Upload
sucuri
View
470
Download
1
Embed Size (px)
Citation preview
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
WELCOME!
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
DANIEL CID | TONY PEREZ
@danielcid | @perezbox
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
#AskSucuri
Hacked Website Trend Report
Q1 / 2016 Review
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
GETTING STARTED
• https://sucuri.net/website-security/website-hacked-report
• We will go through the important things we think you should
• Hopefully you read it already.
• Be ready for Homework
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
• Incident response (website cleanups) is a big part of what we do here at Sucuri.
• We do thousands of cleanups every month, across all major platforms: WordPress, Drupal,
Joomla, Magento, vBulletin, ModX, PHPBB, etc, etc.
• This report is based on data out of compromised sites. Sites that were hacked and somehow
the administrator found our company to do the incident response. It will not match the overall
market share of CMS's, will match, and that's very important, the market shared across
websites that did get hacked.
• And before I start, we need to give credit where credit is due. This data came out of the work
done by our Remediation team, that works 24x7, every single day of the year, cleaning up
sites, looking at malware and getting them clean.
Analysis Background
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Report Review
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Infected Website Platform Distribution
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Platform Market Share (Source BuiltWith)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
• The core of the most popular CMSs (WordPRess, Joomla, Drupal, etc) are very secure.Incident
response (website cleanups) is a big part of what we do here at Sucuri.
• The developers behind these platforms are very responsive and care a lot about security.
• What is going on? The real problem happens at an upper level:
• Website deployments
• Website management
• Website extensions
• Website hardening
CMS Security or Insecurity
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
5 Minute Install
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
% of Out of Date Platforms at Infection
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Outdated CMS - The root cause
Yet, Outdated CMSs are not the problem. They are the consequence.
The real problem is lack of Website Management
•Outdated CMSs are the results of bad
website management
•Outdated CMSs are the results of lack of
asset management
•Outdated CMSs are the results of lack of monitoring
•Outdated CMSs are the results of lack of a security process
for the web properties
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Top 3 Out of Date WordPress Plugins
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Fixing the Website Management Problem
Security Website Management -> We have a problem and easy
ways to fix it
1.Create an asset list with all your sites.
2.List all necessary plugins / modules for each
3.List who has access to each
4.Remove everything else. No test accounts, no test plugins
and specially no test sites in production.
5.Upgrade all sites and plugins.
6.Repeat every month (Patch Tuesday for your sites)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Malware Family Distribution
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Spam SEO
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Defacements
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Malware Trends
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Adding Security
1.Website Management
1.Asset List
2.Monthly updates
2.Website Secure Deployment
1.Identify possible risks and solutions
2.Website hardening
3.Website Monitoring
https://sucuri.net/website-security/website-hacked-report
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Thinking Website Security How to improve your website security posture
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Security is not a static state, it’s a continuous process.
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Environment
Local Machine Local Network User
Attack Surface
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Application Server Infrastructure Environment
Security Chain
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Technology will never replace your responsibility
as a website owner.
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Security is not a Do It Yourself (DIY) project.
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri