1 May 2023
Sucuri has released an overview of the trends in hacks, hacking and malware over the past year. The overview counts 43 pages and is entirely in English.
But since we read through it anyway, we immediately share the various interesting points with you. In Dutch! We add our experiences, so you get a complete understanding.
Foreword: Without up-to-date knowledge no visibility into hackers & Malware
It is important to stay up-to-date in the ever-changing world of Malware.
Up-to-date knowledge ensures that you know what to look for.
2019 has shown that the techniques of hackers and the Malware they have developed are at an ever-increasing level. This is due to the capabilities of the Internet, but also because the loot is becoming more and more valuable. Websites are becoming more and more a part of our lives and income. WordPress as a platform is still growing.
Type hacks in 2019
Below are the trends in hacks, and especially the effects of hacks.
1 62% of hacks consist of SEO spam
Links to web shops, link building or even flat advertising through banners in your website. This is what is most common: Ransomware – holding your website hostage to payment & defacing – modifying the style is much less common.
SEO spam, placing links in your website is completely automated. In every post and page a link, within seconds with a script that uses a leak or in 47% of cases via a backdoor: A backdoor placed during a previous hack.
2 Technical support with fake company names
Another common problem. What happens is that you see a (fake) notification on a website that the computer is infected.
The notification appears to come from Microsoft or some other reliable company, you are shown a phone number that will “help” you get your computer back in order. NEVER CALL!
Fixing your infected computer is obviously never going to happen, at worst it will actually make adjustments that will make you need their service as a “tech company” more often.
Now you’re thinking, I’m not falling for that!
But another might, someone who gets such a notification when they visit your website well known and trusted, they might fall for it. (It’s mostly the elderly who get fooled.)
Of course, you don’t want to be part of that, you don’t want that virus notification from a fake company displayed on your website. It comes at the expense of your good reputation, even if someone doesn’t fall for it … they’ll see it when they visit your website!
The SEO spam and the fake tech notification are both highly undesirable hacks that you want to PREVENT. (And not to take out afterwards only when you finally discover the false information).
3 Credit card data theft
Sucuri has removed 2300+ scripts from servers & websites last year that used to steal and forward credit card data.
It just might be your credit card information! As ingenious as a WooCommerce webshop can work, hackers are just as ingenious when they steal credit card information.
Don’t underestimate that if you have a WooCommerce webshop.
4 Cryptomining
There is a large decrease in the number of scripts that prompted the visitor’s computer to mine crypto coins.
1 reason is the change in exchange rates, the drop in value and the antivirus software of computers that dealt with this threat very seriously. Cryptomining in fact led to increased CPU usage and in this way led to additional (power) costs for the website visitor.
Brief summary:
The above methods are only 4 out of hundreds. These are the most commonly used, but that doesn’t mean you won’t encounter other tricks.
In particular, fishing and reselling account information often runs parallel to these tricks.
Keep your WordPress website up-to-date, secure and if you don’t have a site but have encountered these tricks: be aware that even the most trustworthy website can be hacked and thus provide false information. Make sure you have a good Antivirus for your computer, that will prevent many of the trojans trying to install themselves on your computer.
