Businesses often don't know how to react when cybercriminals hack their websites. In fact, 63 percent of website owners don't even know how they were hacked. 20 percent say they had their sites compromised because hackers exploited out-of-date or insecure software, 12 percent were hacked because the computer used to update their website was infected with malware, 6 percent said their username/password (or their colleague's) was used to access their website, and 2 percent used a public computer or public Wi-Fi network.
About half admitted they only discovered the hack when they attempted to visit their own site and received a browser or search engine warning. In fact, over 90 percent didn't notice any strange activity, despite the fact that their sites were being abused to send spam, host phishing pages, or distribute malware.
The results come from a study conducted by StopBadware and Commtouch, which surveyed over 600 website owners and administrators whose sites had been compromised. Here are two other tidbits from the survey:
- 26 percent of site owners had not yet figured out how to resolve the problem at the time they completed the survey.
- 40 percent of survey respondents changed their opinion of their web hosting provider following a compromise.
"Cybercriminals can significantly improve their open and click-through rates by distributing badware via legitimate domains," Amir Lev, Commtouch's chief technology officer, said in a statement. "Many site owners are either unaware of the compromise or struggle to remove the infection, which directly contributes to the persistence of, and increase in active badware URLs. Commtouch does its part to protect end-users, enterprises and service providers from compromised sites with a range of cloud-based email security, Web filtering and antivirus tools."
"The survey results highlighted several aspects of webmasters' experience with site compromise that may prove eye-opening for the security community," StopBadware Executive Director Maxim Weinstein said in a statement. "There's a lack of clarity for webmasters about who's responsible for site security and where to turn when a website is compromised. Webmasters and the wider Internet community therefore benefit from continual efforts aimed at educating them about their responsibilities and those of their hosting providers."
You can read the full 15-page report here: Compromised Websites: An Owner's Perspective (PDF). If you prefer the visual version, here's an infographic:
- PwnedList alerts you when you've been hacked, for a price
- NASA: Hackers had 'full functional control'
- Anonymous hacks Vatican again
- Anonymous hacks Panda Security in response to LulzSec arrests
- Anonymous tricked into installing Trojan
- Anonymous reacts to Symantec Trojan report