We are excited to announce that SiteLock INFINITY has been nominated for the prestigious Cybersecurity Excellence Award. However, we need your vote to win! Continue reading to find out how and why you should vote.
Tag: Malware removal (Page 1 of 3)
Retail therapy is the act of shopping with the primary purpose to improve the buyer’s mood. This form of “therapy” is practiced among many consumers, with more than half of Americans admitting to making a purchase as a way to lift their spirits. As therapeutic as shopping can be, it also raises fear among many consumers – especially around the holiday season. With websites, including eCommerce sites, experiencing 22 attacks per day on average, shoppers have good reason to be concerned.
In honor of National Cybersecurity Awareness Month (NCSAM), SiteLock has published new website security data to help raise awareness about the need for increased website protection and cybersecurity.
Over 760,000 websites are breached each year. However, only 6 percent of website owners use proactive website monitoring for suspicious activity, while 84 percent don’t find out about website attacks until after they’ve been compromised.
Searching for content within a database can be a little trickier than searching files, but the options are pretty similar. Following up on last week’s blog titled, “How to Look for Malware in your Website Files” we talk about how to look for malware in databases and what types of things you should be looking for.
It can come as quite a surprise when a site owner is notified that their site has been compromised with malware. After the shock wears off, and the immediate impact understood, it’s important to take stock of what has actually happened behind the scenes and then clean it up. The best advice anyone can give you is to make frequent, downloaded backups of your site in the event something happens to the live version so that the clean backup can replace the live, hacked version.
But what if there is no clean, viable backup available? In a world where websites have hundreds, if not thousands of files, how can any one person go about cleaning out an infection in just a small number of those files? In this two part series, we’ll talk about how to look for malware in both files and databases and give a couple examples of what to be on the lookout for.
When you think of websites being infected with malware, what types of sites come to mind? Pharmaceutical sites, porn sites or sites that bombard you with pop-up ads? While these sites could very well be malicious, you’re actually more likely to run into malware while visiting one of your typical, everyday e-commerce or news sites. Today, 75 percent of legitimate websites are at risk of malware. Malware, also known as malicious software, is designed to harm a website and its visitors.
You know that awkward moment when you’re screen sharing with your boss and a Viagra ad appears on your screen? It’s difficult to rebound from an embarrassing moment like that, even when you did nothing to prompt it. These “pharma” hacks happen all the time, and it is just one example of what can happen when a site falls victim to cyberattacks. Luckily, the team at SiteLock is here to help you avoid these rather uncomfortable situations.
SiteLock offers comprehensive, cloud-based website security solutions to businesses of all sizes. We protect websites from a multitude of attacks and threats, pharma hacks being just one example. Check out our video to learn more about who we are, what we do and how some of our products work.
At SiteLock we clean over 50,000 malware infected websites each month. We find thousands of security flaws daily and protect our customers from sophisticated attacks. Regardless of the issue, we would not be able to secure all 50,000 sites without the help of our amazing Support Team.
Website malware removal is probably not at the top of your daily “to do” list, and yet it’s something that no business can ignore, even for a day. And new tactics by ransomware authors might just push that task right to the top of your list.
Ransomware is one of the most dangerous types of malware to emerge in recent years. It works by encrypting all the files it finds on infected computers and then demanding a ransom be paid for this files. That ransom can be as high as $10,000 but even paying it might not result in a good outcome. If you’re a business owner, the impact on your business could catastrophic and chances are you’ll never see those files again.
Whether it’s malware prevention, detection, or removal, the sneaky critters are now getting so clever the challenge of dealing with them just seems to get harder. And sometimes people just get in the way.
A couple of months back, a fellow security hack told me the story of a simple but effective way hackers had found to break into a business simply by exploiting the curiosity of a CEO.
They started by visiting a trade show and picking up a handful of promotional USB drives that had the target company’s logo printed on it. After loading the drive with malware, they paid a visit to the company’s parking lot, identified the parking spot of the CEO, and then very surreptitiously dropped the infected USB drive on the ground next to the driver’s door.
Naturally the CEO eventually picked up the drive, probably assuming that he or a careless employee had dropped it. As soon as the CEO got back to the office, he plugged the USB into his computer to see what was on it and which employee should be chastised for their carelessness. Instead, he, the CEO, had just bypassed the company’s entire investment in security and introduced some very advanced malware directly into his own computer.
There have been many variations of this story, and in this case the hackers were allegedly the NSA. Whether it’s true or not, it supports something we all know about security. If a hack makes sense, it’s already happening. And tricking an unsuspecting employee into picking up and checking out a stray USB drive is about as easy a hack as they come.
Little wonder then that the USB drive may be one of the next big attack vectors facing big business. And a recently exposed series of hacks against USB drives should have all businesses worried about the risks.
In July of this year, a pair of researchers demonstrated at the Black Hat security conference in Las Vegas how it was possible to hide malware inside a USB drive that could infect a computer without being detected, and the malware itself couldn’t be detected on the USB drive either. Even erasing all of the contents of the drive wouldn’t remove the malware. No wonder that they simply called it BadUSB.
The researchers agreed not to publish details of the hack for fear of fueling widespread hacks based on the discovery. But just last week, a couple of fellow researchers decided that in the interest of security openness and knowledge sharing, they would indeed release the code to the world.
As the original researchers pointed out, if malware detection is almost impossible with the exploit, you’re limited to very few defenses against this attack. And they all come down to user behavior and choices, something we know represents the biggest security challenge in every organization.
As a defense, your organization could impose a rule that employees should never insert a USB drive into a computer they don’t own or don’t have complete control over. Something that’s almost impossible to police. Or you could create another rule that employees should never insert into any computer a USB drive they don’t own or have no control over.
In an interview with Wired, one of the researchers pointed out another obvious challenge “You have to consider a USB infected and throw it away as soon as it touches a non-trusted computer. And that’s incompatible with how we use USB devices right now.”
That would make it almost impossible for employees to use or share USB drives, never mind the enormous challenge of constantly having to remind employees of the new rules. Employees will break the rules, or they’ll just forget about them, and so they’ll be rendered useless.
I don’t think it’s the end of the USB drive as we know it, just an end to the way we so casually use it. A USB should be treated as though it may have come into contact with a potentially infectious disease, handled with great care, and shared only in the most sanitary of conditions.
What maybe the biggest lesson is that no matter how much we need and trust security technologies to protect us, the behavior and choices of people are what really make the difference.