Scary Data – Trends in Malware, Phishing, Site Cleaning and Bad Networks
At Wordfence we have great visibility into the size and scale of the threat facing the WordPress community. Our software protects well over a million sites worldwide. This week we thought it would be interesting to provide you with a broader perspective, analyzing some of the information that Google has made available in the Safe Browsing section of their Transparency Report. As we dug into the data we found a number of insights that we think you will benefit from.
Almost Half a Million Malware Sites
The number of Malware sites continues to grow, hitting a new peak of 489,801 in October of 2015. That is up over 160% from the same time the previous year. As we have discussed before, a website that is infected with malware can install malicious software on your computer if you visit it. Attackers use the software to steal sensitive information from you such as credit card information and social security numbers.
As an internet user, the growth in malware sites means that the odds of you accidentally visiting one and becoming infected continue to increase. Google and the other search engines do a decent job of flagging them, but they can’t catch all of them in time to provide complete protection.
As a website owner, it means that attackers are having more success than ever compromising websites. It goes without saying that we think you should take website security seriously.
150% Growth in Phishing Sites in 7 Months
According to Google there are now 293,747 phishing sites on the internet, up from 113,132 in July of last year. This represents growth of over 150% in a mere seven months. A phishing site attempts to trick you into thinking it is legitimate, like your online bank or an online retailer. They then lure you into providing login credentials or other sensitive information. In the Introduction to WordPress Security article in our Learning Center we talk about how attackers are even using phishing tactics to steal WordPress credentials.
This is a significant trend, representing a threat that you should now be much more wary of.
It’s taking webmasters up to 90 days to respond
Google measures how long it takes for webmasters to take action after they have received notice that their site has been compromised. Over the last year, the fastest average webmaster response time reported was 61 days, and for much of the year it was 90 or worse.
We found this statistic to be absolutely shocking. As we have gotten to know our customers better and better, it has become very clear that their websites matter. In fact, in our recent WordPress Security Survey, 66% of respondents said that a compromised site could affect their income. Based on this, our theory is that the slow response time is not generally driven by apathy, but by a long lag time between infection and discovery. If you aren’t already proactively monitoring your site for compromise we strongly recommend that you spend some time reading our Learning Center article on how to detect a hacked website.
Which neighborhoods to avoid on the internet
Google provides very interesting data about the rate of infection for different Autonomous Systems on the internet. An Autonomous System is a network level designation that represents a pool of IP addresses that are under the control of one or more networks on behalf of a single entity. You can think of it roughly as the group of IP addresses that have been assigned to an ISP. The data is very interesting, and aligns with what we learned in the analysis of brute force attacks we did a few weeks ago.
The thing that jumps out the most to us is the incredibly high penetration of infection on some Autonomous Systems. With infection rates as high 49%, there are areas of the internet that we would strongly encourage you to avoid. If you want to check out what Autonomous System your IP address belongs to, simply enter it into this handy tool. The good news is that the large majority of Autonomous Systems have infection rates of 1% or lower. We hope that Google’s reporting will serve as a call to action for the networks with the biggest problems.
The other thing that jumps out is that this is clearly a global problem. As you page through the list, there are numerous countries spanning the globe represented. This problem is impacting all of us.
On the other side of the coin, we see a similar situation with Attack Sites. While there is a little more concentration in countries like the United States and China, you would still need to circle the globe to visit all of the biggest offenders.
Rising to the Challenge
The team at Wordfence has been hard at work on this problem for years now, and we are really proud of the product we have created and how it has been received by the WordPress community. As evidenced by the insights above, and numerous others from our other blog posts, the scale and complexity of the threat facing website owners continues to grow dramatically. That is why we have continued to invest in our team and our product. We have very exciting news to share with you in April about how we will be making the best security solution for WordPress significantly better. Stay tuned for a big announcement, we can’t wait to share it with you.