According to the security expert Daniel Cid from Sucuri, at least 15,769 WordPress websites have been compromised this year.
Sucuri has published a report, titled Hacked Website Report for 2016/Q2, related compromised websites on the web.
The researchers focused their research on out-of-date software found on compromised websites discovering that WordPress installations were out-of-date 55% of the time while Joomla! (86%), Drupal (84%), and Magento (96%).
The vast majority of the website (roughly 75 percent) were backdoored by crooks that used them to deliver malware, target visitors, control botnets, and run further attacks.
Google has already blacklisted 52 per cent of the total compromised sites analyzed by the Sucuri, but 48 percent went undetected demonstrating that the backdoors used by crooks are hard to detect.
The experts added that Norton Safeweb was able to detect only 38 percent of compromised websites, while McAfee SiteAdvisor detected 11 percent of them.
“Per our data, 18% of the infected websites we analyzed were blacklisted, which means that 82% of the infected websites we worked on were not flagged. The most prominent blacklist was Google Safe Browsing with 52% of blacklisted sites. Here is a more complete distribution of the blacklist APIs we monitored:” reported the Sucuri report.
Sucuri also highlighted that most websites were hacked due to vulnerable or poorly configured extensions.
Below key findings of the Sucuri Report:
Some quick takeaways that you might find interesting:
(Security Affairs – Compromised Websites, CMS)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.