A report issued by the company (Sucuri) – which specialized in the field of website security – indicated that more than half of the websites that were based on content management systems were hacked in 2022 due to not updating them, in addition to that more than 46% of the websites had It was hacked for SEO reasons, which highlights the most important security threats that websites face today.
Yesterday, Sucuri published its annual report titled (Website Threats of 2022) which provides detailed information about the types of malware and criminal activities that were used to infiltrate websites during the second quarter of 2022.
In its report this year, the company included new insights to shed light on the most prevalent methods and technologies detected on hacked websites, to educate website owners about the latest security threats discovered in compromised websites.
Some of the key findings in the report include:
50.58% of the compromised CMS-based websites were out of date when the hack occurred.
Data has shown that automatic updates in the WordPress system help users maintain website security.
69.63% of hacked websites contain at least one backdoor.
Backdoors can be difficult to detect, but they can be found in a wide range of formats, and it is common to find several different types of backdoors responsible for specific tasks in a vulnerable server environment. Sucuri reported that its security team removed 1,188,864 backdoors from infected websites last year.
46.76% of all hacked websites had SEO spam.
36% of all compromised websites had at least one vulnerable plugin or theme.
This point underscores the importance of updating and maintaining third-party website extensions to reduce risk, as vulnerabilities that are easily exploited are the best option for attackers. By updating plugins and themes to the latest version, website owners can reduce the risk of bugs, known vulnerabilities, and other security threats.
23.63% of hacked websites contain at least one hacking tool.
90% of credit card skimmers are found in the form of malicious PHP code. This makes it impossible to detect these devices using third-party scanning software and highlights the importance of server-level monitoring.
Hacked websites statistics during 2022:
The WordPress system acquired the largest share in the content management systems market during the year 2022, and according to (W3Tech) statistics, WordPress acquired 63.4% Of the content management systems market as of March 2023, this popularity is also reflected in the data breaches experienced by websites.
The Sucuri report showed that 96.2% of WordPress sites were infected in 2022, followed by Joomla sites with a rate of 1.9%, while Magento sites ranked third with a rate of 0.7%.
The main categories of malware detected:
The report showed that the category of malware (Malware) was detected by 72.72% of websites that were hacked in 2022, and some examples include JavaScript and PHP scripts used to redirect website visitors to third-party sites or steal login data.
The Backdoors category came in second place with a rate of 69.36%, the SEO Spam category came in third place with a rate of 47.76%, while the Hack Tools category came in fourth place with a rate of 23.63%.
Conclusion:
The data in Sucuri’s report highlights the importance of keeping CMS-based websites, plugins, and templates updated to reduce the risk of security threats and data breaches, as the high percentage of compromised websites indicates that there is still Work to be done regarding updates and basic security practices to prevent infection.
To combat these security threats, website owners and developers should prioritize website security, and make use of 2FA (admin panels) among website security best practices.
