Modern malicious software — or malware for short — has reached unprecedented levels of sophistication, and as the attack landscape continues to evolve, new threats will undoubtedly emerge. Malware affecting websites poses a special danger to businesses. Even some of the world’s largest corporations have fallen victim to attacks.
Malware attacks not only cost companies money and customers, but also damage their reputations in the long term. While major companies sometimes spend millions to recover, the consequences for small businesses can be even more damaging because they lack the time, technical expertise, and resources to bounce back from an attack. The good news is that you can protect yourself from malicious attacks, and it’s not too difficult to do so. The first step is understanding what you’re up against.
In this article, we’ll explore the different types of malware and the symptoms of each that threaten today’s web users. Our goal is to provide small business owners with an understanding of cybersecurity fundamentals and to equip you with heightened confidence (and caution) in an increasingly chaotic online environment.
5 Different Types of Malware
Malware is a term used to reference any self-propagating program designed to damage a computer or website. These programs can take on a wide variety of forms, but for the purpose of this article, we’ll focus on five of the most common types of website malware:
1. Defacements
This type of attack is relatively common (in the second quarter of 2018 alone, defacements made up 14 percent of all malware attacks) and very easy to spot. In a defacement attack, cybercriminals replace your site’s content, like your homepage, with their own images. You can think of defacement like graffiti for your website. The replacement content may be humorous, shocking, or ideological in nature. If visitors land on your site and see it’s been defaced, they may lose trust and leave. Revenue could be temporarily slowed or halted.
2. Backdoors
Backdoors are hidden code inserted in your site or files that give cybercriminals remote access to your site as they please. If left undetected, this type of access can last for long periods of time. When a backdoor attack is initiated, it means that hackers previously gained entry to your site and can repeatedly re-infect it. These attacks are becoming harder to detect. If you notice new webpages or files on your site, defacements or disappearing content, or exceptionally high bandwidth reporting from your host, a backdoor attack may be the cause.
3. Redirects
Malicious redirects are common on the internet and behave as their name suggests. When you type in the URL for a legitimate website but are taken to a different site, you’ve experienced a redirect. These types of malware attacks are easy to identify but can significantly decrease your web traffic if they’re not dealt with quickly.
4. SEO Spam
SEO refers to search engine optimization — or any technique that improves a website’s ranking in search results. These include the placement of relevant keywords throughout your web copy and the acquisition of backlinks from other authoritative websites to yours. If you notice strange links or suspicious comments appearing on your site, SEO spam may be to blame. This code dumps hundreds of thousands of files filled with malicious backlinks and irrelevant keywords onto infected pages, which can lead to a rapid, significant loss in traffic.
5. Malvertising
Sometimes, legitimate advertisements are injected with malicious code and are served across a legitimate ad network. This is an example of malvertising, which can spread as soon as a user clicks on an ad, executing an unwanted download. Though this type of malware can be difficult to spot, infected ads often contain errors or promote suspect products that don’t match up with your search history. That’s probably why it has grown in popularity over the past several years. In fact, according to research by GeoEdge, malvertising drained $1 billion from the online advertising ecosystem in 2018, and 2019 totals are expected to be 20-30 percent higher.
So How Do I Protect My Website From Malware?
In 2019, it’s no longer a matter of if you’ll be attacked but when you’ll be attacked. The longer a cyberattack goes undetected, the more expensive it will be for your company. A joint study by IBM Security and Ponemon Institute found that when companies are able to contain a data breach in 30 days or less, they save $1 million more than companies that leave breaches undisturbed for a month or more. A malware scanner that looks for and removes malware on a daily basis will prevent costs from ballooning.
A web application firewall — or WAF — should also be in place to prevent malicious bots, which are commonly used by cybercriminals to detect vulnerable sites, from entering your website to spread malware. Moreover, be sure to keep website plugins updated to their latest versions and remove plugins that you no longer use to avoid vulnerabilities. If you’re using an open-source content management system such as WordPress, take advantage of an automatic patching system to avoid vulnerabilities and malware infections by ensuring updates are installed in a timely manner.
Finally, follow some basic cybersecurity best practices. For instance, maintain strong, unique passwords, and use a CAPTCHA — a small test that distinguishes humans from robots — to protect login forms and other forms on your website.
Get familiar with the file structure of your website and review it periodically to make sure everything is in order, and always back up your files so you can restore them in the event of a breach. However, a backup is only effective if it’s a clean backup of your website — a malware-infected backup will be ineffective.
Malware is an unfortunate reality of the digital world — and businesses must take precautions to protect themselves from the different types of malware. The first step to prevention is education, so ensure you understand what you’re up against so you can protect yourself from the threats of today and tomorrow.