The report clearly shows that the majority of hacked websites were breached as a result of improper deployment or installation, poor website configuration and a general lack of website and web server maintenance.
WordPress was once again the leading platform which fell victim to hacking. No surprise here seeing that WordPress is the most popular CMS with the largest install base on the Internet. Of the hacked websites analyzed by Sucuri, 75% ran WordPress. Joomla was next with 15% of hacked websites analyzed running on that platform.
An interesting statistic highlighted in the Sucuri report shows that 55% of WordPress sites hacked were running on an out-of-date version. This statistic was highest in Magento however where 96% of Magento sites hacked were running an out-of-date version of the popular e-commerce platform. Out-of-date Joomla sites came in at 86% and Drupal at 81%. When these stats were compared with the previous quarter’s statistics the correlation was almost an exact match illustrating that out-of-date software is a key attack vector for website hackers.
A deep dive into the WordPress statistics show that 22% of WordPress compromises were as a result of only three out-of-date or vulnerable WordPress plugins. These were RevSlider at 10% and TimThumb and GravityForms both at 6% each.
The lesson to take from all this statistical data is that the vast majority of hacked websites studied by Sucuri would not have been compromised if the website administrators had carried out proper software maintenance by applying security updates and patches.
Post website breach, the overwhelming action taken by the website hacker was to install a backdoor on the site or server to re-infect the site and retain unauthorized access. 70% of breached sites had backdoors installed post breach and this was followed by user-attacking malware at 60% of compromised websites which would infect website visitors when they visited the hacked site. The next largest category was SPAM-SEO at 37% which infected the hacked site with SPAM content or redirected visitors to spam-specific pages.
To ensure website administrators do not add the statistics in the next Sucuri report these basic precautions must be taken to protect their websites. As noted from the report, if software maintenance is undertaken it dramatically reduces the potential attack surface exposed to would be attackers. Website administrators should also consider hardening their web server, if this is applicable to them, and also investigate the possibility of deploying web application firewalls to further reduce the risk of website compromise.
Download the full report here: https://sucuri.net/website-security/hacked-reports/Sucuri-Hacked-Website-Report-2016Q2.pdf