Viruses and malicious malware can be a major problem for digital device owners, a successful exploit can slow down a device’s performance, delete files, steal personal data, and install spyware.
Unfortunately, the Internet is the perfect playground for hackers to spread malware. A system can be infected with a virus through various means such as email attachments, infected removable drivers (USB, HDD), visiting compromised websites, or using harmful software (usually downloaded from disreputable sources).
The most popular infection method today is drive by downloads, e.g., a user visiting a website that has been infected with malware. Consequently website owners should take steps to protect their users by ensuring their website and underlying server is secure.
Here are five ways malware can initially infect a website:
1. Vulnerable CMS and poor password strength
The chosen website control systems (CMS) and their plugins may have a vulnerable plugin that allows hackers to gain a foothold on the underlying server, in this case ensuring that your plugins are up to date will help avoid such issues. Another method into a CMS is a brute force attack, this uses automated password guesses and, in some cases, can skip CAPTCHA checks. This is also why a unique and complicated password combination should be utilized.
2. Poor coding and configurations
Website coding and settings can produce undesired mistakes from a website designer. Recent research has shown that over 80% of vulnerabilities come from programming errors.
One such issue is XSS (Cross-Site Scripting) which allows for JavaScript to be inserted into a page which could allow for a user’s login information and cookies to be intercepted.
It is crucial not only to write secure code but also to ensure infrastructure has robust security settings. Some developers and administrators forget to limit access rights for unauthorized users, set the same passwords everywhere, do not update software, and leave a backdoor (hidden access to the website for unauthorized users without anyone’s knowledge).
3. Usage of plain-text services
Site administrators frequently use remote control services to move files to and from a website, however some may still use services that do not offer encryption such as FTP which would allow for an eavesdropper to intercept a username and password during login and thus use it for themselves. In this instance it is advised that encrypted alternatives be used such as SFTP.
4. Attacking external services
Web server attacks often occur when site admins expose unnecessary services and do not update them. To avoid this issue many companies, opt for a PAAS service to ensure that the responsibility of keeping them updated is already taken care of.
5. Exploit kits
Once a cybercriminal gains access to a websites underlying server they may use an exploit kit that may serve pop-up advertisements and therefore use them as a platform for phishing scams. Other scripts can be loaded within the phishing software to search for vulnerabilities in Adobe Flash, Java, Internet Explorer etc.
How to check your website for malware?
If you think your website has significantly slowed down recently or you’ve noticed file changes you didn’t make, you need to check for signs of exploitation.
You can check manually to find harmful code, but you may need to be an experienced IT specialist for this, first port of call is to use an antivirus software to check whether the exploit is listed within their database.
There are numerous free online scanners – VirusTotal, Kaspersky VirusDesk, Avast, Pr-cy.io, FortiGuard, etc. To use these you need to insert a URL or download file; then, you will receive a detailed report that will highlight if there are any known exploits that have been utilized.
How to protect your website from malware?
It is advised that all the following are implemented to reduce the likelihood of a breach occurring:
- Use unique and complex passwords
- Use multi-factor authentication
- Back up regularly
- Periodically scan the website and server to find potential vulnerabilities
- Ensure a robust patching policy is in place
- Use trusted libraries and frameworks
- Ensure your web developers have a strong security background
Conclusion
Cybercriminals are always on the lookout for a vulnerable system, ensure that you regularly check the security of your website, scan it for threats and react quickly if anything unusual is discovered. Most online scanners and antivirus programs have technical support to propose paid assistance in complex cases.