hacked website trend report q1/2016
TRANSCRIPT
![Page 1: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/1.jpg)
![Page 2: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/2.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
WELCOME!
![Page 3: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/3.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
DANIEL CID | TONY PEREZ
@danielcid | @perezbox
![Page 4: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/4.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
#AskSucuri
Hacked Website Trend Report
Q1 / 2016 Review
![Page 5: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/5.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
GETTING STARTED
• https://sucuri.net/website-security/website-hacked-report
• We will go through the important things we think you should
• Hopefully you read it already.
• Be ready for Homework
![Page 6: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/6.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
• Incident response (website cleanups) is a big part of what we do here at Sucuri.
• We do thousands of cleanups every month, across all major platforms: WordPress, Drupal,
Joomla, Magento, vBulletin, ModX, PHPBB, etc, etc.
• This report is based on data out of compromised sites. Sites that were hacked and somehow
the administrator found our company to do the incident response. It will not match the overall
market share of CMS's, will match, and that's very important, the market shared across
websites that did get hacked.
• And before I start, we need to give credit where credit is due. This data came out of the work
done by our Remediation team, that works 24x7, every single day of the year, cleaning up
sites, looking at malware and getting them clean.
Analysis Background
![Page 7: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/7.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
![Page 8: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/8.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Report Review
![Page 9: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/9.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Infected Website Platform Distribution
![Page 10: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/10.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Platform Market Share (Source BuiltWith)
![Page 11: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/11.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
• The core of the most popular CMSs (WordPRess, Joomla, Drupal, etc) are very secure.Incident
response (website cleanups) is a big part of what we do here at Sucuri.
• The developers behind these platforms are very responsive and care a lot about security.
• What is going on? The real problem happens at an upper level:
• Website deployments
• Website management
• Website extensions
• Website hardening
CMS Security or Insecurity
![Page 12: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/12.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
5 Minute Install
![Page 13: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/13.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
% of Out of Date Platforms at Infection
![Page 14: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/14.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Outdated CMS - The root cause
Yet, Outdated CMSs are not the problem. They are the consequence.
The real problem is lack of Website Management
•Outdated CMSs are the results of bad
website management
•Outdated CMSs are the results of lack of
asset management
•Outdated CMSs are the results of lack of monitoring
•Outdated CMSs are the results of lack of a security process
for the web properties
![Page 15: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/15.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Top 3 Out of Date WordPress Plugins
![Page 16: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/16.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Fixing the Website Management Problem
Security Website Management -> We have a problem and easy
ways to fix it
1.Create an asset list with all your sites.
2.List all necessary plugins / modules for each
3.List who has access to each
4.Remove everything else. No test accounts, no test plugins
and specially no test sites in production.
5.Upgrade all sites and plugins.
6.Repeat every month (Patch Tuesday for your sites)
![Page 17: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/17.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Malware Family Distribution
![Page 18: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/18.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Spam SEO
![Page 19: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/19.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Defacements
![Page 20: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/20.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Malware Trends
![Page 21: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/21.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Adding Security
1.Website Management
1.Asset List
2.Monthly updates
2.Website Secure Deployment
1.Identify possible risks and solutions
2.Website hardening
3.Website Monitoring
https://sucuri.net/website-security/website-hacked-report
![Page 22: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/22.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Thinking Website Security How to improve your website security posture
![Page 23: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/23.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Security is not a static state, it’s a continuous process.
![Page 24: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/24.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Environment
Local Machine Local Network User
Attack Surface
![Page 25: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/25.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Application Server Infrastructure Environment
Security Chain
![Page 26: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/26.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
![Page 27: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/27.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Technology will never replace your responsibility
as a website owner.
![Page 28: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/28.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
![Page 29: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/29.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri
Security is not a Do It Yourself (DIY) project.
![Page 30: Hacked Website Trend Report Q1/2016](https://reader031.vdocuments.us/reader031/viewer/2022030304/58773cf81a28ab342e8b5d85/html5/thumbnails/30.jpg)
Hacked Website Trend Report – Q1/2016 WEBINAR
@danielcid | @perezbox #AskSucuri
WEBINAR
@danielcid | @perezbox #AskSucuri