your host suggests regarding how to renew SSL certificates.

If you’re looking for more information about how to renew your SSL certificate, or if you’re new to SSL certificates in general, check out our blog post about how to get an SSL certificate.

The 5 Different Types of Channel Partners

While some people think of partnerships as nothing more than affiliate marketing, channel partnerships are a little more involved than simply adding a link to a resources page or an email with the hopes of generating sales that result in commissions. They are also different from referral partnerships where a partner refers qualified leads to a company and is paid based on successful sales.

Channel partnerships are more strategic, and typically long-term relationships. There are five different types of channel partners you and your company can consider pursuing. They are:

• Value Added Reseller (VAR): A VAR is a company that purchases a technology product from another company, adds their own services or features, and then sells this bundled product to their customers.

An example would be a computer retailer that sells computer hardware and services. You can buy just the computer from the retailer, or you can buy the bundle that comes with the extended warranty, training, is already loaded with programs such as the Microsoft Office suite of products, etc… Just like it sounds, they add value to the offer and then sell it for a profit.

• Managed Service Provider (MSP): An MSP refers to a company that monitors and manages the IT systems of other organizations. This can include monitoring the company’s network, securing data, and installing products. Working with an MSP is typically done on a contract basis, i.e. hiring an IT company to manage your systems and processes for an annual fee.
• Systems Integrator (SI): A systems integrator is a type of company that buys software programs and hardware from different vendors and combines them into a single solution for their own customers. In other words, the user may only see one interface, but the components that make it up and make it work will have many different parts.
• Distributor: A distributor is an agent, website, or business that acts as a middleman between the company that produces a product and potential buyers. Think of a grocery store purchasing goods at wholesale pricing and then selling to the consumer at a markup.
• IT Consultant: Technology companies can also partner with independent IT consultants, who recommend the company’s products and services to other businesses. This partnership is the most similar to an affiliate partner or referral partner. However, the difference here is that rather than throwing a bunch of links and hoping something sticks and results in a sale, an IT consultant will have vetted the products and services fully, and have a deep understanding of how they work so that they can provide ongoing support when necessary.

How to Choose the Right Partner Strategy

Now that you know the main different types of channel partners, how do you choose the right one? Here are a few important guidelines to keep in mind.

• Distributors and IT consultant partners will benefit most when they already have an established customer base/audience. However, partnerships can also help you to build your customer base because they give you the opportunity to sell a proven product to people looking for a solution.
• If you want to boost sales without having to constantly grow your sales team, consider setting up a VAR partnership because these will allow you to supplement the offerings you already have.
• If you’re comfortable running things for your clients or using software and hardware to create better systems and processes, an MSP or SI partnership may be your best bet to improve your current solutions you’re already giving your clients.

Channel Partnerships with SiteLock

SiteLock offers a variety of channel partner options that help you provide first-rate, affordable security to customers while growing your business. To learn more about channel partnerships with SiteLock, visit our channel partnership page, or email [email protected].

What Does An SSL Certificate Do?

SSL certificates enable secure online transactions, keeping your company’s customer information protected. Sometimes described as “digital passports,” SSL certificates provide the authentication needed to appropriately protect—and keep private—confidential website and browser communications. This can include anything from credit card information or a social security number to a phone number or billing address.

SSL certificates play an integral part in the data encryption process, initiating secure sessions with your customers’ (or any user’s) browser by digitally connecting your company information to a cryptographic key. But how it does this is another story.

How Do SSL Certificates Work?

While encryption and authentication technology can be quite complex, here’s a simple scenario of how SSL certificates work to make sure your online transactions are secure:

1. A browser tries to connect to an SSL-secured website or web server-prompting the web server to identify itself.
2. A copy of the SSL certificate is transmitted to the browser by the web server.
3. The browser checks to determine if the SSL certificate is trustworthy.
4. If the browser doesn’t trust the certificate, it denies the connection. If the browser does acknowledge the certificate and trusts it, the web server is sent a message.
5. The web server receives the message and then responds by sending back a digitally signed acceptance to begin an SSL-encrypted session.
6. Finally, encrypted data can now be shared between the two parties in a safe and secure, confidential transaction.

Still asking yourself, “How do SSL certificates work?” Browse the SiteLock blog to find past, current, and future posts about SSL certificate information.

What The Implementation of Multi-File Application Control and Detection Means

When Patchman was created in 2014, it was designed to scan for and proactively patch vulnerabilities within a CMS looking for a specific, unique file. With this update, we can scan for a set of files to detect more applications and application versions with better accuracy. The reason for this update is simple – many applications don’t have one unique file in every single version. As a result, scanning various applications would sometimes miss files that weren’t unique to that specific version. This led to problems in identifying vulnerabilities accurately. In other words, we could receive false-positives of threats where one might not exist. Multi-file application detection gives Patchman the ability to provide more robust application control and coverage with a significantly smaller chance of false-positives.

The new application detection method is also less sensitive to file variations as a result of different installation methods or download sources. The biggest example being that uploading a website through FTP could modify files in a way that caused Patchman not to detect it. With the update to our software, we’re able to catch even more vulnerabilities, keeping websites one more step ahead of cyberthreats.

Why This Update Matters

According to a diagram released by W3Techs, of the 766 content management systems W3Techs focuses on, nearly 60% of website users are utilizing one of the systems being monitored. The largest being WordPress at 40.4% with a CMS market share of 64.4%. Unfortunately, more than half of all CMS applications have been found to be out of date making these websites more vulnerable to an attack. Add to this fact that Zion Market Research reports that the global content management software market is expected to generate around $123.5 billion by 2026, and the fact is there’s big money to be had and lost.

The reality is that plugins, themes, and application cores require ongoing updates and management to remain secure. Since website owners often fail to make the necessary updates, they need something monitoring for them to detect and patch CMS vulnerabilities before they have a chance to put your website at risk. The multi-file application detection update helps give website owners peace of mind when they don’t have time or simply forget to maintain their website. It also helps the security conscious who do regular updates to be that much more secure. There’s comfort in knowing something is working to automatically detect and remove scripts that are malicious from your CMS the moment they are detected rather than finding them after it’s too late. It’s always better, and less expensive, to have a proactive preventative solution instead of a reactive pricey one after the fact.

How the Multi-File Application Detection Update Helps Our Partners

With Patchman and the newly added multi-file application detection, hosting service providers can feel even more confident in the accuracy of the service they are receiving, and the value they are then passing onto their customers. When you partner with Patchman, we help you make it easier to protect the websites of your customers without spending additional time on support. Interested in partnering with us to give your website customers another layer of security for their CMS applications? For package details, visit Patchman.co or email [email protected] for more information.

What is a Channel Partner?

A channel partner is an individual or organization that promotes and sells products and services for a technology company or vendor. Companies that use channel partners often sell hardware, software, software as a service (SaaS), or cloud computing solutions. It’s important to note that even though a channel partner sells products for a specific vendor, they are an independent company.

The Different Types of Channel Partnerships

There are several types of channel partnerships, but the most commonly accepted ones are Value Added Resellers (VAR), Managed Service Providers (MSP), Systems Integrators (SI), distributors, and IT consultants. We’ll break these down further in a future post, but for now this is what you really need to know about channel partnerships – Partnering with another company gives you the ability to provide your clients/customers/users with a product or solution you didn’t have previously. Each type of partnership mentioned here also has varying degrees of customer service involved from one-off sale to ongoing support, but the main goal is the same – To enhance your current business by adding a new product/service or improving one you’re currently offering.

Why Would You Use a Channel Partner?

There are many reasons why a company might want to establish a channel partnership. One of the most important reasons is that entering into a channel partnership can help a company scale their revenue. This is largely because your partner promotes your product or service to their own customers, which can lead to more sales. Partnering with a respected brand can also help you expand your offerings into new markets more easily. If your partner is a recognized name in their industry and recommends your product, their customers will have more confidence in your offerings and be more likely to purchase your product or service. As an added bonus, your channel partner can provide you with sales and marketing resources that can help you generate more leads and conversions, leading to increased sales and revenue.

What Makes a Good Channel Partner

A good channel partner will already be well-known as an industry leader/expert within a market. Their product or service will be proven with a good success rate, and they will have case studies and/or testimonials to back up their claims.

Good channel partners are also not just looking to make quick sales – they are looking for strategic relationships that can evolve and grow for the betterment of both themselves and the companies they have partnered with. In other words, they understand that working together should not be a one-sided venture. They will provide you with the materials you need to help your customers while at the same time working with you on your messaging and marketing to achieve more sales. Finally, a good partner understands the customer is the primary focus because the goal of both companies should be to give the end user the best experience possible while providing the real solutions they need.

How to Structure a Channel Partnership

When it comes to structuring your channel sales partnership, you have several different options, including:

1. You sell through your partner. In this case, your partner acts as a middleman and distributes your product to buyers.
2. You and your partner sell together. Typically, your partner will offer your products as an upsell to one of their own.
3. Your partner sells your products for you. They can do this by introducing your products to new markets or adding your service to their own offerings.

It’s important to note that you don’t have to stick to just one method. You just need to consider what your specific needs are before deciding which one will work best for your business.

Channel Partnerships with SiteLock

Establishing a channel partnership with SiteLock provides a valuable opportunity to protect your customers from ever evolving cyberthreats, while boosting your company’s reputation and revenue.

For more information about partnering with SiteLock visit our channel partnership page, or email [email protected].

What Does An SSL Do For My Website?

An SSL certificate encrypts any data entered into your website until it reaches its destination, where it is then decrypted and processed. Encrypting this data secures it against an attack such as a ‘Man In The Middle’ attack, where that data is intercepted before it reaches its destination.

Imagine purchasing an item online. Once you hit the checkout page, you’re asked for a lot of personally identifiable information – including your name and email – as well as payment information such as your credit card number along with the CVV number for that card. Without an SSL, this sensitive information is sent without encryption and is vulnerable to a number of different attacks. With an SSL in place, an attacker would get a lot of encrypted data with no key or no means to decipher the data.

Before we delve into how to get an SSL certificate for your website, you might be wondering what other benefits an SSL certificate provides. Here are some of the most common reasons website owners investigate how to get an SSL certificate:

• User Security – As mentioned above, the primary beneficiary of an SSL certificate is the website visitor. Whether the SSL is securing credit card data, or just ensuring that login pages are secure, the value added to your visitor’s experience is increased noticeably.
• SEO ranking – Google can deem your site insecure, which can result in a loss of SEO rankings, and in turn a loss in potentially valuable traffic. So even if you don’t collect data from your visitors, it’s beneficial to have an SSL to help present a secure website in order to maintain a strong positive search engine presence.
• User Confidence – Taking care to secure your website instills trust in visitors, especially those who want to initiate a financial transaction or conduct other business through your site.

Which SSL Certificate Is Right For You?

Something to keep in mind when researching how to get an SSL certificate: they aren’t a one-size-fits-all security solution. In fact, obtaining the wrong certification can be an expensive mistake as pricing ranges from free to several hundred dollars or more.

Therefore, before you delve into how to get an SSL certificate for your website, you need to figure out which type of SSL certificate you’ll require. The answer will depend on you knowing exactly what actions you want your users to be able to take when they land on your site. When researching how to get an SSL certificate, the different types of SSL certificates include:

• Extended Validation Certificates (EV SSL)
• Organization Validated Certificates (OV SSL)
• Domain Validated Certificates (DV SSL)

Once you’ve determined the type of certificate your website needs, it’s time to figure out how to get an SSL certificate. Steps include:

• Generate a Certificate Signing Request (CSR) – A CSR is a report generated by your server with important details for the SSL (like common name and organization information).
• Purchase an SSL for your website – You can generally partner with your webhost to get an SSL, or you can go directly to a Certificate Authority (CA) like Comodo, Symantec, or Digicert.
• Submit the CSR to the CA – Once the SSL is purchased, it needs to be issued correctly. The CSR contains the information necessary for the SSL to be issued correctly.
• Install the SSL – Once the CA has received the CSR, they will issue the SSL certificate (which contains multiple files, typically). There are several ways to install the certificate once it has been issued, but these depend on your server and hosting environment. We recommend reviewing your host’s knowledgebase for specific install steps.

Congratulations on taking a critically important first step; researching how to get an SSL certificate. Once your SSL is in place, your users will appreciate the security the certificate provides—and your endeavors will be even more successful as a result.

If you have further questions, or you’re looking for additional tips or products, to help you secure your website, get in touch with us today.

Fortunately, hosts can defend against cyberthreats with the right end-user security solution in place. Patchman not only protects your business, but helps it thrive.

Here are the top 3 reasons a hosting provider needs Patchman

Protect Customer’s CMS Applications

Representing ~70% market share, CMS applications such as WordPress, Joomla and Drupal are a popular way to build a website. However, securing these applications is still a challenge.

Protecting a CMS application falls to the end-user and, an unfortunate reality remains that a sizable portion of end-users does not have the time, resources, or inclination to properly maintain their code or applications. Protecting your customers CMS applications can help prevent revenue loss, stolen customer data, and reputation damage that can have devastating effects on their business.

Patchman offers a proactive solution that helps protect your customers by automating the process of finding and correcting vulnerabilities in outdated CMS applications across an entire hosting infrastructure. When an outdated application contains a vulnerability, Patchman will detect and patch this vulnerability within the code, rendering an outdated application as secure as the latest release. In a recent study, we found that Patchman actually protects more CMS websites than routine upgrades; providing that proactive solution you need to protect every website on your server.

End-User Security Education

While many website owners may have general cybersecurity awareness, they may not know where to start or even why they need it. As a result, end-user security adoption remains low. According to a study conducted by BullGuard, 43% of SMBs have no cybersecurity plan in place.

Patchman not only provides the cybersecurity protection website owners need, but it also allows you as the hosting provider to help provide end-user security education and build awareness. With customizable policies and customer email notifications, we make it easy to notify customers of security incidents and outdated applications. We offer detailed background on all vulnerabilities and provide customization capabilities to add in further education, best practices, or other relevant messaging.

Find Profitable Growth

While protection and end-user security education are important in providing value to the customer, what does this really mean to your bottom line? At SiteLock, we have over 400 partnerships which has given us a lot of insight into the performance of our products. We’ve seen our products, such as Patchman, contribute positively to our partners P&L and provide steady profitable growth. Here are the ways you could see Patchman working for your business:

• Improved Churn: Many website owners with a compromised website often blame the hosting provider for the compromise and consider moving to a new provider. With proactive patching and security protection, a hosting provider provides a clear value to their customer. Ultimately reducing churn by 20% on average
  • Improve Operational Efficiencies: Hacked sites require a lot of operational support. CMS vulnerabilities drain admins’ operational time, increase their support call volume, and redirect their workflows to retroactively cleaning and recovering websites. By protecting customers sites proactively, you eliminate the resource impacts required to support vulnerable websites. We’ve seen Patchman reduce system admin utilization by 50% and decrease support ticket volume by 50%

With Patchman, hosting providers can deliver the protection their customers need, build cybersecurity awareness and end-user security education, all while seeing positive returns to their overall profitability.

If you’re interested in implementing Patchman at your HSP, visit Patchman.co for a free trial, or email [email protected] for more information.

For years, ancient Greeks tried to infiltrate the coveted city of Troy. After a series of failed attempts, they feigned surrender and sent a giant wooden horse to their enemies. Troy opened its gates to accept the gift. Then, night fell—and soldiers emerged from within the hollow “peace offering” to take the Trojans by storm.

Fast forward more than 3,000 years, and cybercriminals are recreating the ancient tale using a modern weapon of their own: remote access trojans (RATs).

True to their name, RATs are a particularly sneaky type of malware designed to trick unsuspecting users. Once on a computer, they give cybercriminals complete, anonymous control—from anywhere in the world.

As the ancient Trojans would surely attest, you don’t want to be on the receiving end.

The dangers of remote access trojans

What are remote access trojans able to do, specifically? The short answer: a lot. Here are just a few ways that hackers can wreak havoc with remote access trojans:

• Spying. Cybercriminals can use a RAT to hijack webcams, spy on targets, and collect blackmail.
• Stealing. Hackers can use a keylogger to monitor typing and steal sensitive user data like passwords or credit card info.
• Scheming. Cybercriminals can exploit your vulnerable state by downloading illegal content onto your computer.
• Spreading. Once a RAT is on your computer, you’re not the only one in danger. While targeting you, hackers can use your device as a gateway to distribute malware to others.
• Shutdowns. With only a few keystrokes, hackers can completely wipe your hard drive—deleting personal files and doing irreparable damage.

One of history’s biggest RATs

Now that we’ve answered the question “What are remote access trojans,” let’s look at a real RAT in action.

This one’s called Blackshades—and by 2014, it had infected more than 500,000 computers in over 100 countries.

One of those computers belonged to an American beauty queen named Cassidy Wolf: the 19-year-old victim of a sextortion case. In 2013, a 20-year-old hacker from California seized control of Cassidy’s webcam and took a series of compromising photographs. He then demanded that Cassidy send him more photos and videos, threatening to publish the existing photos if she didn’t comply.

This may sound like an elaborate movie plot. But remote access trojans are real-life dangers—commonly infiltrating computers through email attachments or add-ons to legitimate software.

According to the FBI, potential signs of a Blackshades or general RAT infection include:

• Mouse cursor moving erratically with no input from the user
• Web camera light unexpectedly turning on when not in use
• Monitor turning off while in use
• Compromised online account usernames and passwords
• Unauthorized bank accounts logins or money transfers
• Text-based chat window unexpectedly appearing on your computer’s desktop
• Encrypted computer files followed by a ransom demand to unlock them

At the end of the day, strong cybersecurity may be all that stands between you and digital destruction.

Stay protected with SiteLock

As a global leader in website security, SiteLock protects websites from malware and other cyber threats on a daily basis. Contact our team of experts today to keep cybercriminals at bay.

So, what are banking trojans? Simply put, they’re malicious backdoor programs designed to steal financial information or money from online banking apps and other fintech platforms. Unfortunately for the average person, banking trojans are extremely sophisticated and frequently switch up their strategies. They can attack online banking institutions, and even drain money from personal or business bank accounts—before the account owner knows they’ve been targeted.

How do banking trojans work?

Banking trojans stealthily infect a PC, computer network, or Android app, then wait for the unsuspecting user to log in to an online bank account. Once this occurs, the banking trojan captures the user’s password and gains unauthorized access to the account.

Cybercriminals can trick users into granting account access to the banking trojans in a number of different ways:

• Phishing. This occurs when a malicious actor sends an email under the guise of a seemingly legitimate sender, such as a bank or online retailer. The email either infects the recipient once opened, or contains a link directing the recipient to insert their username and password into a malicious site disguised as a legitimate banking site.

• Malvertising. Banking trojans can hide in malicious code injected into advertisements displayed on legitimate sites. Once clicked, those infected ads direct the user to a malicious site.

• Exploit kits. Exploit kits get embedded in websites, where they scan users for vulnerabilities to exploit and gain entry into your PC or network.

So, what are banking trojans? They are an absolute nightmare to deal with. To help avoid getting infected by one, here are a few tips on how to keep these malicious actors from wreaking havoc:

• Exercise caution. Be careful when clicking links and downloading files sent over email. If you’re a banking organization, train your employees to recognize phishing emails and have them participate in phishing tests.

• Pay attention to small details. Take notice of small changes before logging into a banking website. Are there any design changes? Additional login fields? Glaring flaws in text or design? These are clues it’s a malicious site disguised as a legitimate one.

• Be proactive. As the old saying goes: the best defense is a good offense. Investing in cybersecurity tools such as malware scanners, antivirus software, and web application firewalls can help safeguard your system.

Are you looking for help securing your website against banking trojan malware? Do you think you might have already been attacked? We can help. Contact our team today.

Buy, Build, or Partner: Considerations for Hosting Providers

When deciding whether to take a buy, build, or partner approach to cybersecurity, there are some key considerations HSPs should take into account in their business growth strategy:

Strategic

Hosting providers should evaluate which approach fits best within their overall business growth strategy and area of expertise. For example, if you’re looking to implement a new cybersecurity product, does your company have the resources and expertise to build this product? If the product you’re looking for already exists, can you easily add it to your existing product portfolio? Would implementing this cybersecurity product provide added value to your company that you couldn’t achieve otherwise?

Organizational

There are also organizational factors HSPs should consider when choosing a cybersecurity approach in your growth strategy, which include:

• Financial: Do you have the budget to buy an entire cybersecurity business? Buying is the most expensive of the three options, and it’s important to see if buying is financially viable for your company. Partnering with a cybersecurity provider is generally a much more affordable option, and far less time-consuming to implement.
• Resourcing capabilities: Do you have the in-house resources needed to build a cybersecurity solution from scratch? In addition, do you have the capability to manage the product, perform regular upgrades, and provide customer support? If you don’t have these capabilities in place, building might not be your best option. If you partner with a cybersecurity company, they’re in charge of optimizing the product, and these benefits are easily passed to you.
• Timing: How quickly do you want to implement the cybersecurity solution? Buying and building often take longer, so if you’re pressed for time, partnering might be a better option for you. In general, the quickest way to take a product to market is to partner and add the desired product to your portfolio. Be sure to consider if prospective partners offer affiliate and revenue sharing programs, or if they only offer API integration.
• Value: Which approach provides the best value for your company? If you partner with an established cybersecurity company with a reputation for excellence, this association can boost your company’s perceived value. Also find out if the company you’re thinking of partnering with provides marketing support to help you grow your customer base and revenue.

Vision

It’s important that you and your cybersecurity partner share the same vision and values and agree on the direction you want to take.

Scale

Does your partner have the capability to scale with you to meet your objectives? In addition, confirm they offer a full cybersecurity portfolio so you don’t have to resort to using multiple vendors.

Cost

Does your partner have the ability to offer you healthy margins? What upfront or long-term costs do you need to cover, and which costs may escalate over time? Also consider whether they’re willing to work with you and come up with an agreement that best meets your business growth strategy needs.

Buy, Build, or Partner: Which Approach is Best for You?

Deciding whether to choose a buy, build, or partnering approach to cybersecurity is an important decision for many HSPs business growth strategy. In many cases, HSPs ultimately decide to partner with a cybersecurity company. If you pursue this route, remember that a good partnership is one where you are both committed to shared goals and willing to work towards them.

As a cybersecurity provider, partnerships are the route that SiteLock usually experiences. SiteLock offers a full suite of cybersecurity solutions that can help you deliver powerful, affordable security to your customers. For more information about partnering with SiteLock visit our channel partnership page or email [email protected].

Though we may not realize it, most of us encounter adware every day. In fact, it’s become so pervasive that we may consider it an inevitable side effect of device usage. But it doesn’t have to be—and things weren’t always this way.

Adware has been on a steady and rapid rise since at least 2018. According to the Malwarebytes 2020 State of Malware Report, Adware was the dominant malware threat category for consumers in 2018 and 2019, and the same was predicted for 2020. This statistic held true for consumers and businesses across Windows, Mac, and Android devices.

The takeaway? Adware is becoming more aggressive. The same report accounted for an approximate total of 24 million adware detections on Windows devices, and 30 million on Macs—both significant sums.

Whether Adware is pre-installed on your device or later creeps in through downloads or installs, it can have a host of harmful consequences. But precisely what is Adware, what can Adware

look like, and what does Adware do?

What Does Adware Do—and What Are The Signs?

Once it’s on your device, what does Adware do?

Beyond the obvious impacts of adware—like your browser being bombarded with pop-up ads—you may be wondering, “what does Adware do for the developer who put it on your device?” The answer is simple: It generates revenue. By displaying ads without your permission, Adware can draw attention and clicks, opening up vulnerabilities that lead to more Adware for you—and more revenue for the developer.

As the Adware continues to inhabit your browser and learn more about your location, site visits, and purchasing preferences, it can target you with increasingly customized ads, increasing your likelihood of engagement. It’s a vicious cycle—and putting an end to it requires your ability to recognize adware when you see it.

What are the signs of Adware?

If you find yourself repeatedly asking “what is Adware?” and “what does Adware do?” you may benefit from concrete examples of how it can appear on and affect your devices.

Adware most commonly occurs within a web browser, which can include anything from Google Chrome to Safari, Firefox, and more. Some of the most common signs and presentations of Adware include:

• Pop-up ads. Ads appear in places they shouldn’t, often hindering your ability to navigate a page.
• Browser hijacking. The home page of your web browser appears different, and new toolbars, extensions, or plugins may be visible.
• Web page hijacking. Pages you normally visit suddenly appear changed or do not display properly.
• Web traffic redirects. Links don’t bring you to their designated websites, redirecting to other locations instead.
• Slowed browser speed. Your website browser speed slows dramatically or stops altogether.
• Automatic installations. Your device automatically installs unwanted software applications.
• Browser crashing. Your browser unexpectedly or repeatedly crashes.

Ultimately, the questions “what is Adware?” and “what does Adware do?” can yield a range of answers, but the first step to understanding them is getting a grip on the basics. For more information about Adware, contact the SiteLock team.

So, investing in cybersecurity to expand your comprehensive product portfolio should be just as crucial as having reliable hosting products, website builders, and applications. The cybersecurity stakes are higher than ever, with projections from Cybersecurity Ventures indicating that global cybercrime costs could reach up to $6 trillion in 2021..

Today, cybercrime is big business, with hackers automating attacks and breaking into companies’ databases, email systems, and networks to harvest data for resale and ransom. This makes it more evident that investing in cybersecurity is crucial when protecting your hosting customers digital assets, because without a comprehensive cybersecurity portfolio, they remain vulnerable to cyberattacks, which can also result in serious consequences for your company.

How big is the impact of cybercrime?

As the threat landscape continues to develop, the impact of cybercrime is more costly to businesses than ever before. In fact:

• On average, websites are attacked 94 times per day.
• Security breaches have increased by 67% in the last five years, per the WEF.
• Businesses and consumers in the U.S. lost more than $3.5 billion to cybercriminals in 2019.
• Ransomware cost businesses and individuals nearly $9 million in the U.S. in 2019.
• Data breaches cost an average of $3.9 million worldwide in 2019, according to a Ponemon Institute survey.
• 28% of companies consider moving to a new hosting provider if their site gets hacked.
• Assisting customers who experience a security breach takes up significant customer support and tech support time.

What do small businesses need to protect?

Every business utilizes a variety of systems, software, and tools to achieve its goals, but each of these introduce potential security vulnerabilities cybercriminals can exploit.

Here are some of the most important tools and systems businesses need to reduce the impact of cybercrime:

• Network: The network consists of all the hardware that connects an organization’s devices, such as routers, servers, computers, and mobile devices. If intruders gain access to the network, they can steal data, spy on email conversations, and take over company accounts.
• Website: Businesses need to protect all of their website components, including operating systems, databases, core services, and web applications. If any of these elements contain vulnerabilities, hackers can exploit them to gain access to the business’s website and inflict all sorts of damage, including taking over email accounts, and defacing the website.
• Data: Small businesses invest lots of resources in building their websites and systems and storing customer data. This data is a prime target for hackers, who can steal this information and sell it to other criminals or use it to commit fraud, blackmail, extortion, and identity theft.

How can HSPs protect their customers?

Investing in cybersecurity will expand your comprehensive security product portfolio, which will protect your customers from common cybersecurity threats. Your cybersecurity portfolio should include solutions to address the threats most common to each component of the tech stack, which includes networks, databases, and web apps.

Remote Network Security
Virtual private networks (VPNs) encrypt traffic to and from the organization’s network when employees are working remotely. VPNs keep criminals from “seeing” company data as it flows between a laptop or mobile device and network servers.

Website Security
All businesses need website security solutions that protect all aspects of their website. These include:

• Operating system: To protect operating systems, companies can run malware and vulnerability scans to identify malware infections and website vulnerabilities and repair or remove the threats.
• Core services: Malware and vulnerability scans help prevent cybercriminals from exploiting core services and the apps built on them.
• Database, web server and web app security: All companies should invest in malware scanning and removal, web application firewalls, and DDoS prevention to protect their database.

Data protection
Regular website backups are crucial for safeguarding your data and allow companies to recover their websites quickly after a disaster.

Education Applied to Best Practices Leads to Better Security

Although not part of the tech stack, security awareness education is critical to any successful cybersecurity strategy. As part of your cybersecurity portfolio, it’s important to include security awareness training information to help your customers educate their employees about cybersecurity best practices.

In addition, teach your customers about the importance of establishing a cyber secure workplace culture in which leaders use best practices, communicate security goals, and reward employees who prioritize security. This promotes a safety-first mindset that protects the entire organization.

Start building your cybersecurity product portfolio

Investing in cybersecurity and maintaining a comprehensive security product portfolio is crucial so you can equip your hosting customers with adequate protection as well as your company’s reputation.

Call us at 833-715-1304 or visit us today to learn more about investing in cybersecurity to build a strong security product portfolio that provides effective website security for your customers.

What Is A Ransomware Attack?

Let’s start by tackling the big question: What is ransomware?

According to the FBI, “Ransomware is a type of malicious software cyber actors use to deny access to systems or data. The malicious cyber actor holds systems or data hostage until the ransom is paid.”

This may sound like the plot of a Hollywood thriller—but unfortunately, it’s far from fiction. In 2017, the most destructive ransomware attack to date infected over 200,000 computers in 150 countries, causing billions of dollars in damage in only hours.

The FBI estimates that 4,000 ransomware attacks occur daily. As a site owner, you don’t want to fall victim.

What Does Ransomware Do?

Now that we’ve answered the question “What is ransomware,” you’re probably wondering: What does ransomware do to infected computers?

The short answer is: a lot. For businesses, ransomware attacks can cause data breaches, financial loss, exposure of sensitive information, and even lasting reputational damage. For individual site owners, the potential effects are equally devastating: permanent file corruption and the complete loss of digital property.

Fortunately, it’s possible to prevent—and even recover from—ransomware attacks. Here are four critical measures to keep in mind:

1. Don’t give in to demands. Malicious cyber actors may request an exorbitant amount of money, threatening to hold your website hostage or worse. Don’t give in—simply updating your password can eliminate their threats.
2. Stay up to date. Ransomware often exploits vulnerabilities in outdated operating systems. Make sure you’re using modern security measures— malware scanners, antivirus software, and web application firewalls—to lower the likelihood of attack.
3. Run regular backups. Running regular site backups can help you recover files after a ransomware attack—this way, precious data is not permanently deleted.
4. Promote smart cybersecurity practices. Negligence is the number one cause of data breaches. Remember: It only takes one click on a suspicious link to become a prime candidate for a ransomware attack. Maintain best cybersecurity practices, this way you won’t need to ask: What is a ransomware attack doing to my computer?

Beware Of Fake Ransomware Attacks

Finally, you’ll want to know the difference between real and fake ransomware attacks.

• During a real ransomware attack, the attacker is already in your system. They typically encrypt all your files, then send the website admin a ransom request to pay for the encryption key. Without a backup, the encryption key is the only way to regain access to your files—which is why ransomware attacks are so effective, to begin with.

• During a fake ransomware attack, the attacker gets someone’s email and password from a dark web data dump. Then, they send an email saying, “Pay us [X amount] or we’ll delete everything. We have all your information. As proof, do you recognize this password?” This attacker doesn’t actually have leverage against the victim—but sharing a current or previous password can be enough to scare people into action.

If you fall victim to a fake ransomware attack, simply update your password, confirm you have backups running, and refresh yourself on best cybersecurity practices.

This website is a great way to check whether your email has been compromised. If it’s been involved in any data breaches, update your password everywhere it’s used. Even if “Website X” is all that was hacked, you can’t stop at updating the password there since the credentials will often be tested in other login locations—from social media to banking.

Stay Protected With SiteLock

As a global leader in website security, SiteLock offers a host of tools to defend against ransomware attacks. Still wondering: What is ransomware—or worse, what is a ransomware attack doing to my site? Contact our team today!

Step 1: Figure Out Your Business Goals

The first step is to clarify your vision and set measurable goals for what you want to achieve with the channel partner program. For example, are you seeking to achieve accelerated growth, more brand awareness, or greater revenue?

Step 2: Determine Your Channel Partnership Strategy

Next, identify a channel partnership strategy for your business. There are three main partnership options you can pursue:

1. You sell through a partner that distributes your product.
2. Your partner sells your products as an upsell to one of their own.
3. Your partner sells your products to new markets or adds your service to their own offerings.

Step 3: Identify Potential Partners

An ideal channel partner will offer solutions that complement your own, has customers that would benefit from your product, and has adequate marketing and technical expertise. It’s also crucial to choose companies that will reap significant benefits from the partnership.

Step 4: Establish a Connection

Next, reach out to your prospective partners and establish a connection with them. It’s important to ensure your marketing, sales, support, and technology teams – and your partners’ teams – are adequately trained and focused on the launch and the ongoing partnership.

Step 5: Measure Results, Adapt, and Drive Growth

After implementing a channel partner program, regularly track and measure your results. If necessary, adapt your strategy and continue to track and measure until the partnership achieves your desired results.

The Key to Successful Channel Partnerships

Ultimately, the key to a profitable channel partnership is to remember that your partner wants to be successful too. A partnership needs to be a two-way street, in which both parties benefit. By taking the time to strategize, analyze, and establish ongoing communication, you will be well on your way to having a successful channel partner program.

The consequences of malware threats and unpatched website vulnerabilities can be monumental—affecting your website performance and putting both your business and user data at risk. It’s no wonder that long-established industry giants and innovative up-and-comers alike are touting malware protection products.

SiteLock’s Patchman is only one product amid a sea of solutions, but what sets it apart—and does it really work?

Putting Patchman to the test

SiteLock conducted two studies to ensure it can do more than the regular, routine Content Management System (CMS) website updates failing SMBs and HSPs like yours—and measured the positive outcomes. We applied Patchman to two CMS vulnerabilities for 14 days each, one on WordPress (the leading CMS with a 62% market share) and one on Joomla (the distant runner-up with a 4.9% market share). These were the results:

1. WordPress

On June 10, 2020, version 5.4.2 of WordPress was released to the public. SiteLock discovered a vulnerability, and put Patchman on the job. After seven days of patching the new vulnerability, Patchman had 10% more protected applications than standard WordPress updates did.

Within three weeks, more than 20% of WordPress websites that relied on standard updates were still on vulnerable versions, maintaining known security holes due to outdated versions still being used. However, more than 95% of the vulnerable population of WordPress applications and websites were patched by Patchman.

2. Joomla

On November 24, 2020, Joomla 3.9.23 was released to the public. SiteLock discovered a vulnerability and started patching with Patchman. In just one day, Patchman had four times the coverage of regular, routine Joomla updates.

Within three weeks, 80% of Joomla websites that relied on standard updates were still on vulnerable versions, maintaining known security holes due to outdated versions still being used—but more than 90% of the vulnerable population of Joomla applications and websites had been patched by Patchman.

The benefits of Patchman are clear. But why is it so much more successful?

The Patchman difference: Proactive vs. reactive vulnerability solutions

Patchman is a malware protection solution designed to proactively patch CMS vulnerabilities like the ones outlined above, which are a major source of cybersecurity threats in today’s internet landscape.

More than half of all websites on the internet use a CMS, and by 2026, the global CMS market is forecasted to generate $123.5 billion in revenue. CMSs are powerful engines for enabling everyday users to build, manage, and modify websites without coding experience or specialized tech knowledge. But their open-source accessibility can easily backfire.

Whether your CMS is cloud-based or on-premise, the same user-friendly features that make CMS website development seamless can put your site at risk.

Downloadable website themes and plugins require ongoing updates and management to remain secure. And all too often, website owners—even those with a large digital presence and thousands of end-users—don’t perform the proper maintenance, or find that regular routine updates simply aren’t enough to keep them secure.

As a proactive vulnerability solution, Patchman patches CMS vulnerabilities before they have the chance to put your site at risk. The product automatically removes malicious scripts from your system the instant they’re detected, instead of leaving them idle until your next routine update—and forcing you to rely on pricey reactive solutions.

Breaking down the business impacts of CMS vulnerabilities

For a SMB, open vulnerabilities mean increased website downtime, host suspensions, and the financial implications of site cleaning and recovery. The business sinks revenue, loses customers, and puts its user trust and brand reputation on the line.

For a HSP, CMS vulnerabilities drain admins’ operational time, increase their support call volume, and redirect their workflows to retroactively cleaning and recovering websites. Customer satisfaction plummets, and churn soars.

At the end of the day, a proactive solution like Patchman is your best bet for protecting every website on your server. If you’re interested in implementing Patchman at your HSP, visit Patchman.co for a free trial, or email [email protected] for more information.

Among the most obvious signs of malware infections are hosting suspensions, website blacklisting, and redirects to malicious websites. While these examples are simple to spot, other attacks go largely unnoticed—because it’s easy for malware to hide among lines of legitimate code.

Four Must-Know Signs Of Malware

Can malware go undetected? The answer is yes—and it often does. Watch out for these four signs of malware on your site:

• Unrecognized admin users in CMSs like WordPress. Often, malware payloads create backdoors enabling bad actors to re-enter a site after it was cleaned. One popular backdoor attack involves creating an admin account using access gained through a vulnerability. Even if the vulnerability is patched, the attacker retains access to the bad user account.

• Strange or misspelled file names. It doesn’t take much experience to spot a file called “zbdG7dcL2DDdC.php” and question its legitimacy. However, many attackers strategically name files to appear legitimate. For example, the login file for WordPress is called “wp-login.php,” but it’s not uncommon to find malware in a file called “wp-logon.php.” Since this looks legitimate, malware can sit in plain sight beside normal files.

• Bad search engine results for your site. Here, attackers use an infected site’s traffic to boost another site’s rankings in Google. If you have unrelated information or foreign characters in your domain’s Google search results, malware may be negatively impacting—or even harming—your organic search results and online reputation.

• Website errors. Malware is foreign code added to existing code. With that in mind, it only takes a single character in the wrong location to cause an entire site to fail. Fortunately, website errors can help you spot malware more easily.

Tools For Spotting Malware

Spotting malware can be tricky, but SiteLock has a host of tools to help site owners get started. Still wondering: How can malware go undetected on my site—and what can I do to stop it? Contact our team today.

Want to learn more about malware? Check out these additional resources from SiteLock:

• What is Malware?
• Common Types
• The Evolution of Malware
• Ways Malware Can Get Onto Your Site
• The Dangers of Malware
• The Effects of Malware on Small Businesses
• How to Check Your Website for Malware
• How to Check Databases for Malware
• Ways to Protect Your Site
• How to Remove Malware
• Malware Analysis Series:
  • Signature Based Analysis
  • How a Signature Is Born
  • Detection vs Removal

“How does malware work?” and “Why is malware used?” are all-too-common questions. If we know one thing, it is that a lack of knowledge on the topic causes major problems. According to recent data, it is estimated that 17.6 million of the world’s websites are infected with malware.

Understanding where it comes from and how it works are the first steps to securing your site. So, how does malware work? Here are a few ways it can infect your site:

1. Compromised credentials. If any of your admin’s usernames or passwords are compromised, attackers gain full access to your site.

2. Code vulnerabilities. When you install a CMS like WordPress and add plugins or themes that are not maintained, your site becomes vulnerable.

3. Cross-site contamination. When multiple sites are hosted on the same hosting account and one becomes infected, the rest become vulnerable as well. This can also happen if multiple testing, development, or backup websites are left installed in a single hosting account.

Onto the next question: why is malware used? Once malware is on your site, attackers can use it to do the following:

• Website redirects. Malware can redirect visitors to a malicious site—and cause a host of harmful complications.

• SEO spam. Attackers can leverage your web traffic to artificially inflate their own, compromising your site’s standing with Google.

• Phishing. Through malware, attackers can hold fake pages for popular websites like Outlook and Google on your website hosting account. This tricks people into logging in, putting their information at risk and rendering your site susceptible to permanent deactivation.

• Defacements. Whether they consist of attention-grabbing statements, political ideologies, or anything else, defacements are when attackers use your website as a canvas to send a message—overwriting your site material in the process.

• Backdoor attacks. A particularly tricky form of malware, this allows an attacker to regain access even after the malware is “cleaned,” enabling them to repeatedly re-infect the system.

Looking for a shorter answer to the question, “Why is malware used?” The reality is quite simple—it is used because it is profitable. Largely automated and easily searchable, malware offers a low-effort method for bad actors to break into your site and steal your valuable data.

Luckily, malware can be prevented if you are proactive and use an automated website scanner and web application firewall. Still asking yourself: “How does malware work?” Contact the SiteLock team to get up to speed.

In this post, we will examine website security statistics that impact your hosting business, including those relating to attacks on websites, CMS platform updates, and bot traffic. From there, we’ll examine how you can mitigate these negative experiences and turn them into an opportunity to grow your business.

Attacks on Websites: The Latest Trends

As the frequency of attacks on websites continues to increase, both your clients and your hosting business are at risk. In fact, an estimated 12.8 million websites are infected with malware right now, based on SiteLock’s analysis of 7 million websites. In addition, the average website experiences 94 attacks each day.

Three trends that are most concerning, as they relate to attacks on websites, for hosting providers are the use of backdoor files, malicious mailer scripts, and the number of sites being blacklisted.

SiteLock’s latest website security statistics also indicated that 65% of these infected sites had at least 1 backdoor file, which grants attackers continued undetected access to website files or databases. This means that even if a hosting provider or website owner removes malware from the infected website, a hacker can infect the site again through the backdoor file.

For the customer, this is a frustrating experience because it appears that their site keeps getting reinfected and the host is not able to resolve the issue. And this situation forces hosting companies to invest more time and resources to field service calls from customers. If you service 1,000 websites, you can expect to spend around 600 hours or about $20K a year on addressing minor security questions. If a larger issue occurs, you’ll likely spend two to three times the money.

A second website security statistic of concern to hosts is 12% of infected websites contain malicious mailer scripts that use client website resources to send out mass amounts of spam email. This increases the chances of your server IP addresses being blacklisted, which can result in your clients’ email being blocked on that server. In addition to triggering a flood of calls from angry customers about their email service, these spam messages also drain your server resources, which can slow client website speeds.

Another website security statistic that impacts hosting providers is the number of websites being blacklisted by search engines. According to SiteLock data, the number of websites blacklisted by search engines is on the decline, which means that your clients can’t rely on search engines to notify them of website infections. That’s because when a client’s website is blacklisted, it won’t show up in search engines. If your customers’ websites are blacklisted, there’s a good chance they will wonder why they’re paying you for hosting when you can’t even ensure their website remains online.

Outdated CMS Platforms and Attacks on Websites

The same CMS platforms that make the development and maintenance of a website

accessible for millions of people also pose a major threat to hosting providers.

Many individuals build and manage their websites with CMS platforms such as WordPress, Joomla! and Drupal because they’re free, easy to use, and highly customizable. However, open source applications require regular core, theme, and plugin updates to remain secure. SiteLock website security statistics revealed that only 68 percent of WordPress sites were running the latest WordPress core version in 2018. This means that one third of all WordPress sites were vulnerable to attack.

While a consistent commitment to website security updates is essential, only 42% of website owners reported updating their applications monthly. This means that hosting providers who don’t monitor client sites to ensure their CMS platforms are up-to-date are more susceptible to frequent attacks on websites, which can damage their reputation.

According to research by StopBadware and Commtouch, 28% of companies whose websites are compromised consider moving to a new provider, which results in a loss of customers and revenue.

Good Bots, Bad Bots, and Website Attacks

Another growing website security issue impacting hosting providers is bot traffic. A bot is an automated program that completes simple, repetitive tasks at super-efficient rates. They fall into two major categories: good bots and bad bots.

Good bots are used by search providers to help with indexing websites, while bad bots are used by cybercriminals to identify websites with security vulnerabilities. They can then exploit these vulnerabilities to launch malware attacks on websites. A SiteLock study of 60,000-plus sites found that each week, more than 141 million visits to these websites were from malicious or suspicious bots. Since bad bots are proliferating rapidly, hosting providers should know how to protect their clients’ sites from them.

The impact bad bots have on you and your clients’ websites are significant, beginning with a drain on resources. Bad bots tax the web server, which can lead to increased bandwidth costs and a performance breakdown on the server.

More than ever, this extra performance matters. If a website loads in five seconds or less, your client’s business will enjoy 70% longer average sessions, and 35% lower bounce rates, according to research by Doubleclick. This means that by protecting your clients websites from bot traffic, you ultimately help ensure their success and satisfaction.

Protect Your Clients by Partnering With SiteLock

As these website security statistics demonstrate, it’s crucial for hosting companies to take action to protect their clients from cyberattacks.

As the host, clients rely on you to keep their website secure. This is both a serious responsibility and a major growth opportunity.

By partnering with SiteLock, you can tap into this area of growth, while improving client retention, reducing overhead, and setting yourself apart from competitors. And you also send a powerful message that you’re committed to protecting the website security of all your clients. Contact us today to learn more about the potential of partnering with SiteLock.

Here, we’ll answer both questions—showing you how to delete malware from your site and defend your digital presence.

Signs Your Site May Be Infected

How can you tell if you have malware? While some attacks are obvious—like a defacement hack that destroys your site’s appearance—most malware hides in plain sight, running malicious processes in the background.

The most obvious sign of malware is a host suspending your account or Google blacklisting your site. In these cases, visitors will be met with a suspension page or a warning from Google.

But if Google or your host doesn’t catch the malware right away, you may still notice other signs of an infection. These can include:

• Spam information in Google search results related to your website
• Unwanted pop-ups, downloads, or a redirect to a malicious website
• Unrecognized admin users added to your website’s CMS

None of these issues are desirable. However, they can be deterred.

How To Delete Malware From Your Site

Can malware be removed? The answer is yes (thankfully). But depending on your background, knowing exactly how to delete malware may be easier said than done.

Malware can infect your site files, database, or both—and removing it can be a highly technical process, often requiring specialized knowledge or help from a security partner. When bouncing back from an attack, you should have some experience modifying files and databases, as even the smallest mistake can take hours of work to undo.

Step 1: Back it up

Before attempting any cleaning or deleting, have a full backup available should you need to restore for any reason. If the infection happened recently enough, you may be able to simply restore from a pre-attack backup and undo the bulk of the damage. This doesn’t resolve the vulnerability that allowed malware into the site, but it can delete malware quickly.

Step 2: Investigate the issue

Connect to your files using your preferred method: FTP, SSH, or cPanel File Manager. If you’re in a shared hosting environment, your host is likely running a daily malware scan. When malware is flagged in these scans, the results are added to a file called “malware.txt” in your hosting root. This is invaluable, as it provides a path to each infected file. For dedicated or VPS users, an open-source antivirus engine like ClamAV will do the same thing.

Step 3: Carefully target the culprit

Malware is often added to legitimate and necessary files. In these cases, simply deleting the infected files can cause future site issues. If you’re using a CMS like WordPress, download a fresh copy for comparison. These CMSs contain “core files” which are the same from site to site, allowing you to compare your site’s file to a clean copy. Often, you can simply replace your file with a clean one to ensure it’s malware-free.

Top Tools For Malware Removal

While the process of manually cleaning or deleting malware can be involved, there are a host of helpful tools at your disposal. On top of that, you can proactively prevent infection with automated website scanning solutions and firewalls.

Still wondering how to delete malware from your site? Contact the SiteLock team today.

How to prevent malware from infecting websites built with CMS

Wondering how to prevent malware attacks? The answer depends on how your site is built.

Websites built with a content management system (CMS) like WordPress, Drupal, and Joomla are prone to certain vulnerabilities. When planning how to prevent malware attacks, one easy step is removing all unnecessary or unused plugins, themes, and admins from your site. That means deleting them entirely instead of merely disabling them— because more add-ons mean more exploitable entry points.

Another key step in how to prevent malware attacks is only downloading add-ons from reputable and well-reviewed sources—then maintaining your site’s active add-ons to ensure they are regularly updated. Plugins, themes, and other add-ons that have not received the most current security updates are common entry points for malware.

Lastly, when determining how to prevent malware attacks, it is important to exercise what cybersecurity professionals call “the Principle of Least Privilege.” That means restricting admin access to as few users as possible. The more people you grant admin access, the greater the chance of a bad actor causing widespread damage should one of their bots guess a user’s password.

How to prevent malware from infecting custom-built websites

Custom-built websites are generally more secure than websites built with a CMS, since portions of the site are not readily available as open-source download. But that does not mean they do not have vulnerabilities making them susceptible to a malicious attack.

Custom-built site owners do not receive alerts telling them that their software is out of date and updates are available. Owners of custom-built websites typically rely on a developer to administer site updates. It is up to the site owner to partner with trustworthy admins who are proactive in preventing malware attacks. Their developer will need to stay up to date on security risks as they review and revise the code they have written.

For this reason, site owners should avoid cost-cutting when hiring a developer to build their custom website. Think of the money spent on a good developer as an investment in the security and longevity of your site. If you cut costs during the development phase, you will only end up paying the price later on after bad actors inevitably exploit vulnerabilities in poor code.

Be proactive when deciding how to prevent malware infection

Whether your site is custom-built or powered by a CMS, it is going to carry security risks that need to be closely monitored. When determining how to prevent malware attacks, it helps to be proactive. In addition to the tips listed above, products like automated security scans and web applications firewalls (WAFs) are great tools that can help prevent harmful malware from corrupting your site. Think you might be infected with malware? Contact us today to speak with a security specialist and discover how we can help you and your website.

1. Unwanted access and entry-points.

Open entry points through outdated themes and plugins, escalated privileges, and unnecessary admins leave your website susceptible to access by anyone, regardless of permission level. This puts your content and data at risk.

2. The spread of malware through file uploads.

When your site’s themes and plugins are out of date, file uploads become increasingly risky leading to a range of WordPress security issues. Your site’s inability to detect the latest in malware leaves it unprotected and enables malware to enter your site.

3. SEO spam complications.

From fake login pages and phishing messages to unwanted redirects and hidden (or even rewritten) code changes, undetected spam puts your site and its information at risk.

4. Cross-Site Scripting attacks.

Cross-Site Scripting (XSS) attacks are a big threat to WordPress sites, especially if they contain outdated themes or plugins. The attacks are largely invisible, and there may be no way for your site (or its end-users) to tell it has an XSS vulnerability. If not prevented with regular maintenance, the attacks can be dangerous.

5. SQL injections.

SQL injections are another one of the common WordPress security issues you may encounter. Susceptibility means your site’s data can be accessed by attackers, compromising company data, user lists, or private customer details, putting all parties at risk.

Updating your WordPress themes and plugins regularly means more security updates and greater website security overall, saving you from the WordPress security issues listed above. If you can do this, the next time you ask yourself “Is my WordPress site not secure?” you’ll end up with a more confident and satisfying answer.

Want to learn more about WordPress malware removal, website scanning, and website security? Contact SiteLock today to discover how you can protect your site from harmful, unwanted hacks.

Here are some best practices when determining how to make your WordPress site secure.

Tip #1: Manage Plugins

Out-of-date plugins are one of the biggest threats to a WordPress site’s security. Even disabled plugins pose a threat if they aren’t updated. When deciding how to secure a WordPress site, update the plugins you’re using and completely remove plugins you aren’t. If you change your mind, plugins can be reinstalled with minimal effort.

Tip #2: Limit Themes

Whether you’re using one of WordPress’s built-in themes or a theme from another source, themes installed on a WordPress site need to be updated regularly. Like plugins, out-dated themes are prime entry points for malware—so remove all themes aside from the ones you’re actively using when planning how to make your WordPress site secure.

The most secure setup is the parent/child theme consisting of two themes designed to work together. The “child” theme” is the customizable active theme the parent theme is updated regularly for security updates.

Tip #3: Limit or Remove Admins

When determining how to secure a WordPress site, it’s best to have just one admin. More admins means more opportunity for bots to guess their passwords—which means more opportunity for bad actors to gain access to your site. This is especially true when unused admin accounts are allowed to sit idle.

Tip #4: Keep WordPress Updated

Most of WordPress’s updates are designed to enhance security, so running the latest version of the platform is key. This includes making sure the themes and plugins you’re using are updated and functional with the latest WordPress version, otherwise the site is left vulnerable.

[H3] Going Forward

Right now, your WordPress site is likely vulnerable to hackers—but it doesn’t have to be. By following the aforementioned best practices, you can mitigate risk posed by commonly exploited vulnerabilities and learn how to secure a WordPress site with ease.

Of course, it’s better to be proactive when it comes to site protection. Investing in security solutions, like automated website scanners and web applications firewalls (WAFs), will save you time, money, and headaches.

Has your site already been compromised? Put us on the case.

WordPress provides a free, open-source platform for website owners and builders alike, offering a range of themes and plugins that make it easy to use and simple to maintain. However, these perks don’t come without weaknesses. The open-source nature of the platform and its many plugin options pose some security risks, ones that many owners fail to account for.

From the top preventative measures, you can take to the best WordPress security plugins you can install, here’s everything you need to know about optimizing the security of your site.

Getting up to speed on security

Generally speaking, your WordPress website is secure until one crucial point: when you or your developer starts altering the template or customizing the design. The more plugins added, the more admins granted access, and the more modifications made, the more vulnerabilities and entry points your website opens up. WordPress security plugins can counteract these openings—closing windows and doors that put you at risk, minimizing entry points, and maximizing security and permission settings.

Security plugins are a valuable tool. But at the end of the day, the better you are about keeping your plugins up to date, secure, and maintained, the less likely you’ll need to install additional WordPress security plugins—and the more likely you are to catch an issue before any damage is done. Because even the best WordPress security plugins can be installed too late.

This post will cover everything you need to know about WordPress security plugins and their vulnerabilities, showing website owners how to maximize site security in both the short and long term.

Best practices for WordPress plugins

When it comes to assessing the security risks of both WordPress security plugins and standard plugins, it’s important to be as clear as possible on how plugins actually function. The risks center around one reality: every time you install a plugin, you’re trusting another developer to run their code on your website—and simply hoping they’re doing the right thing. It’s no surprise, then, that the majority of breaches stem from someone finding a vulnerability in one of these plugins, selling it, and exploiting it across multiple devices and platforms.

The potential reward for this type of malware is undeniable. With WordPress sites making up more than a third of all websites on the internet, just one vulnerability can lead to infections across tens of thousands of subsequent sites and devices. But being aware of the baseline risk of plugins—even of the best WordPress security plugins—can help you become more vigilant about minimizing their vulnerabilities. Below are some best practices for maximizing your plugin security.

1. Read the reviews.

As you search for your next WordPress plugin, look for options that have four- or five-star ratings, not two- or three-star ratings. Lower ratings can indicate a variety of things, but the bottom line is that users have had issues with them in the past and downloading them can put you at risk of the same. So, before clicking “install”—even on a WordPress security plugin designed specifically to protect your site’s safety—ensure you’re sticking to options that rank at or above a four.

2. The more downloads, the better.

In the same place where you check reviews, you can check the number of downloads and active installs of any given WordPress plugin or WordPress security plugin. The general rule of thumb is simple: the more downloads, the better. Look for plugins with a download number in the hundreds of thousands. This doesn’t just mean it’s particularly popular; it means a lot of people have tested it. If you install a plugin that has only been downloaded 50 or 100 times, you can pretty much consider yourself part of its test phase—and that sort of uncertainty isn’t safe or secure.

3. Make sure it’s been recently updated.

Be sure to check that the plugin you’re considering installing has been updated within the last six months, roughly. Though there are certainly exceptions to this rule, it’s a good general standard. And you’ll be surprised how many haven’t been. If a plugin hasn’t been updated in four years, that’s four years of missed security updates. And that doesn’t just tell you it’s not secure right now; it tells you it probably won’t be for the foreseeable future, either. But keep in mind: some plugins (including WordPress security plugins and those more likely to be targeted by attackers) will need to be updated more frequently than others. It all starts with knowing what’s standard—and using that as a baseline to determine which of your options is most secure.

4. Prioritize regular maintenance.

When it comes to keeping up with your own website updates, the same rules apply. Regular and consistent updates are key to keeping your site secure—and many people fail to stay on top of them. Maybe you didn’t know your plugins needed maintenance and regular updates. Or maybe you figured: if it’s not broken now, what’s there to fix? In reality, prevention is paramount. Maintaining plugins and any necessary security updates keeps your site safe—and it doesn’t have to be a chore. As plugins have become more common, many have the option to be set to auto-update, including most WordPress security plugins. Turning on auto-update can prevent you from needing to constantly check in on your site, while still providing the security and peace of mind you seek.

5. Stay informed.

Oftentimes, website owners don’t even realize their sites have plugins, let alone that they require regular maintenance to stay secure. If you hire an outside developer to build your site, be sure to ask whether there’s anything you need to do to keep up with your site’s security, and consider encouraging them to download WordPress security plugins alongside any others they choose to install. Staying up to date through resources like the one you’re reading now—and regularly logging into the admin portal of your WordPress site—can help you gain a clearer picture of where your current security level is, and where it needs to be going forward.

Proactively protecting your WordPress site may start with these best practices, but there’s no limit to how many precautions you can take—or the difference they can make in the event of a breach. Other cybersecurity measures, like a Web Application Firewall (WAF) or an automated scanner, can help you ensure any potential threats are identified and mitigated quickly and effectively. For more tips, tools, and tactics for maximizing the security of your WordPress site, get in touch with SiteLock today.

Given current data and our current environment, holiday shopping will undoubtedly be an exclusively online experience. Whether you are new to the Ecommerce game or not, all online retailers need to be prepared to face an influx of traffic during the holidays and be sure to take the necessary precautions in order to avoid any unwanted disruption or downtime. Small Business Trends states that 64% of shoppers who are dissatisfied with their online shopping experience will likely shop somewhere else next time and 46% of customers will not revisit poor performing websites. In order support your business and retain both new and returning customers, it has never been more important to get proactive about protecting your site and delivering a great customer experience.

Additionally, with the average website experiencing 94 attacks per day, and an estimated 12.8 million websites infected with malware worldwide, the surge of traffic online shopping will create during the holiday season is sure to attract the attention of cybercriminals looking to steal sensitive customer information. In order to ensure your site and your customers are protected, it’s critical to take proactive measures and have the right security solutions in place. For example, become PCI Compliant if you haven’t already. You’ll reduce the risk of fraud for your customers while avoiding a hefty fine that might cost you $100,000 or more. You can also use a website scanner to proactively check for malware or use a web application firewall with a CDN to help speed up your website and ensure only legitimate traffic hits your website.

Additional Tips for Improving Ecommerce Performance

Ensure that your customers are safe and protected when shopping on your site this holiday season. Be proactive by:

• Review and check your systems and web applications – These should be updated regularly to ensure maximum performance. Also, remove any applications that are not currently being used. This can help keep your systems from getting any unwanted malware and/or infections.
• Use a CDN – consumers will abandon your site if it takes longer than 3 seconds for your site to load. A CDN can speed up your website and ensure only legitimate traffic is allowed in.
• Do not store information if you do not need to – Remove any sensitive customer data (i.e. credit card and bank account details if it is not necessary for your business).
• Secure your site – Make sure you are using a secure shopping cart with an SSL certificate to encrypt data (i.e. credit card details).
• Display a security trust badge – Having a badge displayed builds trust and verifies your site is regularly tested for security protocols and is clear of vulnerabilities and malware.

These tips will help establish confidence in your customers and ensure they are shopping in a secure and safe environment.

What Makes a Website Secure?

Website security is any action or application that protects sites from security threats, exploitation and prevents website data from being intercepted. If you have ever conducted a search on what type of technology provides secure access to websites, you have likely seen the term encryption. Encryption refers to a cybersecurity measure that encodes website data so cybercriminals can’t read it. Only users with the correct encryption key can access this encrypted data. This means encryption helps prevent your website data and your visitors’ personal information from falling into the wrong hands in the event of a breach.

How Encryption Helps Secure Your Website

Most websites use the data encryption mechanisms TLS (Transport Layer Security) or SSL (Secure Sockets Layer) to protect site and user data as it’s transmitted to and from the website. You can tell that a website uses SSL or TLS if its URL has a padlock icon in front of it and begins with “https” instead of “http.”

When users connect to a website using TLS or SSL, certain authentication standards are activated. In other words, your browser asks the website server to confirm its identity. During this authentication process, certification authorities like VeriSign or Symantec verify the registration and identity of the server. This ensures the website and server are secure and set up to protect user data.

Now that you have a better understanding of encryption and how this technology provides secure access to websites, consider taking it one step further. Contact SiteLock today and ask about our free Risk Score Scan now to get detailed information on your site’s overall health and security or contact us for more details about our products and services.

To guard against cyberthreats, it’s crucial to perform a website security check on a regular basis to help protect your bandwidth, traffic, visitor data, and reputation, as well as reduce your chances of getting blacklisted by Google.

How To Check A Website for Security Vulnerabilities

Though much of what we use the web for is positive, there are many hidden threats lurking in the background. These threats can harm or hijack websites and use them for malicious purposes. This is why it is important to check a website for security vulnerabilities and malware. Ensure you take the following actions during your website security check:

Look for warning signs of malware

One of the simplest steps you can take is looking out for common signs of a malware infection. Common warning signs include a rapid drop in traffic, a site that freezes or crashes, or unauthorized changes to account logins. If you notice unusual changes in search engine results, or if Google blacklists your site, those are also warning signs of malware.

Know the common website vulnerabilities

It’s also essential to be aware of common website vulnerabilities, which are weaknesses in your site’s code that hackers can exploit. Some of the most common types of vulnerabilities include SQL Injection Vulnerabilities (SQLi), Cross-Site Scripting (XSS), and Cross Site Request Forgery (CSRF).

Regularly check for vulnerabilities

Website owners should frequently check their website for security vulnerabilities and take steps to prevent them. These steps include regularly updating applications, investing in an automated malware scanning solution, and using a web application firewall (WAF) to block malicious traffic.

How Secure is Your Website?

Luckily, there are many solutions to help you check your website for security vulnerabilities. Before selecting one, it is important to understand what threats your site is facing.

Learn more about securing your website with SiteLock today. Contact us and speak with one of our specialists who can review the health of your website.

What Does It Mean When a Website Is Not Secure?

So, what does it mean when a website is not secure in today’s world? Most web browsers alert users if they view insecure web pages by displaying a “Not Secure” warning. This indicates the web page is not providing a secure connection to visitors. When your browser connects to a website, it can either use the secure HTTPS or the insecure HTTP protocol. If a site’s URL begins with HTTP, it means the connection is insecure, which triggers the “Not Secure” warning.

What Happens If a Site Isn’t Secure?

When a website says not secure it can have serious consequences, especially if it is an eCommerce site. Insecure websites are vulnerable to cyberthreats, including malware and cyberattacks. If your site falls victim to a cyberattack, it can impact the site’s functioning, prevent visitors from accessing it, or compromise your customers’ personal information. In addition, a cyberattack can damage your company’s reputation and cost you customers. Research shows if your customers’ confidential information gets compromised, 65% of them won’t return to your site. Along with the loss of customers comes a loss of revenue, which can be especially devastating to small businesses.

How to Secure Your Site

There are a few ways to secure a site when a website says not secure. One important way to secure your website is by installing an SSL certificate. This establishes a secure connection for visitors and changes your URL to begin with HTTPS, indicating your site is trustworthy.

In addition, it’s crucial to partner with a reputable cybersecurity provider offering website security solutions. These include automated malware scanning and removal, vulnerability patching to address weaknesses in your site, and a web application firewall (WAF) to block malicious traffic.

As we wrap up Cybersecurity Awareness month, remember to secure your site, and understand how to identify any potential vulnerabilities it may have. If you're currently dealing with a hacked website, learn about SiteLock's website hack repair services for immediate help.

How to Make a Website Secure in 6 Steps

When it comes to web security for business owners, here are six simple steps how to make a website secure.

1. Install an SSL certificate

These days, installing an SSL certificate on your site is a must. An SSL certificate protects your data as it travels between your site and the server. This makes it more difficult for cybercriminals to intercept sensitive information such as credit card numbers. Many hosting providers offer a free SSL certificate, but if you handle credit card information, it is recommended that you purchase one as it has more security benefits (i.e. longer certificate lifespan – Extended Lifespan (LV), tech support and a warranty).

2. Sanitize input fields

Cybercriminals often access a website’s database through its contact forms. To prevent this, ensure form data is formatted properly within each input field before it’s submitted. You can accomplish this by predefining what a visitor can type in each field. For example, you might only allow letters and hyphens in the name field. Regularly sanitizing the input fields on your website is important for securing your database.

3. Use client- and server-side form validation

It’s also crucial to check the data in each form field before it’s submitted to prevent malicious data from entering your system. You can implement client-side validation using JavaScript to review form data and ensure it’s acceptable before submitting it to your web server. As an added precaution, use server-side validation so your server can also review the data before accepting it.

4. Scan for malware

Another important step for how to make a website secure is regularly scanning for malware. You can simplify this process by investing in an automated website malware scanner that monitors your site for threats 24/7. For added security, opt for a solution that automatically removes any malware immediately upon detection.

5. Implement vulnerability patching

Website vulnerabilities are weak points in your website’s code that cybercriminals can exploit to gain control of your site. These vulnerabilities are often caused by outdated plugins or CMS (content management system) software. To safeguard your site, you can invest in a vulnerability scanner to find and patch site vulnerabilities.

6. Use a web application firewall

Finally, business owners can implement a web application firewall (WAF) to provide an additional layer of protection for their websites. A WAF monitors all incoming and outgoing traffic to your website and blocks unwanted traffic, malicious bots, and cyberthreats from reaching your site.

Keep Website Security Top of Mind

It’s also important for businesses to make cybersecurity a company-wide priority. Here are a couple of ways to help ensure security remains a priority within your organization:

Update plugins and applications

Since vulnerabilities are often caused by outdated plugins and applications, you need to keep them updated. Make sure to regularly check for updates and install them immediately to reduce your risk of vulnerabilities, this will help make your website secure.

Delete unused plugins

You should also review your website plugins often to ensure they are up-to-date. If you discover that you are no longer using certain plugins, it is best to delete them from your website.

Educate Employees on Security Best Practices

Finally, since your employees are considered the first line of defense when it comes to security, it’s crucial to provide ongoing education and training. Below are some important best practices that can help enhance overall security for your business:

Security awareness training

Provide security awareness training for all employees and ensure this training is delivered consistently each year in order to ensure your employees stay informed about cybersecurity and how to prevent security threats.

Learn to identify phishing attempts

Be sure to educate employees about the warning signs of phishing emails and how to avoid falling victim to these ever-growing attacks. Also consider running phishing simulations to help employees identify phishing emails more effectively.

Get familiar with common cyberthreats

Teach your employees about other common cyberthreats, including ransomware, DDoS attacks, and malvertising. Also teach them how to identify these cyberthreats and what actions to take if they encounter them.

Enforce the use of secure passwords

Employee security training isn’t complete without stressing the importance of secure passwords. Ensure your training covers best practices for setting secure passwords, such as avoiding easy-to-guess passwords and choosing unique passwords for each account.

How Secure is Your Website?

There are many proactive cybersecurity solutions available today on how to make a website secure. Before you choose one, it’s important to understand how your current website security strategy measures up.

Want to learn more about keeping your website safe and secure? Contact us and speak with a security specialist today.

3 Types Of Malware That Collects Bits Of Data

Spyware is a type of malware that collects bits of data and tracks your online actions without your knowledge. Most commonly, this type of spyware aims to record your internet usage data and collect sensitive information such as passwords and credit card numbers.

A rootkit is a type of malware that collects bits of data that affects a hosting server or website. Rootkits give unauthorized users access to your website and allow them to take it over. They are notoriously difficult to detect, which means they often inflict harmful ongoing damage.

Card sniffers are spyware that cybercriminals embed in the shopping cart pages of websites. When online shoppers attempt to check out, these card sniffers intercept their credit card information and can send it into the hands of cybercriminals.

Another type of malware that collects your data is a keylogger, which records every keystroke you make. This means keyloggers can record any sensitive information you type, including bank account numbers and login credentials. Although keyloggers aren’t website-based attacks, it’s possible to download them accidentally by visiting an infected domain or clicking on a malicious link.

Website malware that collects your data can have serious consequences for website owners. If spyware infiltrates your website or shopping cart pages, it can target your visitors and steal their sensitive information. If this happens, they’re unlikely to return to your website, which can cost you revenue and seriously damage your reputation.

Cybersecurity Solutions Can Protect You From Spyware

Fortunately, there are cybersecurity solutions to protect your website from spyware. To know which solution is best for your website, you need to understand your site’s chances of being compromised and your current security needs.

SiteLock’s Risk Score Scan evaluates your website’s risk of compromise, and provides high-level data on the overall health of your site. Contact us to discuss to a free scan and uncover your site’s risk score today.

How Dangerous is Website Malware?

So how dangerous is malware when it comes to your website? It is highly dangerous, as it can inflict damage in many different ways. Common types of malware for websites include defacements that change your site’s appearance and redirects that send your visitors to malicious sites. Backdoors are a type of malware that give cybercriminals access to your website without your knowledge. Malware can also appear as SEO spam or hide in advertisements. Once on your site, it can steal customer data, spread more malware, and result in Google blacklisting your site. For these reasons, all website owners need to implement cybersecurity solutions to protect their site and visitors.

How Website Malware Impacts Businesses

Malware can have especially severe consequences for business websites. For instance, malware can damage your site’s overall rankings, or result in Google removing or sandboxing it from their search results. This prevents visitors from accessing your site, resulting in a drop in traffic and potential customers. Malware can also make your website appear untrustworthy and damage your reputation, costing you customers and revenue. And if your customers’ sensitive data gets compromised, 65% of them probably won’t return to your site. As a result, many businesses are unable to recover from a website malware attack, and 60 percent end up closing within six months of a cyberattack.

Protect Your Business with Cybersecurity Solutions

The good news is there are many cybersecurity solutions businesses can invest in to protect their sites from malware. To choose the right solution, it’s important to understand your site’s risk of being compromised. Contact us today to learn more about our solutions

Spotting Signs of an Attack

Certain malware attacks will be detectable almost immediately. Even the most untrained eye can spot website defacements, where hackers mask existing site content with a message or image of their choosing. While defacements generally make up only a relatively small portion of malware attacks, even more inconspicuous malware might leave traces of its work that are detectable by website owners, visitors, or both.

Other obvious signals of a malware-infected website include unauthorized modifications to your account login information, missing or modified website files, pages that freeze or crash, or a significant decrease in site traffic. Additionally, when your hosting company detects malware, you may receive a notification, which could lead to an account suspension. Search engines could even “blacklist” your site if evidence of malware is completely conclusive.

Signs of an attack are never a good thing — particularly for small business owners. A malware attack can have lasting consequences. For example, if your website is suspended or blacklisted, it could erode customer trust, damage your reputation, and even lead to a decline in revenue, regardless of whether your website serves as a primary point of sale.

How to Get Rid of Malware From Your Website

For those who don’t consider themselves particularly tech savvy and may not know how to get rid of malware from a website, outsourcing malware removal to a security expert (such as a cybersecurity provider) is likely your best bet. Once malware is removed, website owners should make it a best practice to use proactive cybersecurity to prevent re-infection. For instance, you can use a website malware scanner that monitors your website daily and automatically removes malware when it is detected.

For tech-savvy individuals, such as developers, manually removing malware themselves may be the best option. It’s important to note that removing the malware will take up more internal time and resources, so that should be taken into consideration.

If you do decide to extract malicious code yourself, here’s how:

Identify the source. First, you will need to identify the source of the malware. You can accomplish this through a file manager, local file search, or command line. Most web hosts offer file managers, though they’re generally optimized for basic file modification, rather than for specific content searches.

A local search — as its name suggests — involves downloading the contents of your live site to your local machine, making the search process a little simpler. Gaining access to a command line is rare in a shared hosting scenario. But if you have it, you can perform a far more nuanced search. With it, you can find files that have been recently modified as well as specific contents within files.

Look for the right clues. When you do find the files you believe may have been infected, look closely for common syntax used by attackers when injecting malware into a site.

Remove the malware. Once you’ve identified the corrupt files, remove them, and your site will be malware-free. While it’s possible to manually remove malware, we always recommend using a website scanner for speed and accuracy. The SiteLock SMART scanner, for example, automates malware detection and elimination. It uses a file transfer protocol scan to download, inspect, and clean website files. Then, it uploads those files back to the host server without disrupting the user experience.

Protect Your Site Against Malware

Every website owner should know how to get rid of malware from their site, however defending against it is a continuous ongoing effort. While cyberthreats are vast and increasing in sophistication, you can help defend your site being proactive about cybersecurity. Contact SiteLock today and we can scan your website and provide you with detailed information regarding the health and security of it, as well as potential threats.

What is Malware?

Though there are many different types of Malware, or malicious software, it is basically any type of software that’s designed to damage a computer, website, or network. A malware infection can cause all sorts of problems, including granting cybercriminals access to your site, embedding malicious ads, or changing your site’s appearance. It can even result in your site being removed from Google’s search results. And if you own a business website, a malware attack can cost you revenue and customers.

The Most Common Types of Malware

Although malware takes many different forms, certain types of malware are more common than others. Here are the nine types of malware you’re most likely to encounter as a website owner.

Ransomware

In a ransomware attack, cybercriminals encrypt your website files so you can’t access them, and then demand you pay a fee to get them back. Unfortunately, there’s no guarantee that your files will be restored, and even if they are, they’re often permanently corrupted. Keeping regular site backups can help you recover your files following a ransomware attack.

Fileless Malware

One of the most difficult types of malware to detect is fileless malware. This is because it doesn’t work through executable files but instead exploits legitimate programs on your operating system to inflict damage. Since they don’t use files, traditional antivirus programs and endpoint security solutions are often unable to recognize fileless malware.

Spyware

Spyware is malware that is installed on a user’s device without their permission and steals their data. This includes sensitive information such as credit card numbers, bank account information, and passwords. There are numerous types of spyware, such as adware, tracking cookies, and system monitors that can detect virtually anything you do on your computer.

Trojans

Trojans are a type of malware that doesn’t self-replicate, appears as legitimate software, and tricks users into thinking it’s harmless. The danger is that once Trojans breach your device or website, they can install or download other malware that inflicts more harm onto your computer.

Worms

A worm is a malicious program that self-replicates and is highly infectious, spreading from computer to computer and throughout networks. Unlike viruses, a worm is a standalone program that doesn’t require the user to activate it. Worms can cause all sorts of damage, such as corrupting website files, stealing data, and draining system resources.

Viruses

A computer virus is a malicious code or program that interferes with a computer or website’s functioning. Once executed, it can easily spread to other computers, including those of your website’s visitors. Viruses can inflict harm in many ways, such as logging your keystrokes, stealing sensitive information, and corrupting your files.

Rootkits

Rootkits are a variety of malware that grants unauthorized users access to your computer or website. Insidious by design, they allow cybercriminals to take over your website or device without your knowledge. Since they’re so difficult to uncover, a rootkit can remain on your system or website for a long time and inflict ongoing damage.

Keyloggers

Unlike other forms of malware, keyloggers are not a threat to systems themselves they infect. Keylogger is a type of software that records every keystroke a user makes, usually without their awareness. Cybercriminals primarily use keyloggers to gain access to your customers’ passwords, account logins, and other confidential information. Then they can access their financial accounts, steal their identity, or sell their personal data to third parties.

Bots and Botnets

A bot is a program that carries out designated tasks automatically, commonly over a network. Although many are harmless, there are also malicious bots that can launch cyberattacks or steal sensitive data. A botnet is a network of computers that are infected with bot malware, which cybercriminals use to commit all sorts of crimes, such as launching malware attacks on other sites.

Protect Yourself Against Malware

Fortunately, there are many malware removal solutions website owners can leverage to automatically clean malicious content for their websites. In addition, website owners should make it a best practice to implement other proactive cybersecurity solutions, such as daily malware scanning and a web application firewall (WAF), to protect their sites from these different types of malware. Before choosing a solution, it’s important to understand the current health of your site.

SiteLock’s free Risk Score Scan reviews your website and calculates your website’s risk of compromise, providing you with detailed information regarding the health and security of your site, as well as potential threats. Contact us today to inquire about getting your free Risk Score.

Want to learn more about malware? Check out these additional resources from SiteLock:

• What is Malware?
• The Evolution of Malware
• Ways Malware Can Get Onto Your Site
• The Dangers of Malware
  • The Effects of Malware on Small Businesses
• How to Check Your Website for Malware & Common Signs
• How to Check Databases for Malware
• Ways to Protect Your Site
• How to Remove Malware
• Malware Analysis Series:
  • Signature Based Analysis
  • How a Signature Is Born
  • Detection vs Removal

A data breach, ransomware attack or other digital attack that knocks your website offline can cost your business anywhere from thousands to millions of dollars in remediation, lawsuits from customers and fines by regulators. These kinds of crimes are rampant and target businesses of all sizes. The problem is so severe and widespread that Cybersecurity Ventures projects that cyberattacks will cost organizations worldwide $6 trillion by 2021.

Many smaller businesses—about 60%–never recover from a cyberattack. So, protecting your website from cyberattacks is one of the most important and most cost-effective business decisions you can make. Exactly how cost-effective can this be for a business?

Continue reading to learn more about the top costs associated with website compromises that impact businesses of all sizes.

Cyberattacks disrupt and even destroy businesses

Maybe one of your employees clicks on a phishing email and accidentally gives away his work email login information. Maybe someone forgot to fix a website security vulnerability when the patch was published. Either way, now your databases haves been encrypted by attackers. The site is down, and the criminals want money to unencrypt the data. But they’ve also copied the data and plan to sell it online whether you pay up or not.

And data isn’t the only business asset that ransomware can target. Some criminals use ransomware techniques to exploit business computers for cryptocurrency mining. That stealthy hijacking of business computers diminishes the CPU power available for business operations, raises the company’s electric costs and wastes help desk and IT resources to diagnose and resolve the problem.

What’s the financial impact?

These scenarios happen to businesses all too often. There were more than 151 million ransomware attacks in 2019. The average amount that businesses pay to recover their data is $44,021. That’s a financial impact many businesses can’t bear. Apart from the cost of the ransom or the resource waste of a crypto jacking attack, website outages due to ransomware attacks cause businesses to lose money for as long as the site is unavailable to customers, vendors and employees.

That leads us to the next costly cyber risk to your business – unplanned downtime.

Unplanned downtime cuts off business revenue

How much money would your business lose if hacking, corrupted files, defacement, ransomware or a DDoS attack shuts down your website? It depends on the size of your business and the volume of sales you do through your site.

For more than 75% of SMBs, the cost of downtime was $40,000 an hour or less. For the rest, the cost of downtime was more than $40,000 per hour. Typical downtime costs related to DDoS attacks, which can crash sites with spurious requests and traffic, are more than $120K for SMBs and more than $2M for enterprises.

Why is downtime so costly? It’s largely because your customers can’t reach you while your site is out of commission.

Downtime and breaches drive away current customers and make acquiring new customers harder

When customers arrive to find your site offline (or worse, defaced with messages from attackers), they may take their business somewhere else, either because they no longer trust your site to protect their data or because they don’t want to wait for your business to get back online.

Businesses that suffer a data breach can count on at least some customer abandonment. How many customers could you lose? One survey found that 21% of U.S. customers abandon businesses permanently after a security breach, while more than 40% of UK and Australian customers will never return.

Any loss of customers results in a lower average lifetime value per. Moreover, a business whose reputation is damaged by a high-profile data breach or website takeover may have a hard time attracting new customers, resulting in the need to spend more to acquire each one.

Your investment in your business can be wiped out by cyberattacks

All it takes it one successful cyberattack to wipe out the money you’ve invested in building your business. The costs of remediation and recovery are more than many businesses can afford, and standard business liability insurance policies don’t fully cover cybercrimes.

Even if your business survives a cyberattack, the incident can have far-reaching financial consequences into many areas of the business. The average enterprise-level business spends 10% of its company revenue on marketing, according to Gartner’s CMO Spend Survey 2019–2020. The negative publicity that can follow a data breach or other cyberattack can undermine that marketing investment and force your business to spend more on campaigns to rehabilitate your brand image.

Deloitte found that “legal costs can cascade” for a business long after a breach is detected, “as stolen data is leveraged in various ways over time.” Businesses that have government contracts may also be at risk of losing those deals in the wake of a cyberattack. And if your business’ intellectual property is stolen in a breach, it could take years to recover from that lost investment.

Save money and protect your business with comprehensive cybersecurity

Experiencing a cyberattack risks everything you’ve invested in your business, including your livelihood and your employees’ income. Investing now in cybersecurity can protect your revenue stream and your assets as well as your customer base, your brand image and your reputation as an employer.

Contact us today to learn how you can protect your investment in your business with cybersecurity.

Businesses of any size can fight back by providing their employees with cyber security awareness training and implementing other security best practices across their organization. This kind of cost-effective program can help your employees to understand cyber threats. That knowledge can empower them to protect your organization by spotting red flags and reporting them to IT.

Considering the many ways cybercriminals target employees and the costs of cybercrime to employers, it’s a wise investment.

Why do criminals go after employees when they attack companies?

Human nature is the weakest link in just about any business because employees can be:

Distracted: A busy employee may not realize an email that says it’s from the boss actually comes from a fake email address. That’s especially likely if an “urgent” message arrives at the beginning of the workday, while they’re still settling in.

In fact, the most popular time for criminals to send emails targeting workers with funds-transfer scams is 9 a.m. on a Tuesday. An employee who just arrived at the office or opened their laptop at home may hustle to fulfill the request, not realizing that the invoice they’re paying doesn’t come from the CFO’s real email address. That same employee might not think twice before opening an attachment in an email that appears to come from their manager, only to learn the attachment contained ransomware when it’s too late.

Pressured: Cybercriminals know that no one wants to be held responsible for causing a business interruption or missing an important meeting. When an employee gets an email saying their office’s power is about to be shut off if they don’t make a payment immediately, they may shift into reactive mode before they check the source of the message. Depending on the scammers demand, they might transfer funds or visit a phishing site to “log in,” which provides hackers access into their account.

Likewise, an employee who gets a message that they missed a meeting may follow the instructions in the notification and enter their Microsoft account credentials into a phishing site before they pause to check the source of the message or whether they really did miss a meeting.

Misled: Many organized cybercriminals are sophisticated about tracking executives’ schedules and crafting authentic looking emails to impersonate them. Some organized cybercriminal groups do this at scale by purchasing lists of executive contact information from legitimate data brokers – the kind of information that sales teams use for prospecting. One such group was caught with a list of tens of thousands of finance executives, which they were using to target the executives’ assistants with phishing emails and wire transfer scams.

Unaware: Password hygiene is a huge problem that puts personal and business data at risk. Many employees are unaware using the same password across multiple personal is a significant security risk. The reason many employees use the same passwords across all work accounts is simple – they can keep track of them all. In fact, 86% of Americans say they keep track of their passwords in their heads, rather than using a password manager. That means they’re using easy to remember passwords that are easy to guess or crack. Given that the average user has at least 70 password protected accounts, it’s unlikely that they’re all unique. However, most people don’t realize that their password shortcuts come at a price – they make it easy for criminals to break into all of those accounts with one “skeleton key.”

Many employees also aren’t aware of the full range of possible phishing channels, including SMS, voice and social media, in addition to email. That means they may let their guard down in those other channels, even if they’re careful when using email.

How do cybercriminals target employees?

It’s important to keep in mind that criminals are always trying out new techniques for stealing data and breaking into company networks. However, attack methods that target employees are consistently popular because they’re effective.

Phishing exploits the fact that almost none of us can spot a well-crafted phishing email. That’s a major reason that 94% of all the malware that infects organizations arrives via email. Worldwide, phishing attacks cost organizations $17,700 per minute by leading to theft of funds, data losses, and fines and lawsuits after breaches.

Business Email Compromise (BEC) is similar to phishing. It works by impersonating executives in email messages to people who work for them. These often sophisticated impersonations can trick employees into rerouting direct deposits and paying fake invoices. The FBI says BEC caused half of all US cybercrime losses in 2019, at a total of $1.77 billion.

Account takeovers happen when employees fall for phishing scams, use weak passwords or reuse a password that gets breached. The Ponemon Institute reported in 2019 that 47% of SMBs had been the victims of attacks that started when criminals compromised an employee password, at an average cost of more than $384,000. However, most companies don’t ensure that their employees use strong, unique passwords.

Man-in-the-middle attacks take advantage of employees’ insecure connections to company systems over public Wi-Fi, home routers that aren’t properly password protected, or vulnerable cloud-based conferencing tools. When attackers can “listen in” as data moves from remote employee to employer system, they can capture sensitive information like employee passwords and company financials.

To keep your business secure, train your employees to avoid cyberthreats on the job.

How can you help your employees stay safe and protect your company’s data?

Start by implementing security policies that require employees to verify “urgent” requests for funds transfers or requests to reroute payroll deposits should be double-checked by phone, via teleconference or in person.

You can also require your employees to use strong, unique passwords for each company account and device they have access to. Remote workers should only access your system and teleconferences via secure connections such as a company VPN, while avoiding public Wi-Fi and unapproved conferencing applications.

Remind your employees of security best practices. For example, everyone at your company should get in the habit of checking the email address, not just the sender name, for all incoming messages before responding. Your employees should also avoid clicking on links or opening documents in unexpected emails.

You can also encourage your employees who work from home to check and change their home wireless network and device passwords. Default passwords are usually available online and hackers can search remotely for vulnerable equipment to hack.

Provide ongoing cyber security awareness training to employees to prepare them to be your first line of defense against cyberattacks. For example, Security Awareness Training and Phishing Simulations should offer comprehensive employee resources to get better at spotting threats.

Security awareness training helps keep your employees up to date on the latest threats and gives them tools to avoid becoming victims.

Phishing simulations give your employees hands-on experience detecting and avoiding scams, without putting your systems at risk.

Convenient, quick delivery of training resources makes it easy to train new employees fast and lets current employees refresh and build their skills.

Continual reinforcement of cybersecurity concepts and best practices helps you create a culture of cybersecurity in your organization.

Employee progress metrics show you who’s got the basics down, who’s an advanced security-awareness student and who needs more review and support to stay safe.

Remember, cybercriminals target employees because they expect them to be the weakest link in a company’s security defenses. But with training, your employees can learn to protect your business and become important assets in your organization’s cybersecurity strategy.

Learn more about how SiteLock can help your employees get cyber-savvy and protect your business against costly breaches and scams.

To avoid the harmful impacts of a cyberattack, businesses should get proactive about protecting their site now, before the damage is done. Here are our top 4 cybersecurity tips your business can deploy now to get proactive on preventing data breaches, site defacement, DDoS attacks and other threats that put your sites at risk.

Stop threats before they spread with automated website scanning and malware removal

The first step to implementing a proactive approach to cybersecurity is stopping threats before they spread or cause damage. Because cybercrime is big business (and the fastest-growing type of crime), new attack methods are always arising. With the ever-evolving threat landscape, it can be virtually impossible to keep up with the latest attack method.

Some current cybercriminal activity that could be impacting your website includes:

• Malware that attacks visitors, leading to search-engine blacklisting and decreased site speed.

• Cross site scripting (XSS) and SQL injection (SQLi) vulnerabilities that can lead to stolen data. For example, formjacking, a new cyberattack being compared to ATM skimmers, is a popular method among bad actors. By inserting a simple piece of code into an ecommerce site, formjackers can steal customers’ personal identifiable information (PII) as they enter it.

• By simply sharing the same IP address with a spammer, sites can be flagged in spam databases. When sites are flagged, the business can experience email deliverability issues when contacting their customers, such as being blocked or sent to their spam folder.

To help protect your business from these cyber threats, you can use automated website scanning and malware removal solutions. Daily website security scans check your site for new malware and vulnerabilities, notifying you immediately if any issues are found. When an attack succeeds, automated malware removal can take care of it quickly, before it causes expensive, brand-damaging problems on your website. Additionally, using a spam scanner helps to ensure your site is not listed on spam databases, which could impact your ability to communicate with customers. These scans can also notify you to “bad neighbors” that may be sharing your IP address to help you take action before being blacklisted.

Block cybercriminals and bad bots with a web application firewall

Our second tip for taking a proactive approach to cybersecurity is using a web application firewall (WAF) to block malicious traffic, like cybercriminals and bad bots. Without this barrier of protection around your site to keep malicious traffic out, cybercriminals can launch harmful cyberattacks, such as a distributed denial-of-service (DDoS) attack. Why are DDoS attacks so important to prevent? In the past, these attacks were more of an annoyance than a serious threat, but this has changed. DDoS attacks are growing in both severity and frequency with 83% of organizations being attacked through this method since 2018.

Using a WAF ensures that legitimate traffic like your customers are able to access your site, while swarms of bots and cybercriminals get shown the door. By fine-tuning the firewall to suit your traffic patterns, you can ensure customers don’t get shut out of your site mistakenly during busy shopping seasons while also helping to protect your site from DDoS and other attacks.

Prepare for disaster recovery with Website Backup

Along with taking proactive measures to protect your website, another important tip for proactive cybersecurity is preparing for disaster recovery. By implementing website backup and restore tools, you can prevent losing thousands of hours of your website content in a single moment due to a cyberattack or another unexpected incident.

If a cyberattack corrupts or wipes out your website files or the database, your business risks suffering permanent damage unless you have a way to recover them. Additionally, cybercriminals aren’t the only reason you need regular site backups. Human error can take a site down with a single misaimed click or an update that includes code errors.
Whatever the cause, having a recent backup version and a way to restore it with just one click can keep your site up and running while you work to solve the underlying problem.

Make cybersecurity awareness part of your company culture

In addition to protecting your business through technology, another important aspect of proactive cybersecurity is ensuring your employees are prepared for the inevitable cyber threats coming their way. The fact is that cybercriminals look for any area of weaknesses within an organization to attack – and human nature is an easy vulnerability to exploit. For this reason, employees are often cybercriminals number one target when looking to attack a business. Research shows that employee errors are responsible for more than half of business data breaches, but only 3% of people can spot a sophisticated phishing email.

Security awareness training and phishing simulations can help prepare your people to spot potential cyber threats like phishing emails, so they can report them and help prevent exposing your business and customers to damage. Your training program should also emphasize the importance of unique, strong passwords for each work account.

It’s important to note that cybersecurity education isn’t a one-time event; it’s a process. Ongoing education and regular communication about security best practices is crucial to create a cybersecure culture that can help protect the business from even the most sophisticated cybercriminals.

Get proactive now to protect your business

Staying ahead of security threats can save your business from expensive attacks that disrupt operations, damage your brand and cost you money. By taking a proactive approach to cybersecurity with the tips in the blog, your business will be one step closer to getting ahead of security threats before the damage is done.

INFINITY is a state-of-the-art malware and vulnerability remediation service featuring unique, patent-pending technology. INFINITY combines deep website scanning and automatic malware removal with unrivaled accuracy and frequency. A cloud-based solution, INFINITY is designed to scan website files and remove any trace of malware before the user does.

According to recent search, websites experience 94 attacks per day on average. To help combat increasingly frequent and sophisticated attacks, SiteLock INFINITY provides always-on, continuous scanning to detect vulnerabilities and automatically remove malware the moment it hits. Once the initial site scan is complete, it scans again to ensure constant surveillance and protection with the highest degree of reliability.

Innovation is the cornerstone of SiteLock growth and has been the driving force behind our portfolio of cloud-based products that solve real-world problems for over 16 million customers and 500 partners worldwide. SiteLock is notably the only cybersecurity solution that offers automated website malware removal from site files, including MySQL databases, as well as vulnerability patching in outdated CMS core files, ecommerce platforms, and the most popular WordPress plugins.

For more information on how our award-winning cybersecurity solutions can protect your organization, contact us today!

In the digital age, having a comprehensive cybersecurity strategy is now just as crucial to organizational success as accounting, sales, marketing and other core business functions. The cybersecurity stakes are higher than ever and growing by the day. In fact, the World Economic Forum (WEF) projects that by 2021:

• Global cybercrime costs could total approximately $6 trillion in the US.
• If cybercrime were a country, it would have the third largest economy in the world.

Clearly, cybercrime is big business, and it operates like one. As part of this big business approach, many hackers are now automating attacks at scale, looking for ways into companies’ databases, email systems and networks to harvest data for resale and ransom. Without a comprehensive cybersecurity strategy, your company remains vulnerable to a constant stream of cyberattacks and the business damage they cause.

How big is the impact of cybercrime?

As at the threat landscape continue to develop, the impact of cybercrime is more far-reaching and costly to businesses than ever before. In fact:

• On average, websites are attacked 94 times per day.
• Security breaches have increased by 67% in the last five years, per the WEF.
• Businesses and consumers in the U.S. lost more than $3.5 billion to cybercriminals in 2019, according to the FBI.
• Ransomware cost businesses and individuals nearly $9 million in the U.S. in 2019.
• Data breaches cost an average of $3.9 million worldwide in 2019, according to a Ponemon Institute survey.

Part of what makes cybercrime such a vast enterprise is that there are so many digital elements within the technology stack that can be attacked – from networks to web apps. Cybersecurity, in its broadest context, should protect it all.

What’s in the tech stack?

Every organization has a tech stack, which is all the software required for the business to accomplish its goals. Each element in the stack is necessary but potentially vulnerable to threats.

The network is the hardware that connects an organization’s devices, such as routers, servers, computers, mobile devices and internet of things (IoT) devices. If intruders gain access to the network, they can roam freely to steal data, spy on email conversations and take over accounts on the network.

The operating system is the software that runs the computers and other devices on the network. Zero-day exploits of operating system vulnerabilities, intrusions via unpatched security gaps and administrator credential theft are some of the ways criminals can get into operating systems to steal data and take over accounts.

Core services are tools from Linux, Google, Microsoft and other software publishers that let developers build apps on their platforms. Vulnerabilities here can allow attackers to remotely grant themselves privileges to alter programs, change data, install apps and create new accounts.

Databases are the repositories of information, the thing most cybercriminals are after. With database access, thieves can use the data to commit fraud, blackmail, extortion, identity theft and to turn a quick profit by selling it to other criminals on the dark web. Additionally, hackers can lock organizations out of their databases and hold them for ransom.

Web servers host the organization’s websites, including the databases that contain all the website elements. If attackers can breach web server firewalls, they can steal sensitive information like customers’ payment data.

Third-party and custom web apps are the software that shapes how the website looks and functions. If attackers can inject malicious code into these apps, they can deface websites with their own messages, steal customer data as they enter it in website forms, redirect visitors to phishing sites and more.

How does cybersecurity protect the tech stack?

To help protect businesses, there are cybersecurity solutions to address the threats most common to each component of the tech stack. Some cybersecurity providers protect multiple stack elements, while others only focus on specific pieces.

Network security

Virtual private networks (VPNs) encrypt traffic to and from the organization’s network when employees are working remotely. VPNs keep criminals from “seeing” company data as it flows from a company issued laptop or mobile device to network servers.

Additionally, network segmentation is an effective strategy tolimit intruder access and diminish the impact of an intrusion. For example, a power plant might segment its network so that its email system and plant controls are on separate networks. That way, an email account takeover can’t lead directly to a plant takeover.

Also, phishing prevention, detection and remediation protect against wire-transfer and direct-deposit scams, malware installation, and credential theft that can give intruders network access.

Operating system security

To protect operating systems and the computers they run on, running malware and vulnerability scans can help to identify infections and potential entry points for malware and repair or remove the threats.

Core services security

Malware and vulnerability scans are also important to prevent exploits in core services and the apps built on them.

Database, web server and web app security

As a digital storage room full of important customer information, a database is one of the most important aspects of a website that requires protection. Some of these areas of security include:

• Malware scanning and removal: Frequent, regular malware scans, removals and patches protect website components against intruders and spammers.
• Web application firewalls (WAFs): To prevent malicious visitors from accessing databases and intercepting data through the front end of the website.
• Distributed denial of service (DDoS) prevention: Tools that protect the site from crashing under the strain of DDoS attacks.
• Website backup: Regular site backups allow for quick recovery after a disaster and protect one of the most important components of a website – the database.

Cybersecurity best practices beyond the tech stack

Good cyber hygiene isn’t only about software and systems. It’s also about people. Although not formally included in the tech stack, education and security awareness is critical to any successful cybersecurity strategy.

Security awareness training educates employees about cybersecurity best practices and alerts them to new threats. This kind of training is most effective when it’s ongoing, not just a one-time event. Regular reminders can help employees keep cybersecurity in mind, helping ensure the security of the business.

A culture of cybersecurity results from continuous training plus clear leadership on security issues. When leaders use best practices, communicate often about security goals, and reward employees who prioritize security, a safety-first mindset protects the entire organization. In a cybersecure culture, employees are less likely to become victims of ransomware and phishing attacks that lead to data theft, shutdowns and other cyber threats. And in a cybersecure culture, leadership ensures that each element of the tech stack is fully protected.

Start building a stronger cybersecurity program

Maintaining a comprehensive cybersecurity program is crucial to staying secure in the current threat landscape as well as to drive the overall success of your business.

Contact us today at (855) 237-2906 to learn more about how to build a stronger cybersecurity program to help protect your business from cyberattacks and the damages they cause.

According to SiteLock researchers and cybersecurity experts, cybercrime will only continue to grow in 2020 and beyond – bringing along new challenges for businesses. Given the increased security vulnerabilities associated with working from home and bringing businesses online amid the COVID-19 pandemic, it’s more important than ever to protect your business from cybersecurity threats.

To provide more insight into the threat landscape, SiteLock conducted an analysis of more than 7 million websites to help businesses better understand the cyberthreats facing their organizations.

In our 2020 Security Review, we uncovered a range of insights relevant to today’s ever-changing cybersecurity threats:

• The top threats to your website: Learn about the most prevalent cybersecurity threats facing your business today.

• How often cyberattacks occur: Understand the frequency of attacks and the reasons behind their rapid increase.

• The success of cyberattacks: See the staggering number of malware-infected websites, as well as how both quiet and noisy malware are affecting businesses.

• What makes websites vulnerable: Discover how many malware-infected websites aren’t flagged by search engines and the impact WordPress plugins have on your website’s security.

With countless businesses shifting operations online, we’re more tethered to the digital world than ever — and that makes cybersecurity even more important. Regardless of the type of business or industry you’re in, if you have an online presence of any kind, protecting it from cyberattacks with a proper security strategy is critical. By understanding today’s threat landscape and evolving threats, you can be better equipped to proactively protect your business and your livelihood.

Ready to unlock the next level of cybersecurity? Download the SiteLock’s 2020 Annual Security Review to learn more about the security threats facing website owners in the year ahead.

Starting an online business from home doesn’t have to be overwhelming. In fact, it can be quite simple. However, protecting it from cyberattacks isn’t always as easy. Small and midsized businesses (SMBs) are the targets in 43% of all cybersecurity incidents. That’s because hackers know that SMBs often lack the budget or resources to implement enterprise-quality protection. Phishing, ransomware, site defacement and SEO spam are just some of the most common threats SMBs face online.

With the right plan and support, your online business can avoid these malicious attacks and the potential damage they cause. Here’s our checklist for starting a home business, including our tips to ensure your site is secure. Using this list as guide, you can focus on growing your home business instead of fighting off security threats.

Choose your niche

When starting an online business from home, a good place to start is choosing your company’s niche. Leveraging your skills with your personal passions is typically a recipe for success – such as tutoring, graphic design, or selling products you make or buy wholesale. However, in order to be successful, you’ll want to ensure that there is a market need for your online business. To help evaluate the market opportunity, you can research competitors to help understand the landscape of your industry, as well as come up with a strategy for how to differentiate yourself and identify effective marketing practices.

Make a simple plan

Creating an online business plan helps outline your goals and how you can achieve them. For many businesses, this step is paramount in their overall success. In fact, research shows that those who write a business plan are nearly twice as likely to successfully grow their business than those who didn’t write a plan.

To be effective, your plan doesn’t need to be overly complex either. A very simple business plan can help you stay on track and help determine what you will sell, how much to charge, how you will receive payments, how to attract customers, technology you may need, and more. To determine the right steps for your online business, there are numerous resources that offer business plan templates to help you get started.

Name your business

The right brand name can be a business’s most valuable asset. Choosing a unique and memorable name can help catch the eye of prospective customers and differentiate your brand. While naming your online business is a lot about branding, there are also some key aspects to consider while building this foundational piece of your business.

The ideal name is easy to remember and tells what your business does, like “Sam’s Trigonometry Tutoring.” Additionally, a good business name has an available domain name. After you choose your business name, register the domain name you want. Then you can set up a business email address, develop high-level messaging for your business like a tag line, and design a logo or hire someone to do it for you.

Do your digital paperwork

When forming a business entity, even when starting an online business from home, you’ll need a business permit if your city, county or state requires one. If you’re in the U.S., you’ll also need an employer identification number (EIN) from the IRS online.

With your paperwork, you can open a business bank account. It’s not required to have an account specifically for your online business but bookkeeping and tax time are much easier if you keep business and personal funds separate. Then look into whether your business needs insurance, especially if you offer a professional service like writing or design.

Set up your website

With your domain name and necessary paperwork complete, you’re ready to set up your new business site.

To build a fully functional website, you’ll need:

• A web hosting service that hosts your website, enabling it to be viewable on the internet.
• A website, which you can build with a site builder like Wix or a content management system (CMS) like WordPress. WordPress is the most popular CMS and is used by 30 percent of websites on the internet.
• An ecommerce platform or plugin if you will need the ability to conduct transactions online directly from your site.

As a best practice, all three elements should be compatible for ease of use and security. To ensure the security of your site and your customers’ information, make sure you include:

• Website security tools for malware removal, PCI compliance, vulnerability patching.
• An SSL certificate to encrypt customer-entered data.
• A web application firewall (WAF) to keep hackers out.
• Tools to automatically update your platform, themes and plugins to patch vulnerabilities.
• A solution that runs regular site backups and can restore website files and the database in case of a site crash.

Now, you can set up your online storefront. First, choose a theme, then customize the site to include your business information and keywords. Finally, add your products or services and a checkout connected to your payment services (like PayPal, Square or Visa Checkout).

Market your online home business

To find prospective customers, you can set up accounts on the social media platforms where your target clients spend time and start promoting your store. Additionally, you can create content on your website targeting specific SEO keywords to bring in website traffic from search engines like Google. When visitors arrive at your site, invite them to subscribe to your email newsletter for news and deals. Start a store blog with how-to videos, interviews, gift guides and other content to attract customers.

Keep learning

The U.S. Small Business Administration is a great resource, with an online library of free courses for new business owners. For cybersecurity, SiteLock’s e-commerce security guide offers in-depth information about protecting your online business. You can also learn what your online business needs to be safe with a free website security analysis from SiteLock.

By following these steps, your online business will be setup for success right from the start. Along with completing the necessary steps of starting a home business, it’s crucial to be proactive about security when launching your business online. Once your online home business is up and running, be sure to get a free 30-minute consultation with a SiteLock website security expert, who will evaluate your site against 500 factors to determine your site’s risk of an attack and identify areas for security improvement.

Call us today at (855) 237-2906 to get your site security analysis.

An unfortunate reality for SMBs is that 43% of all cyberattacks target small businesses. Because many small business owners are often busy and strapped for time, cybersecurity might not be a top priority. In order to protect your business, customers, and data, it’s essential you’re aware of the ever-evolving methods cybercriminals use to target SMBs and their customers.

To help you get started, we break down the most common attacks into a simple small business cybersecurity guide for your business. We’ll examine the techniques cybercriminals deploy to target businesses and their customers. Additionally, we’ll outline some of the most common cybersecurity threats and offer steps you can take today to protect your website from cyberattacks in the future.

The Changing Cyberthreat Landscape

In our 2019 report covering website security, we analyzed the current online threat landscape to discern how it might change in the future. Over time, we predict a decrease in “noisy” attacks such as SEO spam and redirects: As malware scanners and website developers advance their techniques, these types of attacks are easier to detect and remove. Likewise, as user awareness grows, cybercriminals are also moving away from noisy attacks. However, SMB websites won’t face less risk — they’ll actually face different types of threats as cybercriminals adapt their methods.

The reality small businesses must face is that bad actors aren’t slowing down. Instead, they’re adapting and implementing new tools and stealthier techniques to achieve their objectives. Stealthy attacks are far less noticeable than noisy attacks; they’re unlikely to be noticed or remedied quickly, making them far more dangerous to website owners. For example, an attack on a website’s database to exploit sensitive data is considered stealthy — it’s unlikely that website owners will easily discover or quickly correct it, and this often leads to greater profits for cybercriminals. This makes stealthy attacks incredibly popular in the cybercrime community. Although these attacks take longer to execute, the fact that they’re more likely to go unnoticed for longer makes them a significant threat to businesses.

Cybercriminals won’t become complacent, and that means you shouldn’t, either. Read through this small business cybersecurity guide to learn how you can defend your business against the most common cybersecurity threats.

Noisy Cybersecurity Risks for SMBs

Although we’ll see a decrease in noisy attacks in the future, they’re not likely to go away. It’s important for SMBs to be knowledgeable about noisy attacks because cybercriminals still use them frequently. The good news is that noisy attacks are typically much easier to spot. Here are a few to look out for:

• Website defacement. This type of attack is easy to identify because it often involves attackers replacing images or text on your site with their own content. Cybercriminals often use this as a platform to spout a controversial political or religious message, and they might also include a shocking image to draw attention to the cybercriminal’s organization. The primary motivation behind website defacement attacks is to generate publicity, so consider defacement as a means for cybercriminals to boast their attack skills. Cybercriminals that conduct these attacks want visitors to know they were there. Depending on the content, a website defacement attack could affect your business’s reputation and turn users away from your site.
• SEO spam. If you experience a sudden plummet in your search rankings, it’s possible your site fell victim to SEO spam. This is a type of attack in which cybercriminals flood your site with hundreds of thousands of files containing irrelevant keywords and malicious backlinks. Websites hosting malicious links are often blacklisted by search engines, which prevents users from accessing your web content. If you have a blog on your site, pay special attention to the comment section; attackers often use it to flood a site with nefarious or irrelevant links, which damages your reputation and your site’s domain authority.
• URL redirects. Users typically view the domain name included in a site’s URL as evidence of a website’s legitimacy. In essence, a domain name evokes trust in users. Cybercriminals exploit that trust when deploying URL redirect attacks, a type of malware that redirects users from a legitimate site they thought they were visiting and points them toward an illegitimate one instead. If your site experiences a URL redirect — which accounts for 17% of all malware infections — you might see a brief decrease in traffic as your visitors land on another site. Along with the temporary dip in traffic, a URL redirect can also cause long-lasting damage for small businesses, including lost customers and revenue.
• Distributed denial of service. Cybercriminals conducting DDoS attacks deploy a network of hacked machines called a “botnet” to flood servers with traffic they can’t handle. If your website receives a massive number of fake requests, it might crash the server. Even when a DDoS attack doesn’t take a site completely offline, it usually slows it enough to make it unusable. This frustrates customers and can lead to significant revenue losses. On the other hand, modern cybercriminals can orchestrate this type of attack for around $25 per hour. Perhaps this low cost is why DDoS accounted for 35% of all cyberattacks in 2017 and continues to be a favorite tactic among cybercriminals.

Stealthy Cybersecurity Risks for SMBs

An increase in stealthy cybercrime means SMB website owners must educate themselves and take proactive measures to guard against these types of attacks. Once they happen, you might be unaware that your website has fallen victim to an attack until significant damage is already done. To help protect your site, here are some of the most common stealthy cybersecurity threats to be aware of:

• Phishing. With phishing attacks, the cybercriminal’s goal is to trick the victim into sharing data or sending money through a phishing email. Sometimes, phishing emails will include an attachment that, when clicked, will give cybercriminals access to the targeted network. A phishing email’s intention is to carry out a ransomware attack or compromise your network, which leaves your business susceptible to further damage and costs. Unfortunately, phishing attacks are becoming harder to detect: According to a recent study of more than 55 million emails, around 30% of phishing emails sent to organizations using Microsoft’s Office 365 made it through spam filters and into recipients’ inboxes.
• Ransomware. Ransomware is a type of malware that holds a computer or network’s information hostage until a ransom is paid, generally in bitcoin or another type of cryptocurrency. If your machine is vulnerable and you click on a malicious email link or visit an infected website, ransomware can begin to encrypt critical documents, PDFs, spreadsheets, and other files on your local machine. Once these critical files are encrypted, you’ll get an alert notifying you that decryption will occur once you pay a ransom. There’s no guarantee you’ll regain access to the encrypted files after paying the ransom, and it’s best that you work with local law enforcement to discuss the next steps.
• Backdoors. Backdoors are entry points that allow cybercriminals to maintain persistent unauthorized access to your website. Once cybercriminals install a backdoor file and have access to your website, they can expose sensitive data, change your site’s appearance, and more. Cybercriminals are becoming increasingly sophisticated in disguising backdoor files, so you might not even notice one on your site.
• Cross-site scripting. Unlike many other types of cyberattacks, XSS targets your site visitors specifically. Attackers inject code into a site through sign-up forms, contact forms, and other user input fields on your site. They can then use the web browser to deploy JavaScript to access sensitive data (such as personally identifiable information, bank account numbers, and more). Nearly 75% of websites have XSS vulnerabilities.
• SQL injections. SQL injections also take advantage of unsanitary user input forms on your site. In this type of attack, cybercriminals will inject modified SQL queries into a form (such as a contact form), which allows them to breach your back-end database and steal or destroy data. Although SQL injection is considered a stealthy threat, this type of attack will often be accompanied by several noticeable signs, including modified posts or comments, changed database passwords, new unauthorized administrators, and connectivity issues with your content management system.
• Malvertising. Cybercriminals might use one of several different techniques to execute a malvertising attack. Sometimes, they’ll hide malicious code in a legitimate advertisement using iframes or HTML elements that display ads on webpages. Other times, they’ll create a malicious ad — with some more disguised than others — and will use advertising networks to deliver the malware as if it were a real ad. Users are infected in two ways: First, they click a malicious ad. Then, they might see a pop-up prompting them to download software to “fix” the problem — but the download is actually malicious. Second, they become unknowingly infected with malware through what’s called a “drive-by download,” in which malicious software is automatically downloaded from infected websites.

How to Protect Your SMB’s Website from the Most Common Cybersecurity Threats

New attacks emerge constantly, and the overview above should help protect you from the most common cybersecurity threats. If you follow basic cybersecurity best practices and address everything in this small business cybersecurity guide, you’ll significantly reduce cybersecurity risk for your SMB. Start with these four tips:

1. Install security patches and updates regularly. Many SMBs rely on CMS applications such as WordPress and other plugins to create and maintain their websites. If you host your website on a CMS, be sure to install security patches as soon as developers release them, and update your software when new versions launch. A more complex website means a larger attack surface for cybercriminals, so only choose plugins that you absolutely need to deliver a great site experience for your visitors. Out-of-date CMS components often contain unpatched security vulnerabilities, so update them often and remove any that haven’t been used or updated within the last three months.

2. Sanitize input fields. It’s crucial to be diligent about guarding the input fields on your website; these are critical entry points for cybercriminals. You can sanitize these fields by restricting input characters. For example, if you ask visitors to type in their phone numbers, the input field should only allow numbers, dashes, and parentheses. By only allowing these predetermined characters, small businesses can help prevent cybercriminals from deploying modified queries within their database.

3. Install an automated scanner. To help secure your website, installing an automated website scanner offers comprehensive protection for your site files by detecting (and automatically removing) malware that could cause severe or permanent damage. Ultimately, the scanner should also have the capability to patch outdated security vulnerabilities found in CMS core files, ecommerce platforms, and popular plugins. These types of scanners reduce time by quickly identifying and removing threats so you can focus on your other business objectives.

4. Implement a web application firewall. To stop malicious bots and cybercriminals from ever accessing your website in the first place, install a WAF to be your website’s gatekeeper. This filters your traffic to keep bad players out while still allowing good traffic. As cyberattacks become more advanced, it’s important to ensure that your WAF provider protects against both the latest and most common cybersecurity threats.

A cyberattack can be devastating to an SMB owner, and cybercriminals are increasingly targeting businesses with limited budgets and time. Fortunately, you can take relatively simple steps and implement a comprehensive security solution to protect your website — and your customers — from the most common cybersecurity threats. This will save you time and money in the long run.

Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 16 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.

Larger corporations, such as Facebook, Amazon, and Google, all have the proper resources and security infrastructure in place to protect their valuable online assets and communications, but what about small to medium-sized businesses?

The rapid spread of COVID-19 is without a doubt putting remote work to the test! Those smaller organizations who don’t have work from home policies already in place are feeling a major impact. As more and more businesses face the imminent need to implement remote working opportunities for employees, we will discuss our top three tips to help make this transition smooth, as well as secure.

Top 3 online security tips for remote workers

1. Use a VPN to Protect Online Communications

While working remotely, using the right tools to ensure you are communicating effectively as an organization will be critical. Instant messages, emails, and video meetings through company-issued laptops and mobile phones will be the beacons of communication during this time. With this new mobility, organizations should make it a requirement for all employees to use a virtual private network (VPN) on their work devices, ensuring company assets and communications are secure.

A VPN will encrypt an internet connection and ensure employees can safely browse the internet, which protects the organizations from man-in-the-middle attacks. Cybercriminals can intercept your browsing data to steal personal identifiable information (PII), such as name, address, email, phone numbers, and even login credentials.

With the influx of remote workers — organizations must remind employees that they should never use an unsecured wi-fi connection to work. Working on an unsecured network can lead to number of security risks, such as a ransomware attack. All an attacker has to do is gain access to the same wi-fi connection to access proprietary company information or, worse, an employee’s company login credentials. If you use multiple communication channels, make sure you invest in an encrypted unified communications solution that not only centralizes all this communication but also keeps it secure from interception.

2. Be Extra Cautious with Company Devices

Using a company device, such as a laptop, for personal use is not a wise decision in general. But when employees are working from home, they may be more likely to check personal email or social media accounts, leaving the door wide open for cybercriminals. At a time like this, the unfortunate truth is we are likely to see cybercriminals exploit the COVID-19 health scare. For instance, malicious individuals may setup fake COVID-19 websites, spoof government and healthcare organizations in phishing email attempts, and create social media scams around fake fundraising. If your employees fall victim to these scams when checking their personal email or other accounts through their work laptop or mobile device, it can put your entire organization at risk.

All it takes is the click of a button to invite a cybercriminal into your company’s laptop, allowing them to gain access to important company data. By reminding employees to only use company devices for company data and logins, can keep those devices and the broader organization safe from phishing scams that can lead to ransomware.

3. Communicate Security Best Practices

Before implementing a work from home initiative, devise a strategy to reiterate security best practices that your employees should follow while working remotely to help protect your company. For instance, educating your employees about phishing emails with suspicious attachments, reinforcing the important of using strong passwords, and communicating clear rules on how to store and share company data are proactive steps in the right direction.

As you apply these cybersecurity guidelines, educating your employees in cybersecurity best practices will benefit your business and prevent severe fallout from an attack. A trained employee can act as a human firewall during a time when cybercriminals are taking advantage of a much larger issue, COVID-19.

SiteLock_® INFINITY™ took home Gold in the Security Monitoring category, further reinforcing its reputation and performance as an industry-leading malware and vulnerability detection and remediation solution. INFINITY is the only cloud-based solution on the market that offers continuous scanning, automatic malware removal, complete CMS core security patching, and database protection for WordPress, Joomla! and any other web platform using a MySQL database. Recognized as an industry-first, INFINITY offers unrivaled accuracy and frequency, delivering the highest level of protection against security threats and vulnerabilities. Designed to scan a website from all angles to provide complete coverage of the website and database, INFINITY catches any trace of malware before damage is done.

In addition, SiteLock SecureSite® received Silver recognitionfor the Security Product and Service for Enterprise category! SiteLock SecureSite offers peace of mind to small organizations that rely on their website as the cornerstone of their business and primary channel for driving revenue. SecureSite helps protect websites against cyberattacks, ensures site uptime, accelerates website performance and speed, improves brand trust to enhance conversions, and much more. Along with gaining access to our premier INFINITY scanner and enterprise web application firewall (WAF), businesses receive 24/7 accessibility to our team of security experts.

Finally, SiteLock was also recognized as the Silver winner for Innovative Company of the Year (Security)!

Innovation is the cornerstone of SiteLock growth and has been the driving force behind our portfolio of cloud-based products that solve real-world problems for over 16 million customers and 500 partners worldwide. SiteLock is notably the only cybersecurity solution that offers automated website malware removal from site files, including MySQL databases, as well as vulnerability patching in outdated CMS core files, ecommerce platforms, and the most popular WordPress plugins.

For more information on how our award-winning security solutions can protect your site, contact us today!

About Info Security PG’s Global Excellence Awards

Info Security Products Guide sponsors the Global Excellence Awards and plays a vital role in keeping end-users informed of the choices they can make when it comes to protecting their digital resources and assets. Visit www.infosecurityproductsguide.com for the complete list of winners.

It’s essential for businesses to backup sites regardless if you are a small or large business. You rely on your website to promote your brand, attract clients, and perhaps even generate revenue via ecommerce capabilities. If you don’t back up your site, you risk losing thousands of hours of your website content in a single moment. How do you put a price tag on irrecoverable data loss? You can’t!

In order to ensure long-term success online, today’s businesses need to invest in a comprehensive security strategy that includes a web application firewall (WAF), DDoS protection, malware detection and removal, vulnerability patching, and backup. Website backup provides the added security layer all businesses need to quickly recover from data loss that can significantly hurt your business.

In this post, you’ll learn why website backup is a critical piece of any comprehensive disaster recovery plan, and how to choose a backup solution that will protect your website data 24/7.

Why do you need website backup?

Backing up your website regularly is crucial for preventing data loss. If a cyberattack or other unexpected incident causes corruption to your website files – or worse – eliminates them altogether, it can permanently damage your business if you have no way of recovering them.

Having a backup solution in place can safeguard the most important components of your website in the event of unexpected circumstances such as: