Sectigo’s Research: Websites Attacked 172 Times a Day

Cyberattacks on websites occur 172 times every day, or eight times per minute. Non-Content Management System (CMS) sites are 39 times more susceptible than WordPress sites, according to new research conducted by Sectigo – a global provider of digital certificates and automated Certificate Lifecycle Management (CLM). Cyberattacks of all types – notably automated ones – are on the rise for SMBs, mostly due to an increase in bot traffic.

Small and medium-sized businesses (SMBs) are grappling with bot traffic that now accounted for 5.5 times more than human traffic in 2021, compared to 2020 – 2,306 weekly average bot visits per site. Furthermore, the volume of human visitors reduced, indicating that criminal actors are scaling their attacks and targeting unsuspecting SMB website owners with bots.

Photo Jason Soroko, CTO of PKI at Sectigo
“Malicious bots can programmatically visit websites and identify vulnerabilities in code to execute their attacks, such as stealing data or inserting malware,” said Jason Soroko, CTO of PKI at Sectigo.

“While there are legitimate reasons for bots to visit a website like search engine crawlers and copyright scans, bots are also used for a variety of nefarious purposes. Malicious bots can programmatically visit websites and identify vulnerabilities in code to execute their attacks, such as stealing data or inserting malware,” said Jason Soroko, Chief Technology Officer (CTO) of PKI at Sectigo. “The public Internet is a very dangerous place and is increasingly getting worse. Don’t commit the fallacy of the underdog – SMB websites have enormous value to bad actors because they have customer data and can be used for phishing attacks. It’s not just about fraud, either. If websites handle payments, they’re obvious targets, too. The content management system platforms SMBs rely on may not protect against these threats. In fact, they are inherently difficult to secure.”

“SiteLock’s new data underscores the importance of having a comprehensive website security solution in place to protect against these threats and establish digital trust in an increasingly digital world,” added Mr. Soroko. “Even well-resourced enterprises struggle with this. In 2022 and beyond, specialized security tools are a necessity, not a luxury.”

Website Security Protection & Monitoring

SiteLock, Sectigo’s website security protection and monitoring provider, conducted the study. The SiteLock Annual Website Security Report for 2022 examines the present state of website security and forecasts for 2021. SiteLock examined over 14 million websites to identify the most common cyber dangers that businesses face today. The threat environment continues to develop and adapt, with especially successful cyberthreats like Filehacker (35 percent of infected websites with malware containing Filehacker) and Backdoor assaults coming into focus (31 percent contained Backdoor). Additional findings of the study include:

  • Ninety-three percent of websites infected with malware were not blacklisted. That’s nine out of 10 websites missed by search engines
  • Plugins impact WordPress vulnerability. For every five plugins on a website, the risk of an attack is nearly double
  • There are currently an estimated 4.1 million websites infected with malware worldwide
  • Nearly half (48 percent) of SMB website owners believe they are too small to target, even though half of them have been breached

SiteLock is a set of cybersecurity tools meant to protect small businesses from a variety of threats. SMBs can stay ahead of these growing web dangers and protect bad actors from interrupting their online presence using SiteLock’s risk assessment tool, which evaluates more than 500 criteria to establish a website’s risk level.

Sectigo will present the findings of this research at CloudFest 2022, which takes place this week in Europa-Park, Germany. CloudFest, which runs from March 22 to 24, is currently one of the industry’s largest conferences for cloud, hosting, and Internet Service Providers (ISPs). It addresses the most pressing issues in website security. Sectigo is a Diamond Plus Partner for CloudFest. Founded in 2008, Sectigo protects more than 16 million organizations worldwide.