There are currently around 4.1 million malware-infected websites in the world.
That’s the conclusion of a new report from certificate lifecycle management (CLM) provider Sectigo, based on an analysis of more than 14 million websites conducted by its website protection and monitoring arm, Site Lock.
Worse still, almost all of these infected websites (93%) are not blacklisted and therefore appear in public search engine listings. The most prevalent malware variants are Filehacker, found on more than a third of infected websites, and Backdoor (31%).
Infecting several million websites is an impressive feat. So how do threat actors go about it?
Sectigo believes that the majority automate their attacks; bots in 2021 accounted for 5.5 times more traffic than humans, or more than 2,300 average weekly bot visits per site. At the same time, the volume of human traffic has decreased.
While not all bot traffic is malicious, the part that is causes a lot of headaches.
“Malicious bots can programmatically visit websites and identify vulnerabilities in code to execute their attacks, such as data theft or malware insertion,” said Jason Soroko, CTO of PKI at Sectigo.
“The public internet is a very dangerous place and is getting worse and worse. Don’t commit the outsider fallacy, SMB websites have enormous value to bad actors because they have customer data and can be used for phishing attacks. It’s not just fraud, either. If websites manage payments, they are also obvious targets. The content management system platforms on which SMBs rely on may not protect against these threats.In fact, they are inherently difficult to secure.
In total, endpoints are attacked 172 times per day, which means they receive eight attacks per minute. Nearly half (48%) of small business website owners believe they are too small to target. At the same time, more than half of them have already been raped.
Given the wide range of threats, businesses need a comprehensive security solution, Sectigo concluded.