Google recently noted that it has seen a 32% rise in hacked websites.
According to a recent blog post from Google, the number of hacked websites rose by 32 per cent in 2016 when compared to the previous year. The organization stated, “We do not expect this trend to slow down. As hackers get more aggressive, and more sites become outdated, hackers will continue to capitalize by infecting more sites.”
Webmasters – website developers and administrators – not registered with Search Console stand to lose out on being notified of hacks, claims Google. About 61 per cent of webmasters don’t know they are infected because they are not registered, while, on the other hand, 84 per cent with a reconsideration request for site review, are able to clean up their sites.
In the post, Google outlines some of the common hacks affecting websites today, such as Gibberish hacking and the Japanese Keyword hack. Citing the “a chain is only as strong as its weakest link” adage, Google stated that prevention is the key in keeping these types of hacks at bay.
In a separate post, Google outlined the following 6 ways websites get hacked by spammers:
Whether attackers are using guessing techniques to obtain passwords, or simply trying out common variations, compromised account credentials are a serious issue. It’s key to create a strong password and not use the same password across multiple web properties. Additional tools like two-factor authentication (2FA) is an essential security tool, if the option is available.
Missing Security Updates
Old software that hasn’t been updated is, more often than not, missing an essential patch to account for serious vulnerabilities. Ensure software updates for your web server, CMS and plugins are automated to prevent risk of human error. Insecure themes, plugins and other essential software become a welcome invitation to hackers.
This is about exploiting human nature to sidestep a refined security infrastructure. Hackers trick users into providing confidential information such as passwords or a social security number. A common form of social engineering is phishing. A hacker will send an email pretending to be a legitimate organization and request confidential information. For help on spotting a phishing email, we created a list of 6 tips for Identifying a Spoofing Email.
Security Policy Holes
Having bad security policies such as allowing end users to create weak passwords, giving admin access too freely and not enabling HTTPS on your site gives easy access for hackers to compromise your site. Google recommends testing access controls and user privileges, encryption, regularly monitoring for suspicious activity as well as ensuring your website is configured with high security controls by disabling unnecessary services.
When data is mishandled or improperly uploaded, it’s available as part of a leak. For instance, error handling and messaging in a web app can potentially leak configuration information in an unhandled error message. Using a method called “dorking”, malicious actors can exploit search engines to find this data. Make sure only trusted employees have access to the data they need and using URL removal tools to make sure sensitive URLs don’t display Google Search results, the post advises.