• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Hacked Website Report – 2016/Q2

September 21, 2016Daniel CidEspanolPortugues

165
SHARES
FacebookTwitterSubscribe

Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights and analysis performed by our Incident Response Team (IRT) and Malware Research Team (MRT).

View-Download-HackedTrend-Report

CMS Analysis

Our analysis consisted of over 9,000 infected websites. The graphs below show a side-by-side comparison with our 2016/Q1 report.

The four open-source Content Management Systems (CMS) we focus on in our report include WordPress (78%), Joomla! (14%), Magento (5%), and Drupal (2%).

CMS hack distribution by platform - WordPress. Joomla. Magento. Drupal

We dive into specific information about out-of-date software found on websites going through our cleanup process. Some interesting datasets include that WordPress installations were out-of-date 55% of the time while Joomla! (86%), Drupal (84%), and Magento (96%) continue to lead the way with out-of-date software.

Out of Date CMS Distribution chart for Q2 2016

We briefly cover specific extensible components within the WordPress platform. As it makes up the largest sampling in our environment (78%), we place special emphasis on the top three plugin vulnerabilities contributing to 22% of WordPress site hacks.

Top 3 vulnerable WordPress plugins 2016-Q2

In this report, we also include a new telemetry dataset that shows the most popular WordPress and their distribution amongst the sample set. On average, we found that WordPress installations had 12 plugins installed at any given time.

Blacklist Analysis (New)

We introduced a new data set highlighting the number of websites that were blacklisted. We felt this was an important bit of data to include as the impacts to website owners can be devastating.

Per our data, 18% of the infected websites we analyzed were blacklisted, which means that 82% of the infected websites we worked on were not flagged. The most prominent blacklist was Google Safe Browsing with 52% of blacklisted sites. Here is a more complete distribution of the blacklist APIs we monitored:

Percent of Sites Blacklisted by Google, Norton, Yandex, and McAfee

Malware Analysis

We also focused on understanding what attackers were doing once they successfully hacked a website, specifically the payloads they were using.

Our analysis shows that SEO spam continues to be a go-to for attackers, with a 6% increase over Q1. In total, 38% of sites had some form of SEO spam injection. Backdoors continue to be one of the many post-hack actions attackers take, with 71% of the infected sites having some form of backdoor injection.

2016 Website Malware Family Distribution Trends for Q2

Hacked Website Report – TL;DR – Cliffsnotes

Some quick takeaways that you might find interesting:

  • WordPress continues to lead the infected websites we worked on (at 74%), and the top three plugins affecting that platform are still Gravity Forms, TimThumb, and RevSlider.
  • WordPress saw a 1% decrease in out-of-date core software and infected websites, while Drupal had a 3% increase. Joomla! and Magento website deployments continue to show the most out of date instances of any platform.
  • New data points show that on average, WordPress installations have 12 plugins, and the report provides a list of the most popular plugins within our set of compromised sites.
  • New data points were introduced showing what percentage of infected websites were blacklisted. Only 18% were blacklisted, and Google made up 52% of that grouping (or 10% of the total infected sites).
  • Analyzing the malware families showed that SEO spam continues to be on the rise, increasing to 38% this quarter (a 6% increase) and backdoors rose to 71% of compromised sites.

View-Download-HackedTrend-Report

The report is available both on our site and in PDF format.

I’m especially proud of our ability to continue to share this type of information and hope you find it insightful. We will continue to expand on the data we collect and report on, but as usual, if you have recommendations let us know.

165
SHARES
FacebookTwitterSubscribe

Categories: Drupal Security, Joomla Security, Magento Security, Security Education, Website Security, WordPress SecurityTags: Hacked Websites, Industry Reports

About Daniel Cid

Daniel B. Cid is Founder of Sucuri and the VP of Engineering for the GoDaddy Security Products group. He is also the founder of OSSEC and CleanBrowsing. You can find more about Daniel on his site dcid.me or on Twitter: @danielcid

Reader Interactions

Comments

  1. Michael Starks

    September 21, 2016

    Have you seen any database or memory-only payloads, such that no local files are modified?

    • Daniel Cid

      September 21, 2016

      Yes, a few. One example here where the backdoor was hidden in the database:

      http://labs.sucuri.net/?note=2016-09-13

      There were a few cases where it modified the database only, without touching any files, but I don’t think we ever wrote about them.

      thanks,

  2. Torben B. Sørensen

    September 26, 2016

    When I add all the percentages in the CMS Analysis for Q1 and Q2 respectively, I get 105% (for Q1 as well as Q2). How come?

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

WordPress Security Course

Magento Webinar

Joomla Security Guide

Magento Security Guide

WordPress Security Guide

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2022 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.