Dear friends, 2020 is already in the past. And despite all the troubles of that year, the web-attackers continued to work. Each day. They hack sites using vulnerabilities, placed backdoors there. And that makes your site shows illegitimate ads or redirect visitors to malicious resources, and much more.
So here is the list of top-5 common threats Virusdie BASE team faced with in 2020.
This backdoor was the most common. The code is specially obfuscated by attackers so that an ordinary user doesn’t understand the essence of the code.
Inserting PHP code: using the include and require functions, files containing the main malicious code are included. In this case, the path to the file is presented in a poorly readable form, because some of the characters are represented in hexadecimal system.
An old, but not forgotten by attackers web-shell – MisterSpy. It is a multifunctional tool that allows an attacker to comfortably manage files on a victim’s website.
In conclusion, we note that the majority of malicious files are uploaded by attackers to the site via vulnerable components. Therefore we recommend to promptly update the CMS and its extensions, it reduces the probability of site infection. And that is cool, that Virusdie informs you automatically about weakspots as well, cos there is a vulnerability patch manager under the hood – not only website antivirus 🙂
This rating prepared by Daria Golikova, a head of Virusdie.BASE.
Join our private Facebook group to get help from other security experts, and share your own web security experiences and expertise. Group members receive exclusive news and offers. They can also communicate directly with the Virusdie team. Join us on Facebook.