Hacked Website Trend Report Q1/2016

Hacked Website Trend Report – Q1/2016 WEBINAR

@danielcid | @perezbox #AskSucuri

WEBINAR


WELCOME!



WEBINAR


DANIEL CID | TONY PEREZ

@danielcid | @perezbox



WEBINAR


#AskSucuri

Hacked Website Trend Report

Q1 / 2016 Review



WEBINAR


GETTING STARTED

• https://sucuri.net/website-security/website-hacked-report

• We will go through the important things we think you should

• Hopefully you read it already.

• Be ready for Homework



WEBINAR


• Incident response (website cleanups) is a big part of what we do here at Sucuri.

• We do thousands of cleanups every month, across all major platforms: WordPress, Drupal,

Joomla, Magento, vBulletin, ModX, PHPBB, etc, etc.

• This report is based on data out of compromised sites. Sites that were hacked and somehow

the administrator found our company to do the incident response. It will not match the overall

market share of CMS's, will match, and that's very important, the market shared across

websites that did get hacked.

• And before I start, we need to give credit where credit is due. This data came out of the work

done by our Remediation team, that works 24x7, every single day of the year, cleaning up

sites, looking at malware and getting them clean.

Analysis Background



WEBINAR




WEBINAR


Report Review



WEBINAR


Infected Website Platform Distribution



WEBINAR


Platform Market Share (Source BuiltWith)



WEBINAR


• The core of the most popular CMSs (WordPRess, Joomla, Drupal, etc) are very secure.Incident

response (website cleanups) is a big part of what we do here at Sucuri.

• The developers behind these platforms are very responsive and care a lot about security.

• What is going on? The real problem happens at an upper level:

• Website deployments

• Website management

• Website extensions

• Website hardening

CMS Security or Insecurity



WEBINAR


5 Minute Install



WEBINAR


% of Out of Date Platforms at Infection



WEBINAR


Outdated CMS - The root cause

Yet, Outdated CMSs are not the problem. They are the consequence.

The real problem is lack of Website Management

•Outdated CMSs are the results of bad

website management

•Outdated CMSs are the results of lack of

asset management

•Outdated CMSs are the results of lack of monitoring

•Outdated CMSs are the results of lack of a security process

for the web properties



WEBINAR


Top 3 Out of Date WordPress Plugins



WEBINAR


Fixing the Website Management Problem

Security Website Management -> We have a problem and easy

ways to fix it

1.Create an asset list with all your sites.

2.List all necessary plugins / modules for each

3.List who has access to each

4.Remove everything else. No test accounts, no test plugins

and specially no test sites in production.

5.Upgrade all sites and plugins.

6.Repeat every month (Patch Tuesday for your sites)



WEBINAR


Malware Family Distribution



WEBINAR


Spam SEO



WEBINAR


Defacements



WEBINAR


Malware Trends



WEBINAR


Adding Security

1.Website Management

1.Asset List

2.Monthly updates

2.Website Secure Deployment

1.Identify possible risks and solutions

2.Website hardening

3.Website Monitoring

https://sucuri.net/website-security/website-hacked-report



WEBINAR


Thinking Website Security How to improve your website security posture



WEBINAR


Security is not a static state, it’s a continuous process.



WEBINAR


Environment

Local Machine Local Network User

Attack Surface



WEBINAR


Application Server Infrastructure Environment

Security Chain



WEBINAR




WEBINAR


Technology will never replace your responsibility

as a website owner.



WEBINAR




WEBINAR


Security is not a Do It Yourself (DIY) project.



WEBINAR


Internet

Hacked Website Trend Report Q1/2016