This blog post is based on the ‘Knowledge is Power: Symantec Guide to Protecting your Website’ whitepaper which is free to download now.
In 2012 Symantec performed more than 1,400 website vulnerability scans each day. More than half the websites scanned were found to have unpatched, potentially exploitable vulnerabilities.
Of the vulnerable sites, a quarter were actually infected with malware that could infect visitors and lead to the sites being blacklisted by search engines. These figures show that millions of legitimate websites are at risk from serious attack and exploitation by internet criminals every day.
When malware does find its way onto a website it can attack in three ways; accessing the information held on a server, intercepting information passed between the website and its customers (unless the website uses an up to date SSL certificate) and dropping malware onto the devices of those using the website.
Website vulnerabilities are complex, and taking advantage of them is not necessarily simple. There are, however, several enterprising cybercriminals and gangs who develop and sell toolkits.
These toolkits include information about known vulnerabilities and the code needed to take advantage of them, and they are very popular. This means a much wider group of less technically skilled criminals have the ability to exploit and attack your website by simply buying or stealing these toolkits.
In 2012, for example, a single toolkit, the Blackhole toolkit, accounted for 41 percent of all web-based toolkit attacks.
We are also seeing an increase in the number of website vulnerabilities, but there are several easy steps available to help keep websites safe. To find out more download the ‘Knowledge is Power: Symantec Guide to Protecting your Website’ whitepaper now.